Skip to content
Browse files

Dla GG_SSL_REQUIRED sprawdzamy certyfikat serwera z certyfikatami zai…

…nstalowanymi w systemie (Radhesh Krishnan K., Bartosz Brachaczek)
  • Loading branch information...
1 parent d1d68c4 commit 035e3cf6227995bdbe95f663a938a3838131e022 wojtekka committed Jun 12, 2013
Showing with 20 additions and 0 deletions.
  1. +20 −0 src/events.c
View
20 src/events.c
@@ -293,6 +293,7 @@ static int gg_session_init_ssl(struct gg_session *gs)
}
SSL_CTX_set_verify(gs->ssl_ctx, SSL_VERIFY_NONE, NULL);
+ SSL_CTX_set_default_verify_paths(gs->ssl_ctx);
}
if (gs->ssl != NULL)
@@ -1150,14 +1151,33 @@ static gg_action_t gg_handle_tls_negotiation(struct gg_session *sess, struct gg_
if (peer == NULL) {
gg_debug_session(sess, GG_DEBUG_MISC, "// WARNING! unable to get peer certificate!\n");
+
+ if (sess->ssl_flag == GG_SSL_REQUIRED) {
+ e->event.failure = GG_FAILURE_TLS;
+ return GG_ACTION_FAIL;
+ }
} else {
char buf[256];
+ long res;
X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof(buf));
gg_debug_session(sess, GG_DEBUG_MISC, "// cert subject: %s\n", buf);
X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof(buf));
gg_debug_session(sess, GG_DEBUG_MISC, "// cert issuer: %s\n", buf);
+
+ res = SSL_get_verify_result(GG_SESSION_OPENSSL(sess));
+
+ if (res != X509_V_OK) {
+ gg_debug_session(sess, GG_DEBUG_MISC, "//   WARNING! unable to verify peer certificate! res=%ld\n", res);
+
+ if (sess->ssl_flag == GG_SSL_REQUIRED) {
+ e->event.failure = GG_FAILURE_TLS;
+ return GG_ACTION_FAIL;
+ }
+ } else {
+ gg_debug_session(sess, GG_DEBUG_MISC, "// verified peer certificate\n");
+ }
}
sess->state = next_state;

0 comments on commit 035e3cf

Please sign in to comment.
Something went wrong with that request. Please try again.