Skip to content
Normal view Permalink
ssluse.c 28.9 KiB
Newer Older
Daniel Stenberg's avatar
Patrick Bihan-Faou introduced CURLOPT_SSL_VERIFYHOST and code to deal with  
Daniel Stenberg committed
1001 1002 
  }
Daniel Stenberg's avatar
multiple connection support initial commit  
Daniel Stenberg committed
1003 1004 1005 1006 
  str = X509_NAME_oneline (X509_get_issuer_name  (conn->ssl.server_cert),
                           NULL, 0);
  if(!str) {
    failf(data, "SSL: couldn't get X509-issuer name!");
Daniel Stenberg's avatar
Patrick Bihan-Faou introduced CURLOPT_SSL_VERIFYHOST and code to deal with  
Daniel Stenberg committed
1007 
    X509_free(conn->ssl.server_cert);
Daniel Stenberg's avatar
fixed Curl_SSLConnect() to return CURLcode errors, including the new error  
Daniel Stenberg committed
1008 
    return CURLE_SSL_CONNECT_ERROR;
Daniel Stenberg's avatar
multiple connection support initial commit  
Daniel Stenberg committed
1009 1010 1011 
  }
  infof(data, "\t issuer: %s\n", str);
  CRYPTO_free(str);
Daniel Stenberg's avatar
Initial revision
Daniel Stenberg committed
1012
Daniel Stenberg's avatar
multiple connection support initial commit  
Daniel Stenberg committed
1013 1014 
  /* We could do all sorts of certificate verification stuff here before
     deallocating the certificate. */
Daniel Stenberg's avatar
Initial revision
Daniel Stenberg committed
1015
Daniel Stenberg's avatar
Major rename and redesign of the internal "backbone" structs. Details will  
Daniel Stenberg committed
1016 1017 1018 
  if(data->set.ssl.verifypeer) {
    data->set.ssl.certverifyresult=SSL_get_verify_result(conn->ssl.handle);
    if (data->set.ssl.certverifyresult != X509_V_OK) {
Daniel Stenberg's avatar
failf() calls should not have newlines in the message string!  
Daniel Stenberg committed
1019 
      failf(data, "SSL certificate verify result: %d",
Daniel Stenberg's avatar
Major rename and redesign of the internal "backbone" structs. Details will  
Daniel Stenberg committed
1020 
            data->set.ssl.certverifyresult);
Daniel Stenberg's avatar
Patrick Bihan-Faou introduced CURLOPT_SSL_VERIFYHOST and code to deal with  
Daniel Stenberg committed
1021 1022 
      retcode = CURLE_SSL_PEER_CERTIFICATE;
    }
Daniel Stenberg's avatar
multiple connection support initial commit  
Daniel Stenberg committed
1023 1024 
  }
  else
Daniel Stenberg's avatar
Major rename and redesign of the internal "backbone" structs. Details will  
Daniel Stenberg committed
1025 
    data->set.ssl.certverifyresult=0;
Daniel Stenberg's avatar
Initial revision
Daniel Stenberg committed
1026
Daniel Stenberg's avatar
multiple connection support initial commit  
Daniel Stenberg committed
1027 
  X509_free(conn->ssl.server_cert);
Daniel Stenberg's avatar
Initial revision
Daniel Stenberg committed
1028 
#else /* USE_SSLEAY */
Daniel Stenberg's avatar
multiple connection support initial commit  
Daniel Stenberg committed
1029 
  /* this is for "-ansi -Wall -pedantic" to stop complaining!   (rabe) */
Daniel Stenberg's avatar
Bjrn Stenberg corrected the silly '(void)data' usage when SSL is not  
Daniel Stenberg committed
1030 
  (void) conn;
Daniel Stenberg's avatar
Initial revision
Daniel Stenberg committed
1031 
#endif
Daniel Stenberg's avatar
fixed Curl_SSLConnect() to return CURLcode errors, including the new error  
Daniel Stenberg committed
1032 
  return retcode;
Daniel Stenberg's avatar
Initial revision
Daniel Stenberg committed
1033 
}
Show full blame