46 gint error); |
46 gint error); |
47 |
47 |
48 static gboolean |
48 static gboolean |
49 ssl_verify_certificate (LmSSL *ssl, const gchar *server) |
49 ssl_verify_certificate (LmSSL *ssl, const gchar *server) |
50 { |
50 { |
51 LmSSLBase *base; |
51 LmSSLBase *base; |
|
52 int result; |
|
53 LmSSLStatus status; |
52 |
54 |
53 base = LM_SSL_BASE (ssl); |
55 base = LM_SSL_BASE (ssl); |
54 |
56 |
55 /* FIXME: Implement */ |
57 result = SSL_get_verify_result (ssl->session); |
|
58 |
|
59 /* Result values from 'man verify' */ |
|
60 switch (result) { |
|
61 case X509_V_OK: |
|
62 return TRUE; |
|
63 case X509_V_ERR_CERT_HAS_EXPIRED: |
|
64 status = LM_SSL_STATUS_CERT_EXPIRED; |
|
65 break; |
|
66 case X509_V_ERR_CERT_NOT_YET_VALID: |
|
67 status = LM_SSL_STATUS_CERT_NOT_ACTIVATED; |
|
68 break; |
|
69 case X509_V_ERR_CERT_UNTRUSTED: |
|
70 status = LM_SSL_STATUS_UNTRUSTED_CERT; |
|
71 break; |
|
72 case X509_V_ERR_CERT_REVOKED: |
|
73 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: |
|
74 case X509_V_ERR_UNABLE_TO_GET_CRL: |
|
75 case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: |
|
76 case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: |
|
77 case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: |
|
78 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: |
|
79 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: |
|
80 case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: |
|
81 case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: |
|
82 case X509_V_ERR_OUT_OF_MEM: |
|
83 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: |
|
84 case X509_V_ERR_APPLICATION_VERIFICATION: |
|
85 case X509_V_ERR_CERT_CHAIN_TOO_LONG: |
|
86 case X509_V_ERR_CERT_SIGNATURE_FAILURE: |
|
87 case X509_V_ERR_CRL_SIGNATURE_FAILURE: |
|
88 case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: |
|
89 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: |
|
90 case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: |
|
91 case X509_V_ERR_INVALID_CA: |
|
92 case X509_V_ERR_PATH_LENGTH_EXCEEDED: |
|
93 case X509_V_ERR_INVALID_PURPOSE: |
|
94 case X509_V_ERR_CERT_REJECTED: |
|
95 case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: |
|
96 case X509_V_ERR_AKID_SKID_MISMATCH: |
|
97 case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: |
|
98 case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: |
|
99 /* FIXME: These doesn't map very well to LmSSLStatus right |
|
100 * now. */ |
|
101 status = LM_SSL_STATUS_GENERIC_ERROR; |
|
102 break; |
|
103 default: |
|
104 status = LM_SSL_STATUS_GENERIC_ERROR; |
|
105 g_warning ("Unmatched error code '%d' from SSL_get_verify_result", result); |
|
106 break; |
|
107 }; |
|
108 |
|
109 if (base->func (ssl, status, base->func_data) != LM_SSL_RESPONSE_CONTINUE) { |
|
110 return FALSE; |
|
111 } |
56 |
112 |
57 return TRUE; |
113 return TRUE; |
58 } |
114 } |
59 |
115 |
60 static GIOStatus |
116 static GIOStatus |