summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar mrcsys2006-04-13 20:00:32 +0000
committerGravatar mrcsys2006-04-13 20:00:32 +0000
commit404c9eac88a1c493e92a9020ae6add6610417875 (patch)
tree76321738384ee44218eb4d3c6d5da6a7aebb5423
parent16354540e65f6cd891974e6f57a5d2454f4bec1c (diff)
downloadcsoap-404c9eac88a1c493e92a9020ae6add6610417875.tar.gz
csoap-404c9eac88a1c493e92a9020ae6add6610417875.tar.bz2
SSL code updated to aways have a user verify function.
added set_user_verify so that you can implement your own
-rw-r--r--nanohttp/nanohttp-ssl.c20
-rw-r--r--nanohttp/nanohttp-ssl.h5
2 files changed, 13 insertions, 12 deletions
diff --git a/nanohttp/nanohttp-ssl.c b/nanohttp/nanohttp-ssl.c
index 877bedc..9c6f19b 100644
--- a/nanohttp/nanohttp-ssl.c
+++ b/nanohttp/nanohttp-ssl.c
@@ -1,5 +1,5 @@
/******************************************************************
-* $Id: nanohttp-ssl.c,v 1.21 2006/03/27 12:53:19 m0gg Exp $
+* $Id: nanohttp-ssl.c,v 1.22 2006/04/13 20:00:32 mrcsys Exp $
*
* CSOAP Project: A http client/server library in C
* Copyright (C) 2001-2005 Rochester Institute of Technology
@@ -84,6 +84,8 @@ static SSL_CTX *context = NULL;
static int enabled = 0;
+int (*user_verify) (X509 * cert) = simple_user_verify;
+
static void
_hssl_superseed (void)
{
@@ -167,10 +169,13 @@ verify_sn (X509 * cert, int who, int nid, char *str)
return strstr(name, buf) ? 1 : 0;
}
+void
+set_user_verify( int func(X509 * cert) ){
+ user_verify = func;
+}
-#ifdef NOUSER_VERIFY
static int
-user_verify (X509 * cert)
+simple_user_verify (X509 * cert)
{
/* TODO: Make sure that the client is providing a client cert,
or that the Module is providing the Module cert */
@@ -180,7 +185,6 @@ user_verify (X509 * cert)
log_verbose1 ("Validating certificate.");
return 1;
}
-#endif
static int
_hssl_cert_verify_callback(int prev_ok, X509_STORE_CTX * ctx)
@@ -192,20 +196,16 @@ _hssl_cert_verify_callback(int prev_ok, X509_STORE_CTX * ctx)
return 1;
}
*/
-#ifdef NOUSER_VERIFY /* ifdef's added by Ferhat. because of
- unresolved reference while compiling */
+ log_verbose2 ("Cert dept = %d", X509_STORE_CTX_get_error_depth(ctx) );
if (X509_STORE_CTX_get_error_depth(ctx) == 0)
{
- return user_verify (X509_STORE_CTX_get_current_cert(ctx));
+ return user_verify(X509_STORE_CTX_get_current_cert(ctx));
}
else
{
-#endif
log_verbose1 ("Cert ok (prev)");
return prev_ok;
-#ifdef NOUSER_VERIFY
}
-#endif
}
diff --git a/nanohttp/nanohttp-ssl.h b/nanohttp/nanohttp-ssl.h
index 5e732c2..82758d0 100644
--- a/nanohttp/nanohttp-ssl.h
+++ b/nanohttp/nanohttp-ssl.h
@@ -1,5 +1,5 @@
/******************************************************************
-* $Id: nanohttp-ssl.h,v 1.13 2006/03/27 12:53:19 m0gg Exp $
+* $Id: nanohttp-ssl.h,v 1.14 2006/04/13 20:00:32 mrcsys Exp $
*
* CSOAP Project: A http client/server library in C
* Copyright (C) 2001-2005 Rochester Institute of Technology
@@ -81,8 +81,9 @@ int verify_sn(X509 * cert, int who, int nid, char *str);
/*
* This function MUST be implemented by user client/server code somewhere
*/
+void set_user_verify( int func(X509 * cert) );
-int user_verify(X509 * cert);
+static int simple_user_verify(X509 * cert);
#ifdef __cplusplus
}