diff options
author | mrcsys | 2006-04-13 20:00:32 +0000 |
---|---|---|
committer | mrcsys | 2006-04-13 20:00:32 +0000 |
commit | 404c9eac88a1c493e92a9020ae6add6610417875 (patch) | |
tree | 76321738384ee44218eb4d3c6d5da6a7aebb5423 /nanohttp | |
parent | 16354540e65f6cd891974e6f57a5d2454f4bec1c (diff) | |
download | csoap-404c9eac88a1c493e92a9020ae6add6610417875.tar.gz csoap-404c9eac88a1c493e92a9020ae6add6610417875.tar.bz2 |
SSL code updated to aways have a user verify function.
added set_user_verify so that you can implement your own
Diffstat (limited to 'nanohttp')
-rw-r--r-- | nanohttp/nanohttp-ssl.c | 20 | ||||
-rw-r--r-- | nanohttp/nanohttp-ssl.h | 5 |
2 files changed, 13 insertions, 12 deletions
diff --git a/nanohttp/nanohttp-ssl.c b/nanohttp/nanohttp-ssl.c index 877bedc..9c6f19b 100644 --- a/nanohttp/nanohttp-ssl.c +++ b/nanohttp/nanohttp-ssl.c @@ -1,5 +1,5 @@ /****************************************************************** -* $Id: nanohttp-ssl.c,v 1.21 2006/03/27 12:53:19 m0gg Exp $ +* $Id: nanohttp-ssl.c,v 1.22 2006/04/13 20:00:32 mrcsys Exp $ * * CSOAP Project: A http client/server library in C * Copyright (C) 2001-2005 Rochester Institute of Technology @@ -84,6 +84,8 @@ static SSL_CTX *context = NULL; static int enabled = 0; +int (*user_verify) (X509 * cert) = simple_user_verify; + static void _hssl_superseed (void) { @@ -167,10 +169,13 @@ verify_sn (X509 * cert, int who, int nid, char *str) return strstr(name, buf) ? 1 : 0; } +void +set_user_verify( int func(X509 * cert) ){ + user_verify = func; +} -#ifdef NOUSER_VERIFY static int -user_verify (X509 * cert) +simple_user_verify (X509 * cert) { /* TODO: Make sure that the client is providing a client cert, or that the Module is providing the Module cert */ @@ -180,7 +185,6 @@ user_verify (X509 * cert) log_verbose1 ("Validating certificate."); return 1; } -#endif static int _hssl_cert_verify_callback(int prev_ok, X509_STORE_CTX * ctx) @@ -192,20 +196,16 @@ _hssl_cert_verify_callback(int prev_ok, X509_STORE_CTX * ctx) return 1; } */ -#ifdef NOUSER_VERIFY /* ifdef's added by Ferhat. because of - unresolved reference while compiling */ + log_verbose2 ("Cert dept = %d", X509_STORE_CTX_get_error_depth(ctx) ); if (X509_STORE_CTX_get_error_depth(ctx) == 0) { - return user_verify (X509_STORE_CTX_get_current_cert(ctx)); + return user_verify(X509_STORE_CTX_get_current_cert(ctx)); } else { -#endif log_verbose1 ("Cert ok (prev)"); return prev_ok; -#ifdef NOUSER_VERIFY } -#endif } diff --git a/nanohttp/nanohttp-ssl.h b/nanohttp/nanohttp-ssl.h index 5e732c2..82758d0 100644 --- a/nanohttp/nanohttp-ssl.h +++ b/nanohttp/nanohttp-ssl.h @@ -1,5 +1,5 @@ /****************************************************************** -* $Id: nanohttp-ssl.h,v 1.13 2006/03/27 12:53:19 m0gg Exp $ +* $Id: nanohttp-ssl.h,v 1.14 2006/04/13 20:00:32 mrcsys Exp $ * * CSOAP Project: A http client/server library in C * Copyright (C) 2001-2005 Rochester Institute of Technology @@ -81,8 +81,9 @@ int verify_sn(X509 * cert, int who, int nid, char *str); /* * This function MUST be implemented by user client/server code somewhere */ +void set_user_verify( int func(X509 * cert) ); -int user_verify(X509 * cert); +static int simple_user_verify(X509 * cert); #ifdef __cplusplus } |