add new error code CANL_ERR_invalidPurpose and its description; Revise some older...

diff --git a/emi.canl.canl-c/src/canl_err.c b/emi.canl.canl-c/src/canl_err.c
index e688528..aa4ad5a 100644 (file)
--- a/emi.canl.canl-c/src/canl_err.c
+++ b/emi.canl.canl-c/src/canl_err.c
@@ -108,7 +108,9 @@ update_error_msg(canl_ctx cc, const char *new_msg)
     char code_str[ERR_CODE_LEN];
     int code_len = 0;
     char *separ = ": ";
+    char *separ_2 = "; ";
     int separ_len = 0;
+    int separ_2_len = 0;
     int err_old_msg_len = 0;
     int err_new_msg_len = 0;
     glb_ctx *ctx = (glb_ctx*) cc;
@@ -131,6 +133,7 @@ update_error_msg(canl_ctx cc, const char *new_msg)
     code_len = strlen(code_str);
 
     separ_len = strlen(separ);
+    separ_2_len = strlen(separ_2);
     error_length = err_new_msg_len + err_old_msg_len + code_len + 
         (2*separ_len) + 1;
     new_error = (char *) malloc ((error_length) * sizeof (char));
@@ -144,7 +147,7 @@ update_error_msg(canl_ctx cc, const char *new_msg)
         strncat(new_error, separ, separ_len + 1);
     }
     strncat(new_error, code_str, code_len + 1);
-    strncat(new_error, separ, separ_len + 1);
+    strncat(new_error, separ_2, separ_2_len + 1);
     if (ctx->err_msg) {
         strncat(new_error, ctx->err_msg, err_old_msg_len + 1);
     }
@@ -282,10 +285,10 @@ static canl_err_code resolve_error_code(glb_ctx *cc, unsigned long err_code,
         case NETDB_ERROR:
             switch (cc->err_code) {
                 case HOST_NOT_FOUND:
-                    cc->err_code = CANL_ERR_HostNotFound;
+                    cc->err_code = CANL_ERR_hostNotFound;
                     break;
                 default:
-                    cc->err_code = CANL_ERR_ResolverError;
+                    cc->err_code = CANL_ERR_resolverError;
                     break;
             }
             break;

diff --git a/emi.canl.canl-c/src/canl_error_codes b/emi.canl.canl-c/src/canl_error_codes
index d94e03a..07970af 100644 (file)
--- a/emi.canl.canl-c/src/canl_error_codes
+++ b/emi.canl.canl-c/src/canl_error_codes
@@ -103,9 +103,10 @@ trustPubKeyError
 # 
 # Recently added error codes without appropriate desc.
 # 
-GeneralSSLError
-HostNotFound
-ResolverError
-NoPeerCertificate
-NoKeyFound
-NoCertFound
+generalSSLError
+hostNotFound
+resolverError
+noPeerCertificate
+noKeyFound
+noCertFound
+invalidPurpose

diff --git a/emi.canl.canl-c/src/canl_error_desc b/emi.canl.canl-c/src/canl_error_desc
index 3006473..da8f098 100644 (file)
--- a/emi.canl.canl-c/src/canl_error_desc
+++ b/emi.canl.canl-c/src/canl_error_desc
@@ -127,6 +127,9 @@ noBaseCRL.category=CRL
 noValidCrlFound=No valid CRL was found for the CA which issued the chain
 noValidCrlFound.category=CRL
 
+invalidPurpose=Invalid purpose of the peer certificate
+invalidPurpose.category=X509_BASIC
+
 #
 # Rare errors lacking "translations" and meta-information
 #

diff --git a/emi.canl.canl-c/src/canl_ssl.c b/emi.canl.canl-c/src/canl_ssl.c
index 1659deb..3fb5c77 100644 (file)
--- a/emi.canl.canl-c/src/canl_ssl.c
+++ b/emi.canl.canl-c/src/canl_ssl.c
@@ -185,7 +185,7 @@ ssl_server_init(glb_ctx *cc, void **ctx)
     }
     if (err || (!m_ctx->cert_key || !m_ctx->cert_key->cert || 
                 !m_ctx->cert_key->key))
-       return set_error(cc, CANL_ERR_NoCertFound, CANL_ERROR,
+       return set_error(cc, CANL_ERR_noCertFound, CANL_ERROR,
                 "No key or certificate found");
 
 
@@ -229,7 +229,7 @@ ssl_server_init(glb_ctx *cc, void **ctx)
         }
     }
     else {
-        set_error(cc, CANL_ERR_NoCertFound, CANL_ERROR,
+        set_error(cc, CANL_ERR_noCertFound, CANL_ERROR,
                "server key or certificate missing");
         return 1;
     }
@@ -289,7 +289,7 @@ ssl_client_init(glb_ctx *cc, void **ctx)
 
     if (err || (!m_ctx->cert_key || !m_ctx->cert_key->cert || 
                 !m_ctx->cert_key->key))
-        update_error(cc, CANL_ERR_NoCertFound, CANL_ERROR,
+        update_error(cc, CANL_ERR_noCertFound, CANL_ERROR,
                 "No key or certificate found");
 
     if (user_cert_fn){
@@ -800,6 +800,9 @@ map_verify_result(unsigned long ssl_err, const X509_STORE_CTX *store_ctx,
         case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
             canl_err = CANL_ERR_proxyLength;
             break;
+        case X509_V_ERR_INVALID_PURPOSE:
+            canl_err = CANL_ERR_invalidPurpose;
+            break;
         default:
             break;
     }
@@ -1254,7 +1257,7 @@ ssl_get_peer(glb_ctx *cc, io_handler *io, void *auth_ctx, canl_principal *peer)
 
     cert = SSL_get_peer_certificate(ssl);
     if (cert == NULL)
-       return set_error(cc, CANL_ERR_NoPeerCertificate, CANL_ERROR, "No peer certificate");
+       return set_error(cc, CANL_ERR_noPeerCertificate, CANL_ERROR, "No peer certificate");
 
     princ = calloc(1, sizeof(*princ));
     if (princ == NULL)