return 0;
}
-/*TODO ENOSYS for now*/
canl_err_code CANL_CALLCONV
canl_verify_chain(canl_ctx ctx, X509 *ucert, STACK_OF(X509) *cert_chain,
char *cadir)
{
+ int ret = 0;
proxy_verify_desc *pvd = NULL; /* verification context */
pvd = pvd_setup_initializers(cadir);
- proxy_verify_cert_chain(ucert, cert_chain, pvd);
-
+ ret = proxy_verify_cert_chain(ucert, cert_chain, pvd);
pvd_destroy_initializers(pvd);
- return ENOSYS;
+ if (ret)
+ /* This will be ommited when proxy_verify_cert sets errors itself or
+ propagate them out. */
+ return set_error(cc, CANL_ERR_unknown, CANL_ERROR, "Certificate chain"
+ " validation failed") // TODO error code check
+ return 0;
}
proxy_verify_desc *pvd_setup_initializers(char *cadir)
canl_password_callback, void *);
canl_err_code CANL_CALLCONV
canl_cred_load_priv_key(canl_ctx, canl_cred, EVP_PKEY *);
+
canl_err_code CANL_CALLCONV
canl_cred_save_priv_key(canl_ctx, canl_cred, EVP_PKEY **);
canl_cred_load_req(canl_ctx, canl_cred, const X509_REQ *);
/* Routines to verify cert. chain */
+
+/* Verify certificate chain, openssl verif. CRL, OCSP, signing policies etc.
+ Returns: 1 - OK; 0 - verification failed.*/
canl_err_code CANL_CALLCONV
canl_verify_chain(canl_ctx ctx, X509 *ucert, STACK_OF(X509) *cert_chain,
char *cadir);
git://scientific.zcu.cz / jra1mw.git / commitdiff