From: Marcel Poul Date: Tue, 11 Sep 2012 10:15:00 +0000 (+0000) Subject: Add canl_ssl_ctx_set_clb() into API, this sets canl default certificate verification... X-Git-Tag: glite-lb-client_R_5_2_7_1~8 X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=86c550225bf6ed245212978d367bf4afba61f643;p=jra1mw.git Add canl_ssl_ctx_set_clb() into API, this sets canl default certificate verification callback into given ssl_ctx --- diff --git a/emi.canl.canl-c/src/canl_ssl.c b/emi.canl.canl-c/src/canl_ssl.c index 6defd42..227bbbe 100644 --- a/emi.canl.canl-c/src/canl_ssl.c +++ b/emi.canl.canl-c/src/canl_ssl.c @@ -1116,12 +1116,28 @@ canl_ctx_set_ca_fn(canl_ctx cc, const char *fn) return EINVAL; if (!m_ctx) - return set_error(glb_cc, EINVAL, POSIX_ERROR, "SSL context not" + return set_error(glb_cc, EINVAL, POSIX_ERROR, "Mech context not" " initialized"); return ssl_set_dir(glb_cc, &m_ctx->ca_file, fn); } +canl_err_code CANL_CALLCONV +canl_ssl_ctx_set_clb(canl_ctx cc, SSL_CTX *ssl_ctx, void *user_data) +{ + glb_ctx *glb_cc = (glb_ctx*) cc; + if (!cc) + return EINVAL; + if (!ssl_ctx) + return set_error(glb_cc, EINVAL, POSIX_ERROR, "SSL context not" + " initialized"); + + SSL_CTX_set_cert_verify_callback(ssl_ctx, proxy_app_verify_callback, + user_data); + + return 0; +} + static canl_err_code ssl_get_peer(glb_ctx *cc, io_handler *io, void *auth_ctx, canl_principal *peer) { diff --git a/emi.canl.canl-c/src/canl_ssl.h b/emi.canl.canl-c/src/canl_ssl.h index b057dcb..8c2ec7e 100644 --- a/emi.canl.canl-c/src/canl_ssl.h +++ b/emi.canl.canl-c/src/canl_ssl.h @@ -2,6 +2,7 @@ #define _CANL_SSL_H #include +#include #ifdef __cplusplus extern "C" { @@ -35,6 +36,11 @@ canl_ctx_set_pkcs11_lib(canl_ctx, const char *); canl_err_code CANL_CALLCONV canl_ctx_set_pkcs11_init_args(canl_ctx, const char *); +/* Set canl cert verification callbacks into SSL_CTX. + Do not use SSL_CTX stored in canl_ctx */ +canl_err_code CANL_CALLCONV +canl_ssl_ctx_set_clb(canl_ctx cc, SSL_CTX *ssl_ctx, void *user_data); + #ifdef __cplusplus } #endif