From: Marcel Poul <marcel.poul@cern.ch>
Date: Wed, 11 Jul 2012 10:27:25 +0000 (+0000)
Subject: We actually don't need to match openssl verify error codes to proxy error codes
X-Git-Tag: gridsite-core_R_1_7_22~29
X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=f0eac9148cd28f6c4248a98b73497a2282cec8b7;p=jra1mw.git

We actually don't need to match openssl verify error codes to proxy error codes
---

diff --git a/emi.canl.canl-c/src/proxy/sslutils.c b/emi.canl.canl-c/src/proxy/sslutils.c
index 8705ab8..849d593 100644
--- a/emi.canl.canl-c/src/proxy/sslutils.c
+++ b/emi.canl.canl-c/src/proxy/sslutils.c
@@ -2139,8 +2139,6 @@ proxy_verify_callback(
                 if (result != SUCCESS_PERMIT)
                 {
                     PRXYerr(PRXYERR_F_VERIFY_CB, PRXYERR_R_CA_POLICY_VIOLATION);
-
-                    ctx->error = X509_V_ERR_INVALID_PURPOSE; 
                                 
                     if (error_string != NULL)
                     {
@@ -2237,59 +2235,6 @@ fail_verify:
     if (objset)
       X509_OBJECT_free_contents(&obj);
 
-    if (ctx->current_cert)
-    {
-        char *subject_s = NULL;
-        char *issuer_s = NULL;
-                
-        subject_s = X509_NAME_oneline(
-            X509_get_subject_name(ctx->current_cert),NULL,0);
-        issuer_s = X509_NAME_oneline(
-            X509_get_issuer_name(ctx->current_cert),NULL,0);
-        
-        switch (ctx->error)
-        {
-            case X509_V_OK:
-            case X509_V_ERR_INVALID_PURPOSE:
-            case X509_V_ERR_APPLICATION_VERIFICATION:
-                 PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_CB_ERROR_MSG);
-                 ERR_add_error_data(6, 
-                    "\n        File=", 
-                    ca_policy_file_path ? ca_policy_file_path : "UNKNOWN",
-                    "\n        subject=",
-                    subject_s ? subject_s : "UNKNOWN",
-                    "\n        issuer =",
-                    issuer_s ? issuer_s : "UNKNOWN");
-            break;
-            case X509_V_ERR_CERT_NOT_YET_VALID:
-            case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-            case X509_V_ERR_CERT_HAS_EXPIRED:
-                 PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_CB_ERROR_MSG);
-                 ERR_add_error_data(4, 
-                    "\n        subject=",
-                    subject_s ? subject_s : "UNKNOWN",
-                    "\n        issuer =",
-                    issuer_s ? issuer_s : "UNKNOWN");
-            break;
-            case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
-                 PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_CA_UNKNOWN);
-                    ERR_add_error_data(2, "\n        issuer =",
-                    issuer_s ? issuer_s : "UNKNOWN");
-            break;
-
-            default:
-                PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_CB_CALLED_WITH_ERROR);
-                ERR_add_error_data(6,"\n        error =",
-                    X509_verify_cert_error_string(ctx->error),
-                    "\n        subject=",
-                    subject_s ? subject_s : "UNKNOWN",
-                    "\n        issuer =",
-                    issuer_s ? issuer_s : "UNKNOWN");
-        }
-
-        free(subject_s);
-        free(issuer_s);
-    }
     if (ca_policy_file_path != NULL)
     {
         free(ca_policy_file_path);