From: Marcel Poul Date: Thu, 11 Oct 2012 13:18:32 +0000 (+0000) Subject: Correctly check return values of functions called by canl_verifcain X-Git-Tag: glite-jobid-api-c_R_2_2_3_1~14 X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=fb36b9c08812c81ae580aa9aa84a92f81c00bb68;p=jra1mw.git Correctly check return values of functions called by canl_verifcain --- diff --git a/emi.canl.canl-c/src/canl_cred.c b/emi.canl.canl-c/src/canl_cred.c index aba26f5..794b0ec 100644 --- a/emi.canl.canl-c/src/canl_cred.c +++ b/emi.canl.canl-c/src/canl_cred.c @@ -689,18 +689,22 @@ canl_cred_load_req(canl_ctx ctx, canl_cred cred_out, const X509_REQ *req_in) return 0; } -/*TODO ENOSYS for now*/ canl_err_code CANL_CALLCONV canl_verify_chain(canl_ctx ctx, X509 *ucert, STACK_OF(X509) *cert_chain, char *cadir) { + int ret = 0; proxy_verify_desc *pvd = NULL; /* verification context */ pvd = pvd_setup_initializers(cadir); - proxy_verify_cert_chain(ucert, cert_chain, pvd); - + ret = proxy_verify_cert_chain(ucert, cert_chain, pvd); pvd_destroy_initializers(pvd); - return ENOSYS; + if (ret) + /* This will be ommited when proxy_verify_cert sets errors itself or + propagate them out. */ + return set_error(cc, CANL_ERR_unknown, CANL_ERROR, "Certificate chain" + " validation failed") // TODO error code check + return 0; } proxy_verify_desc *pvd_setup_initializers(char *cadir) diff --git a/emi.canl.canl-c/src/canl_cred.h b/emi.canl.canl-c/src/canl_cred.h index d94d604..31a3204 100644 --- a/emi.canl.canl-c/src/canl_cred.h +++ b/emi.canl.canl-c/src/canl_cred.h @@ -42,6 +42,7 @@ canl_cred_load_priv_key_file(canl_ctx, canl_cred, const char *, canl_password_callback, void *); canl_err_code CANL_CALLCONV canl_cred_load_priv_key(canl_ctx, canl_cred, EVP_PKEY *); + canl_err_code CANL_CALLCONV canl_cred_save_priv_key(canl_ctx, canl_cred, EVP_PKEY **); @@ -97,6 +98,9 @@ canl_err_code CANL_CALLCONV canl_cred_load_req(canl_ctx, canl_cred, const X509_REQ *); /* Routines to verify cert. chain */ + +/* Verify certificate chain, openssl verif. CRL, OCSP, signing policies etc. + Returns: 1 - OK; 0 - verification failed.*/ canl_err_code CANL_CALLCONV canl_verify_chain(canl_ctx ctx, X509 *ucert, STACK_OF(X509) *cert_chain, char *cadir);