From 2d3322f1ad46739eb3c124edcfc43a5a4f410cb5 Mon Sep 17 00:00:00 2001 From: Marcel Poul Date: Wed, 11 Jan 2012 22:17:00 +0000 Subject: [PATCH] stub of method for post handshake cert check (server cert) --- emi.canl.canl-c/src/canl_ssl.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/emi.canl.canl-c/src/canl_ssl.c b/emi.canl.canl-c/src/canl_ssl.c index 22267ab..7a345f1 100644 --- a/emi.canl.canl-c/src/canl_ssl.c +++ b/emi.canl.canl-c/src/canl_ssl.c @@ -6,6 +6,7 @@ static int do_ssl_connect( glb_ctx *cc, io_handler *io, struct timeval *timeout); static int do_ssl_accept( glb_ctx *cc, io_handler *io, struct timeval *timeout); +static int check_hostname_cert(glb_ctx *cc, io_handler *io); #ifdef DEBUG static void dbg_print_ssl_error(int errorcode); #endif @@ -245,18 +246,26 @@ int ssl_connect(glb_ctx *cc, io_handler *io, struct timeval *timeout) if (err) { goto end; } - /* - if (post_connection_check(io->s_ctx->ssl_io)) { - opened = 1; - (void)Send("0"); - return 1; - } - */ + /*check server hostname on the certificate*/ + err = check_hostname_cert(cc, io); end: return err; } +static int check_hostname_cert(glb_ctx *cc, io_handler *io) +{ + X509 * serv_cert = NULL; + /*if voms extensions are present, hostname has to correspond*/ + serv_cert = SSL_get_peer_certificate(io->s_ctx->ssl_io); + /* ... */ + + /*else hostname has to correspond to subject*/ + + X509_free(serv_cert); + return 0; +} + int ssl_accept(glb_ctx *cc, io_handler *io, struct timeval *timeout) { @@ -278,18 +287,10 @@ int ssl_accept(glb_ctx *cc, io_handler *io, SSL_set_fd(io->s_ctx->ssl_io, io->sock); err = do_ssl_accept(cc, io, timeout); - if (err) { + if (err) { goto end; } - /* - if (post_connection_check(io->s_ctx->ssl_io)) { - opened = 1; - (void)Send("0"); - return 1; - } - */ - end: return err; } -- 1.8.2.3