From fb36b9c08812c81ae580aa9aa84a92f81c00bb68 Mon Sep 17 00:00:00 2001 From: Marcel Poul Date: Thu, 11 Oct 2012 13:18:32 +0000 Subject: [PATCH] Correctly check return values of functions called by canl_verifcain --- emi.canl.canl-c/src/canl_cred.c | 12 ++++++++---- emi.canl.canl-c/src/canl_cred.h | 4 ++++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/emi.canl.canl-c/src/canl_cred.c b/emi.canl.canl-c/src/canl_cred.c index aba26f5..794b0ec 100644 --- a/emi.canl.canl-c/src/canl_cred.c +++ b/emi.canl.canl-c/src/canl_cred.c @@ -689,18 +689,22 @@ canl_cred_load_req(canl_ctx ctx, canl_cred cred_out, const X509_REQ *req_in) return 0; } -/*TODO ENOSYS for now*/ canl_err_code CANL_CALLCONV canl_verify_chain(canl_ctx ctx, X509 *ucert, STACK_OF(X509) *cert_chain, char *cadir) { + int ret = 0; proxy_verify_desc *pvd = NULL; /* verification context */ pvd = pvd_setup_initializers(cadir); - proxy_verify_cert_chain(ucert, cert_chain, pvd); - + ret = proxy_verify_cert_chain(ucert, cert_chain, pvd); pvd_destroy_initializers(pvd); - return ENOSYS; + if (ret) + /* This will be ommited when proxy_verify_cert sets errors itself or + propagate them out. */ + return set_error(cc, CANL_ERR_unknown, CANL_ERROR, "Certificate chain" + " validation failed") // TODO error code check + return 0; } proxy_verify_desc *pvd_setup_initializers(char *cadir) diff --git a/emi.canl.canl-c/src/canl_cred.h b/emi.canl.canl-c/src/canl_cred.h index d94d604..31a3204 100644 --- a/emi.canl.canl-c/src/canl_cred.h +++ b/emi.canl.canl-c/src/canl_cred.h @@ -42,6 +42,7 @@ canl_cred_load_priv_key_file(canl_ctx, canl_cred, const char *, canl_password_callback, void *); canl_err_code CANL_CALLCONV canl_cred_load_priv_key(canl_ctx, canl_cred, EVP_PKEY *); + canl_err_code CANL_CALLCONV canl_cred_save_priv_key(canl_ctx, canl_cred, EVP_PKEY **); @@ -97,6 +98,9 @@ canl_err_code CANL_CALLCONV canl_cred_load_req(canl_ctx, canl_cred, const X509_REQ *); /* Routines to verify cert. chain */ + +/* Verify certificate chain, openssl verif. CRL, OCSP, signing policies etc. + Returns: 1 - OK; 0 - verification failed.*/ canl_err_code CANL_CALLCONV canl_verify_chain(canl_ctx ctx, X509 *ucert, STACK_OF(X509) *cert_chain, char *cadir); -- 1.8.2.3