git://git.exim.org
/
users
/
heiko
/
exim.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
af4a1bc
)
Use accessor functions for OpenSSL internal data
author
Jeremy Harris
<jgh146exb@wizmail.org>
Sat, 17 May 2014 22:43:23 +0000
(23:43 +0100)
committer
Jeremy Harris
<jgh146exb@wizmail.org>
Sat, 17 May 2014 22:52:27 +0000
(23:52 +0100)
src/src/tls-openssl.c
patch
|
blob
|
history
diff --git
a/src/src/tls-openssl.c
b/src/src/tls-openssl.c
index 4cc6c4422bf5b49a2d2a5c06ba4a70a2c44ed2b5..3000b8fcb1f8db8d7e52970023eba3ea500f8eec 100644
(file)
--- a/
src/src/tls-openssl.c
+++ b/
src/src/tls-openssl.c
@@
-262,34
+262,36
@@
Returns: 1 if verified, 0 if not
*/
static int
*/
static int
-verify_callback(int state, X509_STORE_CTX *x509ctx, tls_support *tlsp, BOOL *calledp, BOOL *optionalp)
+verify_callback(int state, X509_STORE_CTX *x509ctx,
+ tls_support *tlsp, BOOL *calledp, BOOL *optionalp)
{
{
+X509 * cert = X509_STORE_CTX_get_current_cert(x509ctx);
static uschar txt[256];
static uschar txt[256];
-X509_NAME_oneline(X509_get_subject_name(
x509ctx->current_
cert),
+X509_NAME_oneline(X509_get_subject_name(cert),
CS txt, sizeof(txt));
if (state == 0)
{
log_write(0, LOG_MAIN, "SSL verify error: depth=%d error=%s cert=%s",
CS txt, sizeof(txt));
if (state == 0)
{
log_write(0, LOG_MAIN, "SSL verify error: depth=%d error=%s cert=%s",
-
x509ctx->error_depth
,
- X509_verify_cert_error_string(
x509ctx->error
),
+
X509_STORE_CTX_get_error_depth(x509ctx)
,
+ X509_verify_cert_error_string(
X509_STORE_CTX_get_error(x509ctx)
),
txt);
tlsp->certificate_verified = FALSE;
*calledp = TRUE;
if (!*optionalp)
{
txt);
tlsp->certificate_verified = FALSE;
*calledp = TRUE;
if (!*optionalp)
{
- tlsp->peercert = X509_dup(
x509ctx->current_
cert);
+ tlsp->peercert = X509_dup(cert);
return 0; /* reject */
}
DEBUG(D_tls) debug_printf("SSL verify failure overridden (host in "
"tls_try_verify_hosts)\n");
}
return 0; /* reject */
}
DEBUG(D_tls) debug_printf("SSL verify failure overridden (host in "
"tls_try_verify_hosts)\n");
}
-else if (
x509ctx->error_depth
!= 0)
+else if (
X509_STORE_CTX_get_error_depth(x509ctx)
!= 0)
{
DEBUG(D_tls) debug_printf("SSL verify ok: depth=%d SN=%s\n",
{
DEBUG(D_tls) debug_printf("SSL verify ok: depth=%d SN=%s\n",
-
x509ctx->error_depth
, txt);
+
X509_STORE_CTX_get_error_depth(x509ctx)
, txt);
#ifdef EXPERIMENTAL_OCSP
if (tlsp == &tls_out && client_static_cbinfo->u_ocsp.client.verify_store)
{ /* client, wanting stapling */
#ifdef EXPERIMENTAL_OCSP
if (tlsp == &tls_out && client_static_cbinfo->u_ocsp.client.verify_store)
{ /* client, wanting stapling */
@@
-297,7
+299,7
@@
else if (x509ctx->error_depth != 0)
for the verification of the OCSP stapled information. */
if (!X509_STORE_add_cert(client_static_cbinfo->u_ocsp.client.verify_store,
for the verification of the OCSP stapled information. */
if (!X509_STORE_add_cert(client_static_cbinfo->u_ocsp.client.verify_store,
-
x509ctx->current_
cert))
+ cert))
ERR_clear_error();
}
#endif
ERR_clear_error();
}
#endif
@@
-305,7
+307,7
@@
else if (x509ctx->error_depth != 0)
else
{
tlsp->peerdn = txt;
else
{
tlsp->peerdn = txt;
- tlsp->peercert = X509_dup(
x509ctx->current_
cert);
+ tlsp->peercert = X509_dup(cert);
DEBUG(D_tls) debug_printf("SSL%s verify ok: depth=0 SN=%s\n",
*calledp ? "" : " authenticated", txt);
if (!*calledp) tlsp->certificate_verified = TRUE;
DEBUG(D_tls) debug_printf("SSL%s verify ok: depth=0 SN=%s\n",
*calledp ? "" : " authenticated", txt);
if (!*calledp) tlsp->certificate_verified = TRUE;