Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-12-15 10:54:22 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

add gpg authentication everytime we got an ssl auth error

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2171 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
joss17 2010-02-01 22:59:30 +00:00
parent e7bf81f0e0
commit 1e96a13c5d
1 changed files with 65 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
libretroshare/src/pqi/authssl.cc
View File

@ -2173,48 +2173,72 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
if (!preverify_ok)
{
if ((err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) ||
(err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY))
{
X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)), buf, 256);
printf("issuer= %s\n", buf);
fprintf(stderr, "Doing REAL PGP Certificates\n");
/* do the REAL Authentication */
if (!AuthX509(X509_STORE_CTX_get_current_cert(ctx)))
{
fprintf(stderr, "AuthSSL::VerifyX509Callback() X509 not authenticated.\n");
return false;
}
std::string pgpid = getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer);
if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId())
{
fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n");
fprintf(stderr, "issuer pgpid : ");
fprintf(stderr, "%s\n",pgpid.c_str());
fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
fprintf(stderr, "%s\n",AuthGPG::getAuthGPG()->getGPGOwnId().c_str());
fprintf(stderr, "\n");
return false;
}
preverify_ok = true;
}
else if ((err == X509_V_ERR_CERT_UNTRUSTED) ||
(err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
{
std::string pgpid = getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer);
if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId())
{
fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n");
fprintf(stderr, "issuer pgpid : ");
fprintf(stderr, "%s\n",pgpid.c_str());
fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
fprintf(stderr, "%s\n",AuthGPG::getAuthGPG()->getGPGOwnId().c_str());
fprintf(stderr, "\n");
return false;
}
preverify_ok = true;
}
X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)), buf, 256);
printf("issuer= %s\n", buf);
fprintf(stderr, "Doing REAL PGP Certificates\n");
/* do the REAL Authentication */
if (!AuthX509(X509_STORE_CTX_get_current_cert(ctx)))
{
fprintf(stderr, "AuthSSL::VerifyX509Callback() X509 not authenticated.\n");
return false;
}
std::string pgpid = getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer);
if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId())
{
fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n");
fprintf(stderr, "issuer pgpid : ");
fprintf(stderr, "%s\n",pgpid.c_str());
fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
fprintf(stderr, "%s\n",AuthGPG::getAuthGPG()->getGPGOwnId().c_str());
fprintf(stderr, "\n");
return false;
}
preverify_ok = true;
// if ((err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) ||
// (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY))
// {
// X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)), buf, 256);
// printf("issuer= %s\n", buf);
//
// fprintf(stderr, "Doing REAL PGP Certificates\n");
// /* do the REAL Authentication */
// if (!AuthX509(X509_STORE_CTX_get_current_cert(ctx)))
// {
// fprintf(stderr, "AuthSSL::VerifyX509Callback() X509 not authenticated.\n");
// return false;
// }
// std::string pgpid = getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer);
// if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId())
// {
// fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n");
// fprintf(stderr, "issuer pgpid : ");
// fprintf(stderr, "%s\n",pgpid.c_str());
// fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
// fprintf(stderr, "%s\n",AuthGPG::getAuthGPG()->getGPGOwnId().c_str());
// fprintf(stderr, "\n");
// return false;
// }
// preverify_ok = true;
// }
// else if ((err == X509_V_ERR_CERT_UNTRUSTED) ||
// (err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
// {
// std::string pgpid = getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer);
// if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId())
// {
// fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n");
// fprintf(stderr, "issuer pgpid : ");
// fprintf(stderr, "%s\n",pgpid.c_str());
// fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
// fprintf(stderr, "%s\n",AuthGPG::getAuthGPG()->getGPGOwnId().c_str());
// fprintf(stderr, "\n");
// return false;
// }
// preverify_ok = true;
// }
} else {
fprintf(stderr, "Failing Normal Certificate!!!\n");
preverify_ok = false;