mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-12-15 19:04:25 -05:00
add gpg authentication everytime we got an ssl auth error
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2171 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
e7bf81f0e0
commit
1e96a13c5d
@ -2173,9 +2173,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
|
|||||||
|
|
||||||
if (!preverify_ok)
|
if (!preverify_ok)
|
||||||
{
|
{
|
||||||
if ((err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) ||
|
|
||||||
(err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY))
|
|
||||||
{
|
|
||||||
X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)), buf, 256);
|
X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)), buf, 256);
|
||||||
printf("issuer= %s\n", buf);
|
printf("issuer= %s\n", buf);
|
||||||
|
|
||||||
@ -2198,23 +2196,49 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
preverify_ok = true;
|
preverify_ok = true;
|
||||||
}
|
|
||||||
else if ((err == X509_V_ERR_CERT_UNTRUSTED) ||
|
// if ((err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) ||
|
||||||
(err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
|
// (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY))
|
||||||
{
|
// {
|
||||||
std::string pgpid = getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer);
|
// X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)), buf, 256);
|
||||||
if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId())
|
// printf("issuer= %s\n", buf);
|
||||||
{
|
//
|
||||||
fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n");
|
// fprintf(stderr, "Doing REAL PGP Certificates\n");
|
||||||
fprintf(stderr, "issuer pgpid : ");
|
// /* do the REAL Authentication */
|
||||||
fprintf(stderr, "%s\n",pgpid.c_str());
|
// if (!AuthX509(X509_STORE_CTX_get_current_cert(ctx)))
|
||||||
fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
|
// {
|
||||||
fprintf(stderr, "%s\n",AuthGPG::getAuthGPG()->getGPGOwnId().c_str());
|
// fprintf(stderr, "AuthSSL::VerifyX509Callback() X509 not authenticated.\n");
|
||||||
fprintf(stderr, "\n");
|
// return false;
|
||||||
return false;
|
// }
|
||||||
}
|
// std::string pgpid = getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer);
|
||||||
preverify_ok = true;
|
// if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId())
|
||||||
}
|
// {
|
||||||
|
// fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n");
|
||||||
|
// fprintf(stderr, "issuer pgpid : ");
|
||||||
|
// fprintf(stderr, "%s\n",pgpid.c_str());
|
||||||
|
// fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
|
||||||
|
// fprintf(stderr, "%s\n",AuthGPG::getAuthGPG()->getGPGOwnId().c_str());
|
||||||
|
// fprintf(stderr, "\n");
|
||||||
|
// return false;
|
||||||
|
// }
|
||||||
|
// preverify_ok = true;
|
||||||
|
// }
|
||||||
|
// else if ((err == X509_V_ERR_CERT_UNTRUSTED) ||
|
||||||
|
// (err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
|
||||||
|
// {
|
||||||
|
// std::string pgpid = getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer);
|
||||||
|
// if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId())
|
||||||
|
// {
|
||||||
|
// fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n");
|
||||||
|
// fprintf(stderr, "issuer pgpid : ");
|
||||||
|
// fprintf(stderr, "%s\n",pgpid.c_str());
|
||||||
|
// fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
|
||||||
|
// fprintf(stderr, "%s\n",AuthGPG::getAuthGPG()->getGPGOwnId().c_str());
|
||||||
|
// fprintf(stderr, "\n");
|
||||||
|
// return false;
|
||||||
|
// }
|
||||||
|
// preverify_ok = true;
|
||||||
|
// }
|
||||||
} else {
|
} else {
|
||||||
fprintf(stderr, "Failing Normal Certificate!!!\n");
|
fprintf(stderr, "Failing Normal Certificate!!!\n");
|
||||||
preverify_ok = false;
|
preverify_ok = false;
|
||||||
|
Loading…
Reference in New Issue
Block a user