Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-12-15 19:04:25 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

add gpg authentication everytime we got an ssl auth error

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2171 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
joss17 2010-02-01 22:59:30 +00:00
parent e7bf81f0e0
commit 1e96a13c5d
1 changed files with 65 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
libretroshare/src/pqi/authssl.cc
View File

@ -2173,48 +2173,72 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
if (!preverify_ok) if (!preverify_ok)
{ {
if ((err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) ||
(err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY))
{
X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)), buf, 256);
printf("issuer= %s\n", buf);
fprintf(stderr, "Doing REAL PGP Certificates\n"); X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)), buf, 256);
/* do the REAL Authentication */ printf("issuer= %s\n", buf);
if (!AuthX509(X509_STORE_CTX_get_current_cert(ctx)))
{ fprintf(stderr, "Doing REAL PGP Certificates\n");
fprintf(stderr, "AuthSSL::VerifyX509Callback() X509 not authenticated.\n"); /* do the REAL Authentication */
return false; if (!AuthX509(X509_STORE_CTX_get_current_cert(ctx)))
} {
std::string pgpid = getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer); fprintf(stderr, "AuthSSL::VerifyX509Callback() X509 not authenticated.\n");
if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId()) return false;
{ }
fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n"); std::string pgpid = getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer);
fprintf(stderr, "issuer pgpid : "); if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId())
fprintf(stderr, "%s\n",pgpid.c_str()); {
fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : "); fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n");
fprintf(stderr, "%s\n",AuthGPG::getAuthGPG()->getGPGOwnId().c_str()); fprintf(stderr, "issuer pgpid : ");
fprintf(stderr, "\n"); fprintf(stderr, "%s\n",pgpid.c_str());
return false; fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
} fprintf(stderr, "%s\n",AuthGPG::getAuthGPG()->getGPGOwnId().c_str());
preverify_ok = true; fprintf(stderr, "\n");
} return false;
else if ((err == X509_V_ERR_CERT_UNTRUSTED) || }
(err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)) preverify_ok = true;
{
std::string pgpid = getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer); // if ((err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) ||
if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId()) // (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY))
{ // {
fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n"); // X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)), buf, 256);
fprintf(stderr, "issuer pgpid : "); // printf("issuer= %s\n", buf);
fprintf(stderr, "%s\n",pgpid.c_str()); //
fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : "); // fprintf(stderr, "Doing REAL PGP Certificates\n");
fprintf(stderr, "%s\n",AuthGPG::getAuthGPG()->getGPGOwnId().c_str()); // /* do the REAL Authentication */
fprintf(stderr, "\n"); // if (!AuthX509(X509_STORE_CTX_get_current_cert(ctx)))
return false; // {
} // fprintf(stderr, "AuthSSL::VerifyX509Callback() X509 not authenticated.\n");
preverify_ok = true; // return false;
} // }
// std::string pgpid = getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer);
// if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId())
// {
// fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n");
// fprintf(stderr, "issuer pgpid : ");
// fprintf(stderr, "%s\n",pgpid.c_str());
// fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
// fprintf(stderr, "%s\n",AuthGPG::getAuthGPG()->getGPGOwnId().c_str());
// fprintf(stderr, "\n");
// return false;
// }
// preverify_ok = true;
// }
// else if ((err == X509_V_ERR_CERT_UNTRUSTED) ||
// (err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
// {
// std::string pgpid = getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer);
// if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid) && pgpid != AuthGPG::getAuthGPG()->getGPGOwnId())
// {
// fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself : \n");
// fprintf(stderr, "issuer pgpid : ");
// fprintf(stderr, "%s\n",pgpid.c_str());
// fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
// fprintf(stderr, "%s\n",AuthGPG::getAuthGPG()->getGPGOwnId().c_str());
// fprintf(stderr, "\n");
// return false;
// }
// preverify_ok = true;
// }
} else { } else {
fprintf(stderr, "Failing Normal Certificate!!!\n"); fprintf(stderr, "Failing Normal Certificate!!!\n");
preverify_ok = false; preverify_ok = false;