Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-01-28 00:07:09 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed missing error checking in X509 Verify callback

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7858 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2015-01-23 08:13:26 +00:00
parent 8600b39384
commit 2e211a6904
1 changed files with 92 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
libretroshare/src/pqi/authssl.cc
View File

@ -1102,10 +1102,20 @@ int AuthSSLimpl::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
err = X509_STORE_CTX_get_error(ctx);
depth = X509_STORE_CTX_get_error_depth(ctx);
#ifdef AUTHSSL_DEBUG
if(err_cert == NULL)
{
std::cerr << "AuthSSLimpl::VerifyX509Callback(): Cannot get certificate. Error!" << std::endl;
return false ;
}
if(err != X509_V_OK)
{
std::cerr << "AuthSSLimpl::VerifyX509Callback(): get certificate returned error code =" << err << ", error depth=" << depth << std::endl;
return false ;
}
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSLimpl::VerifyX509Callback(preverify_ok: " << preverify_ok
<< " Err: " << err << " Depth: " << depth << std::endl;
#endif
#endif
/*
* Retrieve the pointer to the SSL of the connection currently treated
@ -1114,16 +1124,16 @@ int AuthSSLimpl::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
#ifdef AUTHSSL_DEBUG
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSLimpl::VerifyX509Callback: depth: " << depth << ":" << buf << std::endl;
#endif
#endif
if (!preverify_ok) {
#ifdef AUTHSSL_DEBUG
#ifdef AUTHSSL_DEBUG
fprintf(stderr, "Verify error:num=%d:%s:depth=%d:%s\n", err,
X509_verify_cert_error_string(err), depth, buf);
#endif
#endif
}
/*
@ -1135,21 +1145,21 @@ int AuthSSLimpl::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
{
X509_NAME_oneline(X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)), buf, 256);
#ifdef AUTHSSL_DEBUG
#ifdef AUTHSSL_DEBUG
printf("issuer= %s\n", buf);
#endif
#endif
#ifdef AUTHSSL_DEBUG
#ifdef AUTHSSL_DEBUG
fprintf(stderr, "Doing REAL PGP Certificates\n");
#endif
#endif
uint32_t auth_diagnostic ;
/* do the REAL Authentication */
if (!AuthX509WithGPG(X509_STORE_CTX_get_current_cert(ctx),auth_diagnostic))
{
#ifdef AUTHSSL_DEBUG
#ifdef AUTHSSL_DEBUG
fprintf(stderr, "AuthSSLimpl::VerifyX509Callback() X509 not authenticated.\n");
#endif
#endif
std::cerr << "(WW) Certificate was rejected because authentication failed. Diagnostic = " << auth_diagnostic << std::endl;
return false;
}
@ -1157,23 +1167,23 @@ int AuthSSLimpl::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
if (pgpid != AuthGPG::getAuthGPG()->getGPGOwnId() && !AuthGPG::getAuthGPG()->isGPGAccepted(pgpid))
{
#ifdef AUTHSSL_DEBUG
#ifdef AUTHSSL_DEBUG
fprintf(stderr, "AuthSSLimpl::VerifyX509Callback() pgp key not accepted : \n");
fprintf(stderr, "issuer pgpid : ");
fprintf(stderr, "%s\n",pgpid.c_str());
fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
fprintf(stderr, "%s\n",AuthGPG::getAuthGPG()->getGPGOwnId().c_str());
fprintf(stderr, "\n");
#endif
#endif
return false;
}
preverify_ok = true;
} else {
#ifdef AUTHSSL_DEBUG
#ifdef AUTHSSL_DEBUG
fprintf(stderr, "A normal certificate is probably a security breach attempt. We sould fail it !!!\n");
#endif
#endif
preverify_ok = false;
}
@ -1185,13 +1195,13 @@ int AuthSSLimpl::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
}
#ifdef AUTHSSL_DEBUG
#ifdef AUTHSSL_DEBUG
if (preverify_ok) {
fprintf(stderr, "AuthSSLimpl::VerifyX509Callback returned true.\n");
} else {
fprintf(stderr, "AuthSSLimpl::VerifyX509Callback returned false.\n");
}
#endif
#endif
return preverify_ok;
}