Tweaked tabs and order. Added NewsFeed.

Added Template functions for ssl+xpgp code. git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@853 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2025-05-05 07:35:12 -04:00 · 2008-11-29 20:17:58 +00:00 · 2008-11-29 20:17:58 +00:00 · 77cb7314bc
commit 77cb7314bc
parent 01a2ca1468
3 changed files with 160 additions and 16 deletions
--- a/libretroshare/src/pqi/gpgauthmgr.cc
+++ b/libretroshare/src/pqi/gpgauthmgr.cc
@ -310,3 +310,91 @@ bool GPGAuthMgr::SignData(const void *data, const uint32_t len, std::string &sig
 }


+
+
+
+
+
+
+
+
+#if 0
+
+bool   setupSSL(SSL_CTX *ctx)
+{
+	/* signer is done by pgp, so we have to manually authenticate the certificate.
+	 */
+
+        SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_pgp_callback);
+	SSL_CTX_set_verify_depth(1);
+
+	/* generate a certificate */
+
+}
+
+
+static int verify_pgp_callback(int preverify_ok, X509_STORE_CTX *ctx)
+{
+	char    buf[256];
+	X509   *err_cert;
+	int     err, depth;
+	SSL    *ssl;
+	mydata_t *mydata;
+	
+	err_cert = X509_STORE_CTX_get_current_cert(ctx);
+	err = X509_STORE_CTX_get_error(ctx);
+	depth = X509_STORE_CTX_get_error_depth(ctx);
+	
+	/*
+	* Retrieve the pointer to the SSL of the connection currently treated
+	* and the application specific data stored into the SSL object.
+	*/
+	ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+	mydata = SSL_get_ex_data(ssl, mydata_index);
+	
+	X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
+	
+	/*
+	* Catch a too long certificate chain. The depth limit set using
+	* SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
+	* that whenever the "depth>verify_depth" condition is met, we
+	* have violated the limit and want to log this error condition.
+	* We must do it here, because the CHAIN_TOO_LONG error would not
+	* be found explicitly; only errors introduced by cutting off the
+	* additional certificates would be logged.
+	*/
+	
+	
+	if (depth > mydata->verify_depth) {
+		preverify_ok = 0;
+		err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+		X509_STORE_CTX_set_error(ctx, err);
+	}
+	if (!preverify_ok) {
+		printf("verify error:num=%d:%s:depth=%d:%s\n", err,
+		X509_verify_cert_error_string(err), depth, buf);
+	}
+	else if (mydata->verbose_mode)
+	{
+		printf("depth=%d:%s\n", depth, buf);
+	}
+	
+	/*
+	* At this point, err contains the last verification error. We can use
+	* it for something special
+	*/
+
+	if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
+	{
+		X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
+		printf("issuer= %s\n", buf);
+	}
+	
+	if (mydata->always_continue)
+		return 1;
+	else
+		return preverify_ok;
+}
+
+#endif
+
--- a/libretroshare/src/pqi/gpgauthmgr.h
+++ b/libretroshare/src/pqi/gpgauthmgr.h
@ -157,6 +157,24 @@ class GPGAuthMgr: public p3AuthMgr
  bool SignData(std::string input, std::string &sign);
  bool SignData(const void *data, const uint32_t len, std::string &sign);

+/*********************************************************************************/
+/************************* PGP Specific functions ********************************/
+/*********************************************************************************/
+
+/*
+ * These support the authentication process.
+ *
+ */
+
+/*
+ *
+ */
+
+bool checkSignature(std::string id, std::string hash, std::string signature);
+
+
+
+
 /*********************************************************************************/
 /************************* OTHER FUNCTIONS ***************************************/
 /*********************************************************************************/
@ -182,6 +200,15 @@ class GPGAuthMgr: public p3AuthMgr
 	gpgme_ctx_t CTX;
 };

+/*****
+ *
+ * Support Functions for OpenSSL verification.
+ *
+ */
+
+int verify_pgp_callback(int preverify_ok, X509_STORE_CTX *ctx);
+
+
 #endif