}
/* Create SHA1 of last certificate in the peer's chain. */
-void SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash)
+bool_t SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash)
{
x509_cert *cert = ssl->peer_cert;
if (!ssl->peer_cert) {
- /* XXX what to do? */
- return;
+ return false;
}
sha1(cert->raw.p, cert->raw.len, hash);
+ return true;
}
SSL_handle_t *SSLi_newconnection(int *fd, bool_t *SSLready)
}
/* Create SHA1 of last certificate in the peer's chain. */
-void SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash)
+bool_t SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash)
{
X509 *x509;
uint8_t *buf, *p;
int len;
x509 = SSL_get_peer_certificate(ssl);
- if (x509) {
- /* XXX what to do? */
- return;
+ if (!x509) {
+ return false;
}
len = i2d_X509(x509, NULL);
if (buf == NULL) {
Log_fatal("malloc");
}
+
+ p = buf;
+ i2d_X509(x509, &p);
- i2d_X509(x509, &p);
-
- SHA1(p, len, hash);
+ SHA1(buf, len, hash);
free(buf);
+ return true;
}
void SSLi_closeconnection(SSL_handle_t *ssl)
X509_STORE_CTX_set_error(ctx, err);
}
if (!preverify_ok) {
- Log_warn("verify error:num=%d:%s:depth=%d:%s\n", err,
+ Log_warn("SSL: verify error:num=%d:%s:depth=%d:%s\n", err,
X509_verify_cert_error_string(err), depth, buf);
}
/*
* At this point, err contains the last verification error. We can use
* it for something special
*/
- if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
- {
+ if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) {
X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
- Log_warn("issuer= %s", buf);
+ Log_warn("issuer= %s", buf);
}
return 1;
}