[Cvs-nserver-commits] CVS: cvs-nserver/src ssl-client.c,1.1.2.1,1.1.2.2
Brought to you by:
tyranny
Menu
▾
▴
[Cvs-nserver-commits] CVS: cvs-nserver/src ssl-client.c,1.1.2.1,1.1.2.2
|
From: Alexey M. <ty...@us...> - 2001-08-26 18:21:00
|
Update of /cvsroot/cvs-nserver/cvs-nserver/src
In directory usw-pr-cvs1:/tmp/cvs-serv4155
Modified Files:
Tag: NCLI-1-11-1
ssl-client.c
Log Message:
Fixed stupid bug with SSL_read();
fixes, more debugging output
Index: ssl-client.c
===================================================================
RCS file: /cvsroot/cvs-nserver/cvs-nserver/src/Attic/ssl-client.c,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -d -r1.1.2.1 -r1.1.2.2
--- ssl-client.c 2001/08/19 19:21:25 1.1.2.1
+++ ssl-client.c 2001/08/26 18:20:58 1.1.2.2
@@ -85,11 +85,10 @@
int sockfd = ncli_connect_socket(ncli, sslcd->hostname, sslcd->port);
SSL_CTX *ctx;
SSL *ssl;
- BIO *sbio;
- puts("Entered ssl_connect()");
+ ctx = SSL_CTX_new(SSLv3_client_method());
- ctx = SSL_CTX_new(SSLv3_method());
+ SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
ssl = SSL_new(ctx);
if (ssl == NULL) {
@@ -98,8 +97,7 @@
ERR_reason_error_string(ssl_err));
}
- sbio = BIO_new_socket(sockfd, BIO_NOCLOSE);
- SSL_set_bio(ssl, sbio, sbio);
+ SSL_set_fd(ssl, sockfd);
if (!SSL_connect(ssl)) {
long ssl_err = ERR_get_error();
@@ -108,13 +106,42 @@
ERR_reason_error_string(ssl_err));
}
-/* if (SSL_get_verify_result(ssl) != X509_V_OK) {
+/*
+ if (SSL_get_verify_result(ssl) != X509_V_OK) {
long ssl_err = ERR_get_error();
return ncli->error(ncli, "Could not verify certificate results: %s",
- ERR_reason_error_string(ssl_err));
- } */
+ ERR_reason_error_string(ssl_err));
+ }
+
+ server_cert = SSL_get_peer_certificate(ssl);
+ if (server_cert == NULL) {
+ long ssl_err = ERR_get_error();
+ return ncli->error(ncli, "Could not get peer certificate: %s",
+ ERR_reason_error_string(ssl_err));
+ }
+
+ str = X509_NAME_oneline (X509_get_subject_name (server_cert), 0, 0);
+ if (str == NULL) {
+ long ssl_err = ERR_get_error();
+ return ncli->error(ncli, "Could not get subject name from certificate: %s",
+ ERR_reason_error_string(ssl_err));
+ }
+ printf ("Certificate subject: %s\n", str);
+ free (str);
+ str = X509_NAME_oneline (X509_get_issuer_name (server_cert), 0, 0);
+ if (str == NULL) {
+ long ssl_err = ERR_get_error();
+ return ncli->error(ncli, "Could not get issuer name from certificate: %s",
+ ERR_reason_error_string(ssl_err));
+ }
+ printf ("Certificate issuer: %s\n", str);
+ free (str);
+
+ X509_free(server_cert);
+*/
+
sslcd->ssl = ssl;
return NCLI_SUCCESS;
@@ -140,12 +167,10 @@
SSL *ssl = sslcd->ssl;
int nread = 0;
- printf("ssl_read(%d)\n", len);
-
while (len > 0) {
int n = SSL_read(ssl, buf + nread, len);
- long ssl_err = SSL_get_error(ssl, nread);
+ long ssl_err = SSL_get_error(ssl, n);
if (ssl_err == SSL_ERROR_ZERO_RETURN)
break;
@@ -166,8 +191,6 @@
SSLCD sslcd = (SSLCD) ncli->client_data;
SSL *ssl = sslcd->ssl;
- printf("ssl_write(%d)\n", len);
-
while (len > 0) {
int n = SSL_write(ssl, buf, len);
@@ -188,7 +211,6 @@
int ssl_flush (NCLI ncli)
{
- SSLCD sslcd = (SSLCD) ncli->client_data;
return NCLI_SUCCESS;
}
|
