summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDirk Engling <erdgeist@erdgeist.org>2016-04-15 16:34:21 +0200
committerDirk Engling <erdgeist@erdgeist.org>2016-04-15 16:34:21 +0200
commit8eeac2d7d208a8940bf917a4c4d8fcf27a167c9c (patch)
treef6e6d5770de84cd0ecd401dd471ab7122982214c
parentc5c4ee4d6a9aa5554ad29be79c4ee3e6bd79c70f (diff)
Fix last patch (that was committed blindly)
-rwxr-xr-xvchat-ssl.c25
1 files changed, 14 insertions, 11 deletions
diff --git a/vchat-ssl.c b/vchat-ssl.c
index b344d10..b052d84 100755
--- a/vchat-ssl.c
+++ b/vchat-ssl.c
@@ -168,7 +168,7 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
168 FILE *fingerprint_file = NULL; 168 FILE *fingerprint_file = NULL;
169 char * fp = fingerprint; 169 char * fp = fingerprint;
170 170
171 long result; 171 long result, j;
172 172
173 if( !ctx ) 173 if( !ctx )
174 return 1; 174 return 1;
@@ -220,7 +220,7 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
220 220
221 assert ( ( fingerprint_len > 1 ) && (fingerprint_len <= EVP_MAX_MD_SIZE )); 221 assert ( ( fingerprint_len > 1 ) && (fingerprint_len <= EVP_MAX_MD_SIZE ));
222 for (j=0; j<(int)fingerprint_len; j++) 222 for (j=0; j<(int)fingerprint_len; j++)
223 fp += sprintf(nf, "%02X:", fingerprint_bin[j]); 223 fp += sprintf(fp, "%02X:", fingerprint_bin[j]);
224 assert ( fp > fingerprint ); 224 assert ( fp > fingerprint );
225 fp[-1] = 0; 225 fp[-1] = 0;
226 snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT ] from server: %s", fingerprint); 226 snprintf(tmpstr, TMPSTRSIZE, "[SSL FINGERPRINT ] from server: %s", fingerprint);
@@ -229,16 +229,8 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
229 /* we don't need the peercert anymore */ 229 /* we don't need the peercert anymore */
230 X509_free(peercert); 230 X509_free(peercert);
231 231
232 /* If verify of x509 chain was requested, do the check here */
233 result = SSL_get_verify_result(sslp);
234 if (result != X509_V_OK && !getintoption(CF_IGNSSL) )
235 goto ssl_error;
236
237 if (result != X509_V_OK)
238 writecf(FS_ERR, "[SSL VERIFY ERROR ] FAILURE IGNORED!!!");
239
240 /* verify fingerprint */ 232 /* verify fingerprint */
241 if (getintoption(CF_PIN_FINGERPRINT)) { 233 if (getintoption(CF_PINFINGER)) {
242 234
243 fingerprint_file = fopen(tilde_expand(getstroption(CF_FINGERPRINT)), "r"); 235 fingerprint_file = fopen(tilde_expand(getstroption(CF_FINGERPRINT)), "r");
244 if (fingerprint_file) { 236 if (fingerprint_file) {
@@ -276,6 +268,17 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store )
276 return 0; 268 return 0;
277 } 269 }
278 270
271 /* If verify of x509 chain was requested, do the check here */
272 result = SSL_get_verify_result(sslp);
273
274 if (result == X509_V_OK)
275 return 0;
276
277 if (getintoption(CF_IGNSSL)) {
278 writecf(FS_ERR, "[SSL VERIFY ERROR ] FAILURE IGNORED!!!");
279 return 0;
280 }
281
279ssl_error: 282ssl_error:
280 snprintf(tmpstr, TMPSTRSIZE, "[SSL CONNECT ERROR] %s", ERR_error_string (ERR_get_error (), NULL)); 283 snprintf(tmpstr, TMPSTRSIZE, "[SSL CONNECT ERROR] %s", ERR_error_string (ERR_get_error (), NULL));
281 writecf(FS_ERR, tmpstr); 284 writecf(FS_ERR, tmpstr);