summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorh.sterling <h.sterling>2005-08-14 00:37:06 +0000
committerh.sterling <h.sterling>2005-08-14 00:37:06 +0000
commit4a1c2e179aa39244efd9c8fac0c0f446601628a8 (patch)
tree6fd4e00590f1ea08af201b0bab6db9b511895b61 /src
parent90298f0cbd3a26bae80f754591d0288f9de1dd97 (diff)
downloadtog-pegasus-4a1c2e179aa39244efd9c8fac0c0f446601628a8.zip
tog-pegasus-4a1c2e179aa39244efd9c8fac0c0f446601628a8.tar.gz
tog-pegasus-4a1c2e179aa39244efd9c8fac0c0f446601628a8.tar.xz
BUG#:4060
TITLE:cimserver crashes when sslClientVerificationMode set to required DESCRIPTION: Submit approved fix
Diffstat (limited to 'src')
-rw-r--r--src/Pegasus/Common/SSLContext.cpp33
1 files changed, 20 insertions, 13 deletions
diff --git a/src/Pegasus/Common/SSLContext.cpp b/src/Pegasus/Common/SSLContext.cpp
index 0bc50fb..5d34cb6 100644
--- a/src/Pegasus/Common/SSLContext.cpp
+++ b/src/Pegasus/Common/SSLContext.cpp
@@ -443,26 +443,33 @@ int SSLCallback::verificationCallback(int preVerifyOk, X509_STORE_CTX *ctx)
notBefore, notAfter, depth, errorCode, errorStr, preVerifyOk);
//
- // Call the application callback.
+ // Call the user-specified application callback if it is specified. If it is null, return OpenSSL's verification code.
// Note that the verification result does not automatically get set to X509_V_OK if the callback is successful.
// This is because OpenSSL retains the original default error in case we want to use it later.
// To set the error, we could use X509_STORE_CTX_set_error(ctx, verifyError); but there is no real benefit to doing that here.
//
- if (exData->_rep->verifyCertificateCallback(*exData->_rep->peerCertificate))
+ if (exData->_rep->verifyCertificateCallback == NULL)
{
- Tracer::trace(TRC_SSL, Tracer::LEVEL4,
- "--> SSL: _rep->verifyCertificateCallback() returned X509_V_OK");
+ return preVerifyOk;
- PEG_METHOD_EXIT();
- return 1;
- }
- else // verification failed, handshake will be immediately terminated
+ } else
{
- Tracer::trace(TRC_SSL, Tracer::LEVEL4,
- "--> SSL: _rep->verifyCertificateCallback() returned error %d", exData->_rep->peerCertificate->getErrorCode());
-
- PEG_METHOD_EXIT();
- return 0;
+ if (exData->_rep->verifyCertificateCallback(*exData->_rep->peerCertificate))
+ {
+ Tracer::trace(TRC_SSL, Tracer::LEVEL4,
+ "--> SSL: _rep->verifyCertificateCallback() returned X509_V_OK");
+
+ PEG_METHOD_EXIT();
+ return 1;
+ }
+ else // verification failed, handshake will be immediately terminated
+ {
+ Tracer::trace(TRC_SSL, Tracer::LEVEL4,
+ "--> SSL: _rep->verifyCertificateCallback() returned error %d", exData->_rep->peerCertificate->getErrorCode());
+
+ PEG_METHOD_EXIT();
+ return 0;
+ }
}
}