Added a debug cert printing function.
This commit is contained in:
madmaxoft
parent
ef57133f9b
commit
16b3eae862
@ -64,7 +64,12 @@ int cSslContext::Initialize(bool a_IsClient, const SharedPtr<cCtrDrbgContext> &
|
|||||||
ssl_set_bio(&m_Ssl, ReceiveEncrypted, this, SendEncrypted, this);
|
ssl_set_bio(&m_Ssl, ReceiveEncrypted, this, SendEncrypted, this);
|
||||||
|
|
||||||
#ifdef _DEBUG
|
#ifdef _DEBUG
|
||||||
|
/*
|
||||||
|
// These functions allow us to debug SSL and certificate problems, but produce way too much output,
|
||||||
|
// so they're disabled until someone needs them
|
||||||
ssl_set_dbg(&m_Ssl, &SSLDebugMessage, this);
|
ssl_set_dbg(&m_Ssl, &SSLDebugMessage, this);
|
||||||
|
ssl_set_verify(&m_Ssl, &SSLVerifyCert, this);
|
||||||
|
*/
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
m_IsValid = true;
|
m_IsValid = true;
|
||||||
@ -174,6 +179,63 @@ int cSslContext::NotifyClose(void)
|
|||||||
|
|
||||||
LOGD("SSL (%d): %s", a_Level, Text.c_str());
|
LOGD("SSL (%d): %s", a_Level, Text.c_str());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
int cSslContext::SSLVerifyCert(void * a_This, x509_crt * a_Crt, int a_Depth, int * a_Flags)
|
||||||
|
{
|
||||||
|
char buf[1024];
|
||||||
|
UNUSED(a_This);
|
||||||
|
|
||||||
|
LOG("Verify requested for (Depth %d):", a_Depth);
|
||||||
|
x509_crt_info(buf, sizeof(buf) - 1, "", a_Crt);
|
||||||
|
LOG("%s", buf);
|
||||||
|
|
||||||
|
int Flags = *a_Flags;
|
||||||
|
if ((Flags & BADCERT_EXPIRED) != 0)
|
||||||
|
{
|
||||||
|
LOG(" ! server certificate has expired");
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((Flags & BADCERT_REVOKED) != 0)
|
||||||
|
{
|
||||||
|
LOG(" ! server certificate has been revoked");
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((Flags & BADCERT_CN_MISMATCH) != 0)
|
||||||
|
{
|
||||||
|
LOG(" ! CN mismatch");
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((Flags & BADCERT_NOT_TRUSTED) != 0)
|
||||||
|
{
|
||||||
|
LOG(" ! self-signed or not signed by a trusted CA");
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((Flags & BADCRL_NOT_TRUSTED) != 0)
|
||||||
|
{
|
||||||
|
LOG(" ! CRL not trusted");
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((Flags & BADCRL_EXPIRED) != 0)
|
||||||
|
{
|
||||||
|
LOG(" ! CRL expired");
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((Flags & BADCERT_OTHER) != 0)
|
||||||
|
{
|
||||||
|
LOG(" ! other (unknown) flag");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (Flags == 0)
|
||||||
|
{
|
||||||
|
LOG(" This certificate has no flags");
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
#endif // _DEBUG
|
#endif // _DEBUG
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -120,6 +120,9 @@ protected:
|
|||||||
#ifdef _DEBUG
|
#ifdef _DEBUG
|
||||||
/** The callback used by PolarSSL to output debug messages */
|
/** The callback used by PolarSSL to output debug messages */
|
||||||
static void SSLDebugMessage(void * a_UserParam, int a_Level, const char * a_Text);
|
static void SSLDebugMessage(void * a_UserParam, int a_Level, const char * a_Text);
|
||||||
|
|
||||||
|
/** The callback used by PolarSSL to log information on the cert chain */
|
||||||
|
static int SSLVerifyCert(void * a_This, x509_crt * a_Crt, int a_Depth, int * a_Flags);
|
||||||
#endif // _DEBUG
|
#endif // _DEBUG
|
||||||
|
|
||||||
/** Called when PolarSSL wants to read encrypted data. */
|
/** Called when PolarSSL wants to read encrypted data. */
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user