mirror of
https://github.com/rkd77/elinks.git
synced 2024-12-04 14:46:47 -05:00
bug 1115: Check status after gnutls_certificate_verify_peers2
The deprecated gnutls_certificate_verify_peers function returns -1 if it fails, or a set of gnutls_certificate_status_t bits; each bit indicates some kind of problem, so the result is zero if the certificate is OK. The newer gnutls_certificate_verify_peers2 function returns -1 if it fails, or 0 if it succeeds; and writes the status bits via a pointer. When using that function, ELinks must check the status separately. Do that. Also, if GnuTLS is not being used, do not declare a status variable, because leaving it unused would break the debug build: /home/Kalle/src/elinks-0.13/src/network/ssl/socket.c: In function ‘ssl_want_read’: /home/Kalle/src/elinks-0.13/src/network/ssl/socket.c:87: error: unused variable ‘status’ /home/Kalle/src/elinks-0.13/src/network/ssl/socket.c: In function ‘ssl_connect’: /home/Kalle/src/elinks-0.13/src/network/ssl/socket.c:121: error: unused variable ‘status’
This commit is contained in:
parent
b228fe82ab
commit
2d8fd9cecf
@ -84,7 +84,9 @@ ssl_set_no_tls(struct socket *socket)
|
|||||||
static void
|
static void
|
||||||
ssl_want_read(struct socket *socket)
|
ssl_want_read(struct socket *socket)
|
||||||
{
|
{
|
||||||
|
#ifdef CONFIG_GNUTLS
|
||||||
unsigned int status;
|
unsigned int status;
|
||||||
|
#endif
|
||||||
|
|
||||||
if (socket->no_tls)
|
if (socket->no_tls)
|
||||||
ssl_set_no_tls(socket);
|
ssl_set_no_tls(socket);
|
||||||
@ -93,7 +95,8 @@ ssl_want_read(struct socket *socket)
|
|||||||
case SSL_ERROR_NONE:
|
case SSL_ERROR_NONE:
|
||||||
#ifdef CONFIG_GNUTLS
|
#ifdef CONFIG_GNUTLS
|
||||||
if (get_opt_bool("connection.ssl.cert_verify", NULL)
|
if (get_opt_bool("connection.ssl.cert_verify", NULL)
|
||||||
&& gnutls_certificate_verify_peers2(*((ssl_t *) socket->ssl), &status)) {
|
&& (gnutls_certificate_verify_peers2(*((ssl_t *) socket->ssl), &status)
|
||||||
|
|| status)) {
|
||||||
socket->ops->retry(socket, connection_state(S_SSL_ERROR));
|
socket->ops->retry(socket, connection_state(S_SSL_ERROR));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -118,7 +121,9 @@ int
|
|||||||
ssl_connect(struct socket *socket)
|
ssl_connect(struct socket *socket)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
#ifdef CONFIG_GNUTLS
|
||||||
unsigned int status;
|
unsigned int status;
|
||||||
|
#endif
|
||||||
|
|
||||||
if (init_ssl_connection(socket) == S_SSL_ERROR) {
|
if (init_ssl_connection(socket) == S_SSL_ERROR) {
|
||||||
socket->ops->done(socket, connection_state(S_SSL_ERROR));
|
socket->ops->done(socket, connection_state(S_SSL_ERROR));
|
||||||
@ -196,7 +201,8 @@ ssl_connect(struct socket *socket)
|
|||||||
if (!get_opt_bool("connection.ssl.cert_verify", NULL))
|
if (!get_opt_bool("connection.ssl.cert_verify", NULL))
|
||||||
break;
|
break;
|
||||||
|
|
||||||
if (!gnutls_certificate_verify_peers2(*((ssl_t *) socket->ssl), &status))
|
if (!gnutls_certificate_verify_peers2(*((ssl_t *) socket->ssl), &status)
|
||||||
|
&& !status)
|
||||||
#endif
|
#endif
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user