Swift
summaryrefslogtreecommitdiffstats
path: root/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'Swiften/TLS/OpenSSL/OpenSSLContext.cpp')
-rw-r--r--Swiften/TLS/OpenSSL/OpenSSLContext.cpp28
1 files changed, 26 insertions, 2 deletions
diff --git a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
index 6dd75d6..490a361 100644
--- a/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
+++ b/Swiften/TLS/OpenSSL/OpenSSLContext.cpp
@@ -281,14 +281,18 @@ static int verifyCallback(int preverifyOk, X509_STORE_CTX* ctx)
281 X509_NAME* issuerName = X509_get_issuer_name(errCert); 281 X509_NAME* issuerName = X509_get_issuer_name(errCert);
282 issuerString = X509_NAME_to_text(issuerName); 282 issuerString = X509_NAME_to_text(issuerName);
283 } 283 }
284 SWIFT_LOG(error) << "verifyCallback: verification error" << 284 SWIFT_LOG(error) << "verifyCallback: verification error " <<
285 X509_verify_cert_error_string(err) << " depth: " << 285 X509_verify_cert_error_string(err) << " depth: " <<
286 depth << " issuer: " << ((issuerString.length() > 0) ? issuerString : "<unknown>") << std::endl; 286 depth << " issuer: " << ((issuerString.length() > 0) ? issuerString : "<unknown>") << std::endl;
287 } else { 287 } else {
288 SWIFT_LOG(info) << "verifyCallback: SSL depth: " << depth << " Subject: " << 288 SWIFT_LOG(info) << "verifyCallback: SSL depth: " << depth << " Subject: " <<
289 ((subjectString.length() > 0) ? subjectString : "<>") << std::endl; 289 ((subjectString.length() > 0) ? subjectString : "<>") << std::endl;
290 } 290 }
291 return preverifyOk; 291 // Always return "OK", as check on verification status
292 // will be performed once TLS handshake has completed,
293 // by calling OpenSSLContext::getVerificationErrorTypeForResult() to
294 // get the value set via X509_STORE_CTX_set_error() above.
295 return 1;
292} 296}
293 297
294bool OpenSSLContext::configure(const TLSOptions &options) 298bool OpenSSLContext::configure(const TLSOptions &options)
@@ -746,13 +750,33 @@ bool OpenSSLContext::setDiffieHellmanParameters(const ByteArray& parametersInOpe
746 750
747std::vector<Certificate::ref> OpenSSLContext::getPeerCertificateChain() const { 751std::vector<Certificate::ref> OpenSSLContext::getPeerCertificateChain() const {
748 std::vector<Certificate::ref> result; 752 std::vector<Certificate::ref> result;
753
754 // When this context is a server, the peer (client) certificate
755 // is obtained via SSL_get_peer_certificate, and any other
756 // certificates set by the peer are available via SSL_get_peer_cert_chain.
757 // When this context is a client, all of the server's certificates are
758 // obtained using SSL_get_peer_cert_chain
759 if (mode_ == Mode::Server) {
760 auto cert = SSL_get_peer_certificate(handle_.get());
761 if (cert) {
762 // Do not need to copy the returned cert as SSL_get_peer_certificate
763 // increments the reference count on the certificate
764 std::shared_ptr<X509> x509Cert(cert, X509_free);
765 Certificate::ref cert = std::make_shared<OpenSSLCertificate>(x509Cert);
766 result.push_back(cert);
767 }
768 }
769
749 STACK_OF(X509)* chain = SSL_get_peer_cert_chain(handle_.get()); 770 STACK_OF(X509)* chain = SSL_get_peer_cert_chain(handle_.get());
750 for (int i = 0; i < sk_X509_num(chain); ++i) { 771 for (int i = 0; i < sk_X509_num(chain); ++i) {
772 // Here we do need to copy the returned cert, since SSL_get_peer_cert_chain
773 // does not increment the reference count on each certificate
751 std::shared_ptr<X509> x509Cert(X509_dup(sk_X509_value(chain, i)), X509_free); 774 std::shared_ptr<X509> x509Cert(X509_dup(sk_X509_value(chain, i)), X509_free);
752 775
753 Certificate::ref cert = std::make_shared<OpenSSLCertificate>(x509Cert); 776 Certificate::ref cert = std::make_shared<OpenSSLCertificate>(x509Cert);
754 result.push_back(cert); 777 result.push_back(cert);
755 } 778 }
779
756 return result; 780 return result;
757} 781}
758 782