16 |
|
|
17 |
|
|
18 |
extern char *home; |
extern char *home; |
19 |
extern opts_t opts; |
extern options_t opts; |
20 |
extern unsigned int flags; |
extern unsigned int flags; |
21 |
|
|
22 |
|
|
31 |
* accordingly. |
* accordingly. |
32 |
*/ |
*/ |
33 |
int |
int |
34 |
get_cert(conn_t * conn) |
get_cert(connection_t * conn) |
35 |
{ |
{ |
36 |
X509 *cert; |
X509 *cert; |
37 |
unsigned char md[EVP_MAX_MD_SIZE]; |
unsigned char md[EVP_MAX_MD_SIZE]; |
46 |
return ERROR_SSL; |
return ERROR_SSL; |
47 |
|
|
48 |
switch (check_cert(cert, md, &mdlen)) { |
switch (check_cert(cert, md, &mdlen)) { |
49 |
case SSL_CERT_NONEXISTENT: |
case CERT_NONE: |
50 |
print_cert(cert, md, &mdlen); |
print_cert(cert, md, &mdlen); |
51 |
if (flags & FLAG_DAEMON_MODE || |
if (flags & FLAG_DAEMON || |
52 |
write_cert(cert) == SSL_CERT_ACTION_REJECT) |
write_cert(cert) == CERT_ACTION_REJECT) |
53 |
goto abort; |
goto abort; |
54 |
break; |
break; |
55 |
case SSL_CERT_MISMATCH: |
case CERT_MISMATCH: |
56 |
print_cert(cert, md, &mdlen); |
print_cert(cert, md, &mdlen); |
57 |
if (flags & FLAG_DAEMON_MODE || |
if (flags & FLAG_DAEMON || |
58 |
mismatch_cert() == SSL_CERT_ACTION_ABORT) |
mismatch_cert() == CERT_ACTION_ABORT) |
59 |
goto abort; |
goto abort; |
60 |
break; |
break; |
61 |
case SSL_CERT_OK: |
case CERT_OK: |
62 |
if (opts.verbosity >= 1) |
if (opts.verbosity >= 1) |
63 |
print_cert(cert, md, &mdlen); |
print_cert(cert, md, &mdlen); |
64 |
} |
} |
85 |
unsigned char md[EVP_MAX_MD_SIZE]; |
unsigned char md[EVP_MAX_MD_SIZE]; |
86 |
unsigned int mdlen; |
unsigned int mdlen; |
87 |
|
|
88 |
r = SSL_CERT_NONEXISTENT; |
r = CERT_NONE; |
89 |
cert = NULL; |
cert = NULL; |
90 |
|
|
91 |
snprintf(certf, PATH_MAX, "%s/%s", home, PATHNAME_CERT_FILE); |
snprintf(certf, PATH_MAX, "%s/%s", home, PATHNAME_CERTS); |
92 |
if (!exists_file(certf)) |
if (!exists_file(certf)) |
93 |
return SSL_CERT_NONEXISTENT; |
return CERT_NONE; |
94 |
|
|
95 |
fd = fopen(certf, "r"); |
fd = fopen(certf, "r"); |
96 |
if (fd == NULL) |
if (fd == NULL) |
97 |
return ERROR_FILE_OPEN; |
return ERROR_FILEOPEN; |
98 |
|
|
99 |
while ((cert = PEM_read_X509(fd, &cert, NULL, NULL)) != NULL) { |
while ((cert = PEM_read_X509(fd, &cert, NULL, NULL)) != NULL) { |
100 |
if (X509_subject_name_cmp(cert, pcert) != 0 || |
if (X509_subject_name_cmp(cert, pcert) != 0 || |
106 |
continue; |
continue; |
107 |
|
|
108 |
if (memcmp(pmd, md, mdlen) != 0) { |
if (memcmp(pmd, md, mdlen) != 0) { |
109 |
r = SSL_CERT_MISMATCH; |
r = CERT_MISMATCH; |
110 |
break; |
break; |
111 |
} |
} |
112 |
r = SSL_CERT_OK; |
r = CERT_OK; |
113 |
break; |
break; |
114 |
} |
} |
115 |
|
|
161 |
} while (c != 'r' && c != 't' && c != 'p'); |
} while (c != 'r' && c != 't' && c != 'p'); |
162 |
|
|
163 |
if (c == 'r') |
if (c == 'r') |
164 |
return SSL_CERT_ACTION_REJECT; |
return CERT_ACTION_REJECT; |
165 |
else if (c == 't') |
else if (c == 't') |
166 |
return SSL_CERT_ACTION_ACCEPT; |
return CERT_ACTION_ACCEPT; |
167 |
|
|
168 |
snprintf(certf, PATH_MAX, "%s/%s", home, PATHNAME_CERT_FILE); |
snprintf(certf, PATH_MAX, "%s/%s", home, PATHNAME_CERTS); |
169 |
create_file(certf, S_IRUSR | S_IWUSR); |
create_file(certf, S_IRUSR | S_IWUSR); |
170 |
|
|
171 |
fd = fopen(certf, "a"); |
fd = fopen(certf, "a"); |
172 |
if (fd == NULL) |
if (fd == NULL) |
173 |
return SSL_CERT_ACTION_REJECT; |
return CERT_ACTION_REJECT; |
174 |
|
|
175 |
PEM_write_X509(fd, cert); |
PEM_write_X509(fd, cert); |
176 |
|
|
177 |
fclose(fd); |
fclose(fd); |
178 |
|
|
179 |
return SSL_CERT_ACTION_ACCEPT; |
return CERT_ACTION_ACCEPT; |
180 |
} |
} |
181 |
|
|
182 |
|
|
197 |
} while (c != 'y' && c != 'n'); |
} while (c != 'y' && c != 'n'); |
198 |
|
|
199 |
if (c == 'y') |
if (c == 'y') |
200 |
return SSL_CERT_ACTION_CONTINUE; |
return CERT_ACTION_CONTINUE; |
201 |
else |
else |
202 |
return SSL_CERT_ACTION_ABORT; |
return CERT_ACTION_ABORT; |
203 |
} |
} |
204 |
#endif /* SSL_TLS */ |
#endif /* SSL_TLS */ |