(file) Return to SSLContext.cpp CVS log (file) (dir) Up to [Pegasus] / pegasus / src / Pegasus / Common

Diff for /pegasus/src/Pegasus/Common/SSLContext.cpp between version 1.46 and 1.47

version 1.46, 2005/02/23 19:34:37 version 1.47, 2005/03/01 22:50:14
Line 206 
Line 206 
 // Callback function that is called by the OpenSSL library. This function // Callback function that is called by the OpenSSL library. This function
 // checks whether the certificate is listed in any of the CRL's // checks whether the certificate is listed in any of the CRL's
 // //
   // return 1 if revoked, 0 otherwise
   //
 int SSLCallback::verificationCRLCallback(int ok, X509_STORE_CTX *ctx, X509_STORE* sslCRLStore) int SSLCallback::verificationCRLCallback(int ok, X509_STORE_CTX *ctx, X509_STORE* sslCRLStore)
 { {
         PEG_METHOD_ENTER(TRC_SSL, "SSLCallback::verificationCRLCallback");         PEG_METHOD_ENTER(TRC_SSL, "SSLCallback::verificationCRLCallback");
Line 216 
Line 218 
     if (sslCRLStore == NULL)     if (sslCRLStore == NULL)
     {     {
         PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "---> SSL: CRL store is NULL");         PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "---> SSL: CRL store is NULL");
         return ok;          return 0;
     }     }
  
         //get the current certificate info         //get the current certificate info
Line 240 
Line 242 
  
         //initialize the CRL store         //initialize the CRL store
         X509_STORE_CTX crlStoreCtx;         X509_STORE_CTX crlStoreCtx;
         if (!X509_STORE_CTX_init(&crlStoreCtx, sslCRLStore, NULL, NULL))      X509_STORE_CTX_init(&crlStoreCtx, sslCRLStore, NULL, NULL);
         {  
                 //fail if a CRL store was specified but we cannot open it  
                 PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL2, "---> SSL: Error: Could not initialize CRL store context");  
                 return 0;  
         }  
  
         PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: Initialized CRL store");         PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: Initialized CRL store");
  
Line 254 
Line 251 
         if (X509_STORE_get_by_subject(&crlStoreCtx, X509_LU_CRL, issuerName, &obj) <= 0)         if (X509_STORE_get_by_subject(&crlStoreCtx, X509_LU_CRL, issuerName, &obj) <= 0)
         {         {
                 PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "---> SSL: No CRL by that issuer");                 PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "---> SSL: No CRL by that issuer");
                 return ok;          return 0;
         }         }
         X509_STORE_CTX_cleanup(&crlStoreCtx);         X509_STORE_CTX_cleanup(&crlStoreCtx);
  
Line 263 
Line 260 
         if (crl == NULL)         if (crl == NULL)
         {         {
                 PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: CRL is null");                 PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: CRL is null");
                 return ok;          return 0;
         } else         } else
         {         {
         PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: Found CRL by that issuer");         PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: Found CRL by that issuer");
Line 286 
Line 283 
                 {                 {
                         PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL2, "---> SSL: Certificate is revoked");                         PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL2, "---> SSL: Certificate is revoked");
                         X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);                         X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
                         return 0;              return 1;
                 }                 }
         }         }
  
         PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: Certificate is not revoked at this level");         PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "---> SSL: Certificate is not revoked at this level");
  
         PEG_METHOD_EXIT();         PEG_METHOD_EXIT();
     return ok;      return 0;
 } }
  
 // //
Line 332 
Line 329 
                 Tracer::trace(TRC_SSL, Tracer::LEVEL4,                 Tracer::trace(TRC_SSL, Tracer::LEVEL4,
                                           "--->SSL: No verification callback specified");                                           "--->SSL: No verification callback specified");
  
                 if (exData->_crlStore == NULL)          if (exData->_crlStore != NULL)
                 {  
                         PEG_METHOD_EXIT();  
                         return (preVerifyOk);  
                 } else  
                 {                 {
                         revoked = verificationCRLCallback(preVerifyOk,ctx,exData->_crlStore);                         revoked = verificationCRLCallback(preVerifyOk,ctx,exData->_crlStore);
                         Tracer::trace(TRC_SSL, Tracer::LEVEL4, "---> SSL: CRL callback returned %d", revoked);                         Tracer::trace(TRC_SSL, Tracer::LEVEL4, "---> SSL: CRL callback returned %d", revoked);
  
                         if (revoked == 0) //with the SSL callbacks '0' indicates failure              if (revoked) //with the SSL callbacks '0' indicates failure
                         {                         {
                                 PEG_METHOD_EXIT();                                 PEG_METHOD_EXIT();
                 return 0;                 return 0;
Line 352 
Line 345 
     //     //
         // Check to see if a CRL path is defined         // Check to see if a CRL path is defined
         //         //
         if (exData->_crlStore)      if (exData->_crlStore != NULL)
         {         {
         revoked = verificationCRLCallback(preVerifyOk,ctx,exData->_crlStore);         revoked = verificationCRLCallback(preVerifyOk,ctx,exData->_crlStore);
                 Tracer::trace(TRC_SSL, Tracer::LEVEL4, "---> SSL: CRL callback returned %d", revoked);                 Tracer::trace(TRC_SSL, Tracer::LEVEL4, "---> SSL: CRL callback returned %d", revoked);
  
                 if (revoked == 0) //with the SSL callbacks '0' indicates failure          if (revoked) //with the SSL callbacks '0' indicates failure
                 {                 {
                         PEG_METHOD_EXIT();                         PEG_METHOD_EXIT();
             return 0;             return 0;
                 }                 }
         }         }
  
       Tracer::trace(TRC_SSL, Tracer::LEVEL4, "---> SSL: CRL callback returned %d", revoked);
   
     //     //
     // get the current certificate     // get the current certificate
     //     //

Legend:
Removed from v.1.46  
changed lines
  Added in v.1.47
No CVS admin address has been configured
 Powered by
ViewCVS 0.9.2