(file) Return to SSLContext.cpp CVS log (file) (dir) Up to [Pegasus] / pegasus / src / Pegasus / Common

Diff for /pegasus/src/Pegasus/Common/SSLContext.cpp between version 1.62 and 1.63

version 1.62, 2006/01/03 15:00:52 version 1.63, 2006/01/03 17:27:06
Line 415 
Line 415 
     //     //
     // Create the certificate object     // Create the certificate object
     //     //
     if (exData->_rep->peerCertificate != NULL)  
       //insert at the beginning of the array so that the peer certificate is first and the root CA is last
       exData->_rep->peerCertificate.insert(0, new SSLCertificateInfo(subjectName, issuerName, version, serialNumber,
           notBefore, notAfter, depth, errorCode, errorStr, preVerifyOk));
   
       PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL3, "Created SSLCertificateInfo");
   
       // NOT_YET_VALID checks do not work correctly on subsequent tries -- Bugzilla#4283
       // call this prior to calling the user-specified callback in case they want to override it
       if (errorCode == X509_V_OK && (CIMDateTime::getDifference(CIMDateTime::getCurrentDateTime(), notBefore) > 0))
     {     {
         //Delete an existing certificate object from a previous call.          PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "Certificate was not yet valid.");
         //SSL validates the certificate chain starting with the root CA and working down to the peer certificate.          X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_NOT_YET_VALID);
         //With this strategy, we end up with the peer certificate as the last certificate stored in the SSLCallbackInfo  
         //so we can retrieve the correct certificate info and username.  
         delete exData->_rep->peerCertificate;  
         exData->_rep->peerCertificate = NULL;  
     }     }
  
     exData->_rep->peerCertificate = new SSLCertificateInfo(subjectName, issuerName, version, serialNumber,  
         notBefore, notAfter, depth, errorCode, errorStr, preVerifyOk);  
   
     //     //
     // Call the user-specified application callback if it is specified.  If it is null, return OpenSSL's verification code.     // Call the user-specified application callback if it is specified.  If it is null, return OpenSSL's verification code.
     // Note that the verification result does not automatically get set to X509_V_OK if the callback is successful.     // Note that the verification result does not automatically get set to X509_V_OK if the callback is successful.
Line 440 
Line 442 
  
     } else     } else
     {     {
         if (exData->_rep->verifyCertificateCallback(*exData->_rep->peerCertificate))          if (exData->_rep->verifyCertificateCallback(*exData->_rep->peerCertificate[0]))
         {         {
                     Tracer::trace(TRC_SSL, Tracer::LEVEL4,                     Tracer::trace(TRC_SSL, Tracer::LEVEL4,
                 "--> SSL: _rep->verifyCertificateCallback() returned X509_V_OK");                 "--> SSL: _rep->verifyCertificateCallback() returned X509_V_OK");
Line 451 
Line 453 
         else // verification failed, handshake will be immediately terminated         else // verification failed, handshake will be immediately terminated
         {         {
             Tracer::trace(TRC_SSL, Tracer::LEVEL4,             Tracer::trace(TRC_SSL, Tracer::LEVEL4,
                 "--> SSL: _rep->verifyCertificateCallback() returned error %d", exData->_rep->peerCertificate->getErrorCode());                  "--> SSL: _rep->verifyCertificateCallback() returned error %d", exData->_rep->peerCertificate[0]->getErrorCode());
  
             PEG_METHOD_EXIT();             PEG_METHOD_EXIT();
             return 0;             return 0;
Line 1543 
Line 1545 
     _rep = new SSLCallbackInfoRep();     _rep = new SSLCallbackInfoRep();
     _rep->verifyCertificateCallback = verifyCert;     _rep->verifyCertificateCallback = verifyCert;
     _rep->crlStore = NULL;     _rep->crlStore = NULL;
     _rep->peerCertificate = NULL;  
 } }
  
 SSLCallbackInfo::SSLCallbackInfo(SSLCertificateVerifyFunction* verifyCert, X509_STORE* crlStore) SSLCallbackInfo::SSLCallbackInfo(SSLCertificateVerifyFunction* verifyCert, X509_STORE* crlStore)
Line 1551 
Line 1552 
     _rep = new SSLCallbackInfoRep();     _rep = new SSLCallbackInfoRep();
     _rep->verifyCertificateCallback = verifyCert;     _rep->verifyCertificateCallback = verifyCert;
     _rep->crlStore = crlStore;     _rep->crlStore = crlStore;
     _rep->peerCertificate = NULL;  
 } }
  
 SSLCallbackInfo::~SSLCallbackInfo() SSLCallbackInfo::~SSLCallbackInfo()
 { {
     if (_rep->peerCertificate)      PEG_METHOD_ENTER(TRC_SSL, "SSLCallbackInfo::~SSLCallbackInfo");
       for (Uint32 i = 0; i < _rep->peerCertificate.size(); i++)
     {     {
         delete _rep->peerCertificate;          delete _rep->peerCertificate[i];
     }     }
     delete _rep;     delete _rep;
       PEG_METHOD_EXIT();
 } }
  
 PEGASUS_NAMESPACE_END PEGASUS_NAMESPACE_END

Legend:
Removed from v.1.62  
changed lines
  Added in v.1.63
No CVS admin address has been configured
 Powered by
ViewCVS 0.9.2