|
version 1.88, 2007/09/03 04:39:48
|
version 1.89, 2007/10/05 18:31:56
|
|
|
|
| #include <Pegasus/Common/Tracer.h> | #include <Pegasus/Common/Tracer.h> |
| #include <Pegasus/Common/FileSystem.h> | #include <Pegasus/Common/FileSystem.h> |
| #include <Pegasus/Common/MessageLoader.h> | #include <Pegasus/Common/MessageLoader.h> |
| #include <Pegasus/Common/AuditLogger.h> |
|
| | |
| #include "SSLContext.h" | #include "SSLContext.h" |
| #include "SSLContextRep.h" | #include "SSLContextRep.h" |
|
|
|
| int SSLCallback::verificationCallback(int preVerifyOk, X509_STORE_CTX* ctx) | int SSLCallback::verificationCallback(int preVerifyOk, X509_STORE_CTX* ctx) |
| { | { |
| PEG_METHOD_ENTER(TRC_SSL, "SSLCallback::callback()"); | PEG_METHOD_ENTER(TRC_SSL, "SSLCallback::callback()"); |
| |
|
| char buf[256]; | char buf[256]; |
| X509 *currentCert; | X509 *currentCert; |
| SSL *ssl; | SSL *ssl; |
|
|
|
| int revoked = -1; | int revoked = -1; |
| | |
| PEG_TRACE((TRC_SSL, Tracer::LEVEL4, | PEG_TRACE((TRC_SSL, Tracer::LEVEL4, |
| "--->SSL: Preverify Error %d", verifyError)); |
"--->SSL: Preverify result %d", preVerifyOk)); |
| | |
| // | // |
| // get the verification callback info specific to each SSL connection | // get the verification callback info specific to each SSL connection |
|
|
|
| // get the serial number of the certificate | // get the serial number of the certificate |
| // | // |
| long serialNumber = ASN1_INTEGER_get(X509_get_serialNumber(currentCert)); | long serialNumber = ASN1_INTEGER_get(X509_get_serialNumber(currentCert)); |
| char serialNumberString[32]; |
|
| sprintf(serialNumberString, "%lu", serialNumber); |
|
| | |
| // | // |
| // get the validity of the certificate | // get the validity of the certificate |
|
|
|
| "Certificate was not yet valid."); | "Certificate was not yet valid."); |
| | |
| X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_NOT_YET_VALID); | X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_NOT_YET_VALID); |
| |
|
| PEG_AUDIT_LOG(logCertificateBasedAuthentication( |
|
| issuerName, |
|
| subjectName, |
|
| serialNumberString, |
|
| exData->_rep->ipAddress, |
|
| false)); |
|
| } | } |
| | |
| // | // |
|
|
|
| // | // |
| if (exData->_rep->verifyCertificateCallback == NULL) | if (exData->_rep->verifyCertificateCallback == NULL) |
| { | { |
| PEG_AUDIT_LOG(logCertificateBasedAuthentication( |
PEG_METHOD_EXIT(); |
| issuerName, |
|
| subjectName, |
|
| serialNumberString, |
|
| exData->_rep->ipAddress, |
|
| preVerifyOk)); |
|
| |
|
| return preVerifyOk; | return preVerifyOk; |
| } | } |
| else | else |
|
|
|
| PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, | PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
| "--> SSL: _rep->verifyCertificateCallback() returned " | "--> SSL: _rep->verifyCertificateCallback() returned " |
| "X509_V_OK"); | "X509_V_OK"); |
| |
|
| PEG_AUDIT_LOG(logCertificateBasedAuthentication( |
|
| issuerName, |
|
| subjectName, |
|
| serialNumberString, |
|
| exData->_rep->ipAddress, |
|
| true)); |
|
| |
|
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return 1; | return 1; |
| } | } |
|
|
|
| "--> SSL: _rep->verifyCertificateCallback() returned error %d", | "--> SSL: _rep->verifyCertificateCallback() returned error %d", |
| exData->_rep->peerCertificate[0]->getErrorCode())); | exData->_rep->peerCertificate[0]->getErrorCode())); |
| | |
| PEG_AUDIT_LOG(logCertificateBasedAuthentication( |
|
| issuerName, |
|
| subjectName, |
|
| serialNumberString, |
|
| exData->_rep->ipAddress, |
|
| false)); |
|
| |
|
| PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
| return 0; | return 0; |
| } | } |
Return to
SSLContext.cpp
CVS log
Up to [Pegasus] / pegasus / src / Pegasus / Common