version 1.88, 2007/09/03 04:39:48
|
version 1.89, 2007/10/05 18:31:56
|
|
|
#include <Pegasus/Common/Tracer.h> | #include <Pegasus/Common/Tracer.h> |
#include <Pegasus/Common/FileSystem.h> | #include <Pegasus/Common/FileSystem.h> |
#include <Pegasus/Common/MessageLoader.h> | #include <Pegasus/Common/MessageLoader.h> |
#include <Pegasus/Common/AuditLogger.h> |
|
| |
#include "SSLContext.h" | #include "SSLContext.h" |
#include "SSLContextRep.h" | #include "SSLContextRep.h" |
|
|
int SSLCallback::verificationCallback(int preVerifyOk, X509_STORE_CTX* ctx) | int SSLCallback::verificationCallback(int preVerifyOk, X509_STORE_CTX* ctx) |
{ | { |
PEG_METHOD_ENTER(TRC_SSL, "SSLCallback::callback()"); | PEG_METHOD_ENTER(TRC_SSL, "SSLCallback::callback()"); |
|
|
char buf[256]; | char buf[256]; |
X509 *currentCert; | X509 *currentCert; |
SSL *ssl; | SSL *ssl; |
|
|
int revoked = -1; | int revoked = -1; |
| |
PEG_TRACE((TRC_SSL, Tracer::LEVEL4, | PEG_TRACE((TRC_SSL, Tracer::LEVEL4, |
"--->SSL: Preverify Error %d", verifyError)); |
"--->SSL: Preverify result %d", preVerifyOk)); |
| |
// | // |
// get the verification callback info specific to each SSL connection | // get the verification callback info specific to each SSL connection |
|
|
// get the serial number of the certificate | // get the serial number of the certificate |
// | // |
long serialNumber = ASN1_INTEGER_get(X509_get_serialNumber(currentCert)); | long serialNumber = ASN1_INTEGER_get(X509_get_serialNumber(currentCert)); |
char serialNumberString[32]; |
|
sprintf(serialNumberString, "%lu", serialNumber); |
|
| |
// | // |
// get the validity of the certificate | // get the validity of the certificate |
|
|
"Certificate was not yet valid."); | "Certificate was not yet valid."); |
| |
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_NOT_YET_VALID); | X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_NOT_YET_VALID); |
|
|
PEG_AUDIT_LOG(logCertificateBasedAuthentication( |
|
issuerName, |
|
subjectName, |
|
serialNumberString, |
|
exData->_rep->ipAddress, |
|
false)); |
|
} | } |
| |
// | // |
|
|
// | // |
if (exData->_rep->verifyCertificateCallback == NULL) | if (exData->_rep->verifyCertificateCallback == NULL) |
{ | { |
PEG_AUDIT_LOG(logCertificateBasedAuthentication( |
PEG_METHOD_EXIT(); |
issuerName, |
|
subjectName, |
|
serialNumberString, |
|
exData->_rep->ipAddress, |
|
preVerifyOk)); |
|
|
|
return preVerifyOk; | return preVerifyOk; |
} | } |
else | else |
|
|
PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, | PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, |
"--> SSL: _rep->verifyCertificateCallback() returned " | "--> SSL: _rep->verifyCertificateCallback() returned " |
"X509_V_OK"); | "X509_V_OK"); |
|
|
PEG_AUDIT_LOG(logCertificateBasedAuthentication( |
|
issuerName, |
|
subjectName, |
|
serialNumberString, |
|
exData->_rep->ipAddress, |
|
true)); |
|
|
|
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return 1; | return 1; |
} | } |
|
|
"--> SSL: _rep->verifyCertificateCallback() returned error %d", | "--> SSL: _rep->verifyCertificateCallback() returned error %d", |
exData->_rep->peerCertificate[0]->getErrorCode())); | exData->_rep->peerCertificate[0]->getErrorCode())); |
| |
PEG_AUDIT_LOG(logCertificateBasedAuthentication( |
|
issuerName, |
|
subjectName, |
|
serialNumberString, |
|
exData->_rep->ipAddress, |
|
false)); |
|
|
|
PEG_METHOD_EXIT(); | PEG_METHOD_EXIT(); |
return 0; | return 0; |
} | } |