certificate authentication fixes

2025-05-29 16:01:38 +00:00 · 2018-08-24 13:18:27 +01:00 · 2018-08-24 13:18:27 +01:00 · 1e4a2d7587
commit 1e4a2d7587
parent cb0ea3fb6d
2 changed files with 28 additions and 20 deletions
--- a/Source/GSTLS.m
+++ b/Source/GSTLS.m
@ -1816,28 +1816,28 @@ retrieve_callback(gnutls_session_t session,

      if (globalDebug > 1)
        {
+          NSLog(@"%@ trying verify:\n%@", self, [self sessionInfo]);
+        }
+      ret = [self verify];
+      if (ret < 0)
+        {
+          if (globalDebug > 1 || (YES == shouldVerify && globalDebug > 0)
+            || YES == [[opts objectForKey: GSTLSDebug] boolValue])
+            {
+              NSLog(@"%@ unable to verify SSL connection - %s",
+                self, gnutls_strerror(ret));
+              NSLog(@"%@ %@", self, [self sessionInfo]);
+            }
          if (YES == shouldVerify)
            {
-              NSLog(@"%@ before verify:\n%@", self, [self sessionInfo]);
-            }
-          else
-            {
-              NSLog(@"%@ do not verify:\n%@", self, [self sessionInfo]);
+              [self disconnect: NO];
            }
        }
-      if (YES == shouldVerify)
+      else
        {
-          ret = [self verify];
-          if (ret < 0)
+          if (globalDebug > 1)
            {
-              if (globalDebug > 0
-                || YES == [[opts objectForKey: GSTLSDebug] boolValue])
-                {
-                  NSLog(@"%@ unable to verify SSL connection - %s",
-                    self, gnutls_strerror(ret));
-                  NSLog(@"%@ %@", self, [self sessionInfo]);
-                }
-              [self disconnect: NO];
+              NSLog(@"%@ succeeded verify:\n%@", self, [self sessionInfo]);
            }
        }
      return YES;       // Handshake complete
@ -2221,14 +2221,14 @@ retrieve_callback(gnutls_session_t session,

      /* Get certificate owner and issuer
       */
-      dn_size = sizeof(dn);
+      dn_size = sizeof(dn)-1;
      gnutls_x509_crt_get_dn(cert, dn, &dn_size);
-      dn[dn_size - 1] = '\0';
+      dn[dn_size] = '\0';
      ASSIGN(owner, [NSString stringWithUTF8String: dn]);
      
-      dn_size = sizeof(dn);
+      dn_size = sizeof(dn)-1;
      gnutls_x509_crt_get_issuer_dn(cert, dn, &dn_size);
-      dn[dn_size - 1] = '\0';
+      dn[dn_size] = '\0';
      ASSIGN(issuer, [NSString stringWithUTF8String: dn]);
    }