gnustep/libs-base
0
0
Fork 0
mirror of https://github.com/gnustep/libs-base.git synced 2025-05-30 16:30:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

certificate authentication fixes

Browse source
This commit is contained in:
Richard Frith-Macdonald 2018-08-24 13:18:27 +01:00
parent cb0ea3fb6d
commit 1e4a2d7587
2 changed files with 28 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

8
ChangeLog
View file

@ -1,3 +1,11 @@
2018-08-24 Richard Frith-Macdonald <rfm@gnu.org>
* Source/GSTLS.m: Fixup for last modification ... still verify the
certificate (so we can find out who issued/owns it) even if we do
not have verification turned on ... the verification setting controls
whether we reject the connection. Also fixed off by one bug in
getting the issuer and owner distinguished names.
2018-08-13 Richard Frith-Macdonald <rfm@gnu.org>
* Source/GSTLS.m: Change behavior so that when acting as a server we

40
Source/GSTLS.m
View file

@ -1816,28 +1816,28 @@ retrieve_callback(gnutls_session_t session,
if (globalDebug > 1)
{
NSLog(@"%@ trying verify:\n%@", self, [self sessionInfo]);
}
ret = [self verify];
if (ret < 0)
{
if (globalDebug > 1 || (YES == shouldVerify && globalDebug > 0)
|| YES == [[opts objectForKey: GSTLSDebug] boolValue])
{
NSLog(@"%@ unable to verify SSL connection - %s",
self, gnutls_strerror(ret));
NSLog(@"%@ %@", self, [self sessionInfo]);
}
if (YES == shouldVerify)
{
NSLog(@"%@ before verify:\n%@", self, [self sessionInfo]);
}
else
{
NSLog(@"%@ do not verify:\n%@", self, [self sessionInfo]);
[self disconnect: NO];
}
}
if (YES == shouldVerify)
else
{
ret = [self verify];
if (ret < 0)
if (globalDebug > 1)
{
if (globalDebug > 0
|| YES == [[opts objectForKey: GSTLSDebug] boolValue])
{
NSLog(@"%@ unable to verify SSL connection - %s",
self, gnutls_strerror(ret));
NSLog(@"%@ %@", self, [self sessionInfo]);
}
[self disconnect: NO];
NSLog(@"%@ succeeded verify:\n%@", self, [self sessionInfo]);
}
}
return YES; // Handshake complete
@ -2221,14 +2221,14 @@ retrieve_callback(gnutls_session_t session,
/* Get certificate owner and issuer
*/
dn_size = sizeof(dn);
dn_size = sizeof(dn)-1;
gnutls_x509_crt_get_dn(cert, dn, &dn_size);
dn[dn_size - 1] = '\0';
dn[dn_size] = '\0';
ASSIGN(owner, [NSString stringWithUTF8String: dn]);
dn_size = sizeof(dn);
dn_size = sizeof(dn)-1;
gnutls_x509_crt_get_issuer_dn(cert, dn, &dn_size);
dn[dn_size - 1] = '\0';
dn[dn_size] = '\0';
ASSIGN(issuer, [NSString stringWithUTF8String: dn]);
}