mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-21 03:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

In case of certificate verification failures include failure reason

Browse Source 
into the error message (openssl only)
This commit is contained in:
Ralf Haferkamp 2009-09-30 16:25:23 +00:00
parent efbc1dc746
commit 8fcdc29405
5 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libraries/libldap/ldap-tls.h
View File

@ -37,7 +37,7 @@ typedef tls_session *(TI_session_new)(tls_ctx *ctx, int is_server);
typedef int (TI_session_connect)(LDAP *ld, tls_session *s);
typedef int (TI_session_accept)(tls_session *s);
typedef int (TI_session_upflags)(Sockbuf *sb, tls_session *s, int rc);
typedef char *(TI_session_errmsg)(int rc, char *buf, size_t len );
typedef char *(TI_session_errmsg)(tls_session *s, int rc, char *buf, size_t len );
typedef int (TI_session_dn)(tls_session *sess, struct berval *dn);
typedef int (TI_session_chkhost)(LDAP *ld, tls_session *s, const char *name_in);
typedef int (TI_session_strength)(tls_session *sess);

4
libraries/libldap/tls2.c
View File

@ -376,7 +376,7 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
return 1;
}
msg = tls_imp->ti_session_errmsg( err, buf, sizeof(buf) );
msg = tls_imp->ti_session_errmsg( ssl, err, buf, sizeof(buf) );
if ( msg ) {
if ( ld->ld_error ) {
LDAP_FREE( ld->ld_error );
@ -438,7 +438,7 @@ ldap_pvt_tls_accept( Sockbuf *sb, void *ctx_arg )
if ( DebugTest( LDAP_DEBUG_ANY ) ) {
char buf[256], *msg;
msg = tls_imp->ti_session_errmsg( err, buf, sizeof(buf) );
msg = tls_imp->ti_session_errmsg( ssl, err, buf, sizeof(buf) );
Debug( LDAP_DEBUG_ANY,"TLS: can't accept: %s.\n",
msg ? msg : "(unknown)", 0, 0 );
}

2
libraries/libldap/tls_g.c
View File

@ -525,7 +525,7 @@ tlsg_session_upflags( Sockbuf *sb, tls_session *session, int rc )
}
static char *
tlsg_session_errmsg( int rc, char *buf, size_t len )
tlsg_session_errmsg( tls_session *sess, int rc, char *buf, size_t len )
{
return (char *)gnutls_strerror( rc );
}

2
libraries/libldap/tls_m.c
View File

@ -2013,7 +2013,7 @@ tlsm_session_upflags( Sockbuf *sb, tls_session *session, int rc )
}
static char *
tlsm_session_errmsg( int rc, char *buf, size_t len )
tlsm_session_errmsg( tls_session *sess, int rc, char *buf, size_t len )
{
int i;

15
libraries/libldap/tls_o.c
View File

@ -398,11 +398,22 @@ tlso_session_upflags( Sockbuf *sb, tls_session *sess, int rc )
}
static char *
tlso_session_errmsg( int rc, char *buf, size_t len )
tlso_session_errmsg( tls_session *sess, int rc, char *buf, size_t len )
{
char err[256] = "";
const char *certerr=NULL;
tlso_session *s = (tlso_session *)sess;
rc = ERR_peek_error();
if ( rc ) {
ERR_error_string_n( rc, buf, len );
ERR_error_string_n( rc, err, sizeof(err) );
if ( ( ERR_GET_LIB(rc) == ERR_LIB_SSL ) &&
( ERR_GET_REASON(rc) == SSL_R_CERTIFICATE_VERIFY_FAILED ) ) {
int certrc = SSL_get_verify_result(s);
certerr = (char *)X509_verify_cert_error_string(certrc);
}
snprintf(buf, len, "%s%s%s%s", err, certerr ? " (" :"",
certerr ? certerr : "", certerr ? ")" : "" );
return buf;
}
return NULL;