pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:256:    // ok, so we have a certificate chain whose client certificate is    // issued by an authority known to us.       // next we must verify the chain to see if the chain is unbroken       mapping result =    Standards.X509.verify_certificate_chain(certs,    context->trusted_issuers_cache,    context->require_trust);    +  // This data isn't actually used internally. +  session->cert_data = result; +     if(result->verified)    {    if (session->server_name) {    array(Standards.X509.TBSCertificate) certs =    [array(Standards.X509.TBSCertificate)](result->certificates);    Standards.X509.TBSCertificate cert = certs[-1];    array(string) globs = Standards.PKCS.Certificate.    decode_distinguished_name(cert->subject)->commonName - ({ 0 });    if (cert->ext_subjectAltName_dNSName) {    globs += cert->ext_subjectAltName_dNSName;    } -  result->server_name_verified = 0; -  foreach(globs, string g) { -  if (glob(g, session->server_name)) { -  result->server_name_verified = 1; -  break; +  result->verified = glob(globs, session->server_name);    } -  +  return [int(0..1)](result->verified);    } -  } -  // This data isn't actually used internally. -  session->cert_data = result; -  return 1; -  } +        return 0;   }      //! Do handshake processing. Type is one of HANDSHAKE_*, data is the   //! contents of the packet, and raw is the raw packet received (needed   //! for supporting SSLv2 hello messages).   //!   //! This function returns 0 if handshake is in progress, 1 if handshake   //! is finished, and -1 if a fatal error occurred. It uses the