pike.git / lib / modules / SSL.pmod / Connection.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Connection.pike:196:    // in the second field.    Buffer hb_msg = Buffer();    hb_msg->add_int(HEARTBEAT_MESSAGE_request, 1);    hb_msg->add_int(16, 2);    int now = gethrtime();    hb_msg->add(heartbeat_encode->crypt(sprintf("%8c%8c", now, 0)));    // No padding.    return heartbeat_packet(hb_msg);   }    - // verify that a certificate chain is acceptable + // Verify that a certificate chain is acceptable   //   int verify_certificate_chain(array(string) certs)   { -  // do we need to verify the certificate chain? +  // Do we need to verify the certificate chain?    if(!context->verify_certificates)    return 1;    -  // if we're not requiring the certificate, and we don't provide one, +  // If we're not requiring the certificate, and we don't provide one,    // that should be okay.    if((context->auth_level < AUTHLEVEL_require) && !sizeof(certs))    return 1;    -  // a lack of certificates when we reqiure and must verify the +  // A lack of certificates when we reqiure and must verify the    // certificates is probably a failure. -  if(!certs || !sizeof(certs)) +  if(!sizeof(certs))    return 0;    -  +     // See if the issuer of the certificate is acceptable. This means    // the issuer of the certificate must be one of the authorities.    if(sizeof(context->authorities_cache))    {    string r=Standards.X509.decode_certificate(certs[-1])->issuer    ->get_der();    int issuer_known = 0;    foreach(context->authorities_cache, string c)    {    if(r == c) // we have a trusted issuer
pike.git/lib/modules/SSL.pmod/Connection.pike:246:       // ok, so we have a certificate chain whose client certificate is    // issued by an authority known to us.       // next we must verify the chain to see if the chain is unbroken       mapping result =    Standards.X509.verify_certificate_chain(certs,    context->trusted_issuers_cache,    context->require_trust); -  +     if(result->verified)    {    // This data isn't actually used internally.    session->cert_data = result;    return 1;    }       return 0;   }