annotate patches/0002-Add-CURLOPT_PEERCERT-option-to-pin-a-peer-cert.patch @ 1084:b8fb6bf7f980

(issue118) Add signature check for cinst.exe and mozilla.exe
author Andre Heinecke <andre.heinecke@intevation.de>
date Thu, 11 Sep 2014 15:17:39 +0200
parents 0570b1e562c2
children 93325618ac7b
rev   line source
998
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
1 From c57d951c3bda8b1ca66cac45dfd6270fa34b01d3 Mon Sep 17 00:00:00 2001
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
2 From: Andre Heinecke <aheinecke@intevation.de>
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
3 Date: Mon, 1 Sep 2014 16:55:40 +0200
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
4 Subject: [PATCH 2/3] Add CURLOPT_PEERCERT option to pin a peer cert
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
5
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
6 Only implemented for a specific usecase with polarssl
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
7 ---
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
8 include/curl/curl.h | 3 +++
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
9 include/curl/typecheck-gcc.h | 1 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
10 lib/url.c | 8 ++++++++
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
11 lib/urldata.h | 1 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
12 lib/vtls/polarssl.c | 42 ++++++++++++++++++++++++++++++++++++++++--
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
13 5 files changed, 53 insertions(+), 2 deletions(-)
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
14
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
15 diff --git a/include/curl/curl.h b/include/curl/curl.h
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
16 index d40b2db..20a9d82 100644
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
17 --- a/include/curl/curl.h
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
18 +++ b/include/curl/curl.h
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
19 @@ -1611,6 +1611,9 @@ typedef enum {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
20 /* Pass in a bitmask of "header options" */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
21 CINIT(HEADEROPT, LONG, 229),
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
22
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
23 + /* Peer certificate */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
24 + CINIT(PEERCERT, OBJECTPOINT, 230),
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
25 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
26 CURLOPT_LASTENTRY /* the last unused */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
27 } CURLoption;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
28
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
29 diff --git a/include/curl/typecheck-gcc.h b/include/curl/typecheck-gcc.h
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
30 index 69d41a2..241529d 100644
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
31 --- a/include/curl/typecheck-gcc.h
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
32 +++ b/include/curl/typecheck-gcc.h
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
33 @@ -258,6 +258,7 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
34 (option) == CURLOPT_SSH_PRIVATE_KEYFILE || \
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
35 (option) == CURLOPT_CRLFILE || \
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
36 (option) == CURLOPT_ISSUERCERT || \
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
37 + (option) == CURLOPT_PEERCERT || \
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
38 (option) == CURLOPT_SOCKS5_GSSAPI_SERVICE || \
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
39 (option) == CURLOPT_SSH_KNOWNHOSTS || \
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
40 (option) == CURLOPT_MAIL_FROM || \
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
41 diff --git a/lib/url.c b/lib/url.c
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
42 index 89c3fd5..b089cdf 100644
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
43 --- a/lib/url.c
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
44 +++ b/lib/url.c
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
45 @@ -2015,6 +2015,14 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
46 result = setstropt(&data->set.str[STRING_SSL_ISSUERCERT],
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
47 va_arg(param, char *));
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
48 break;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
49 + case CURLOPT_PEERCERT:
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
50 + /*
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
51 + * Set peer certificate file
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
52 + * to check peer certificate against
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
53 + */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
54 + result = setstropt(&data->set.str[STRING_SSL_PEERCERT],
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
55 + va_arg(param, char *));
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
56 + break;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
57 case CURLOPT_TELNETOPTIONS:
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
58 /*
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
59 * Set a linked list of telnet options
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
60 diff --git a/lib/urldata.h b/lib/urldata.h
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
61 index 8594c2f..a6dc1ae 100644
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
62 --- a/lib/urldata.h
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
63 +++ b/lib/urldata.h
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
64 @@ -1391,6 +1391,7 @@ enum dupstring {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
65 STRING_USERAGENT, /* User-Agent string */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
66 STRING_SSL_CRLFILE, /* crl file to check certificate */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
67 STRING_SSL_ISSUERCERT, /* issuer cert file to check certificate */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
68 + STRING_SSL_PEERCERT, /* issuer cert file to check certificate */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
69 STRING_USERNAME, /* <username>, if used */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
70 STRING_PASSWORD, /* <password>, if used */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
71 STRING_OPTIONS, /* <options>, if used */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
72 diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
73 index e18cadf..2c40e36 100644
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
74 --- a/lib/vtls/polarssl.c
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
75 +++ b/lib/vtls/polarssl.c
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
76 @@ -360,6 +360,7 @@ polarssl_connect_step2(struct connectdata *conn,
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
77 #ifdef HAS_ALPN
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
78 const char* next_protocol;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
79 #endif
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
80 + const x509_crt *peer_cert = NULL;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
81
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
82 char errorbuf[128];
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
83 memset(errorbuf, 0, sizeof(errorbuf));
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
84 @@ -419,12 +420,49 @@ polarssl_connect_step2(struct connectdata *conn,
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
85 return CURLE_PEER_FAILED_VERIFICATION;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
86 }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
87
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
88 - if(ssl_get_peer_cert(&(connssl->ssl))) {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
89 + peer_cert = ssl_get_peer_cert(&(connssl->ssl));
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
90 + if(peer_cert) {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
91 + if(data->set.str[STRING_SSL_PEERCERT]) {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
92 + x509_crt pinned_cert;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
93 + unsigned int i;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
94 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
95 + /* Handle pinned certificate */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
96 + x509_crt_init(&pinned_cert);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
97 + ret = x509_crt_parse_file(&pinned_cert,
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
98 + data->set.str[STRING_SSL_PEERCERT]);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
99 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
100 + if(ret) {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
101 +#ifdef POLARSSL_ERROR_C
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
102 + error_strerror(ret, errorbuf, sizeof(errorbuf));
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
103 +#endif /* POLARSSL_ERROR_C */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
104 + failf(data, "Error reading peer cert file %s - PolarSSL: (-0x%04X) %s",
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
105 + data->set.str[STRING_SSL_PEERCERT], -ret, errorbuf);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
106 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
107 + x509_crt_free(&pinned_cert);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
108 + return CURLE_PEER_FAILED_VERIFICATION;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
109 + }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
110 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
111 + if (peer_cert->raw.len == 0 ||
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
112 + peer_cert->raw.len != pinned_cert.raw.len) {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
113 + failf(data, "Error validating peer certificate. Size does "
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
114 + "not match the certificate set with PEERCERT option.\n");
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
115 + x509_crt_free(&pinned_cert);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
116 + return CURLE_PEER_FAILED_VERIFICATION;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
117 + }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
118 + for (i = 0; i < peer_cert->raw.len; i++) {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
119 + if (peer_cert->raw.p[i] != pinned_cert.raw.p[i]) {
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
120 + failf(data, "Error validating peer certificate. Does "
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
121 + "not match the certificate set with PEERCERT option.\n");
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
122 + return CURLE_PEER_FAILED_VERIFICATION;
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
123 + }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
124 + }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
125 + }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
126 +
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
127 /* If the session was resumed, there will be no peer certs */
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
128 memset(buffer, 0, sizeof(buffer));
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
129
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
130 if(x509_crt_info(buffer, sizeof(buffer), (char *)"* ",
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
131 - ssl_get_peer_cert(&(connssl->ssl))) != -1)
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
132 + peer_cert) != -1)
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
133 infof(data, "Dumping cert info:\n%s\n", buffer);
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
134 }
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
135
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
136 --
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
137 1.9.1
0570b1e562c2 (issue90) Add curl patches for the problems we had with curl.
Andre Heinecke <andre.heinecke@intevation.de>
parents:
diff changeset
138

http://wald.intevation.org/projects/trustbridge/