diff options
author | Michael Sweet <michael.r.sweet@gmail.com> | 2016-07-07 17:48:38 -0400 |
---|---|---|
committer | Michael Sweet <michael.r.sweet@gmail.com> | 2016-07-07 17:48:38 -0400 |
commit | 5004c056662cadbc10071f0717580047a6d99e2b (patch) | |
tree | 320f1c1c00a114089c2cd1aeaa9c8ac9a2510168 /backend/ipp.c | |
parent | c3355394bfb948b75a3da0ab996eace1699a3229 (diff) | |
download | cups-5004c056662cadbc10071f0717580047a6d99e2b.tar.gz |
Move TLS cert validation after the connection is finally established.
Diffstat (limited to 'backend/ipp.c')
-rw-r--r-- | backend/ipp.c | 85 |
1 files changed, 47 insertions, 38 deletions
diff --git a/backend/ipp.c b/backend/ipp.c index 4f1780c31..1ac2eea07 100644 --- a/backend/ipp.c +++ b/backend/ipp.c @@ -688,44 +688,6 @@ main(int argc, /* I - Number of command-line args */ 0, NULL); httpSetTimeout(http, 30.0, timeout_cb, NULL); - if (httpIsEncrypted(http)) - { - /* - * Validate TLS credentials... - */ - - cups_array_t *creds; /* TLS credentials */ - cups_array_t *lcreds = NULL; /* Loaded credentials */ - http_trust_t trust; /* Trust level */ - static const char *trusts[] = { NULL, "+cups-pki-invalid", "+cups-pki-changed", "+cups-pki-expired", NULL, "+cups-pki-unknown" }; - /* Trust keywords */ - - if (!httpCopyCredentials(http, &creds)) - { - trust = httpCredentialsGetTrust(creds, hostname); - - update_reasons(NULL, "-cups-pki-invalid,cups-pki-changed,cups-pki-expired,cups-pki-unknown"); - if (trusts[trust]) - { - update_reasons(NULL, trusts[trust]); - return (CUPS_BACKEND_STOP); - } - - if (httpLoadCredentials(NULL, &lcreds, hostname)) - { - /* - * Could not load the credentials, let's save the ones we have so we - * can detect changes... - */ - - httpSaveCredentials(NULL, creds, hostname); - } - - httpFreeCredentials(lcreds); - httpFreeCredentials(creds); - } - } - /* * See if the printer supports SNMP... */ @@ -856,6 +818,53 @@ main(int argc, /* I - Number of command-line args */ else if (!http) return (CUPS_BACKEND_FAILED); + if (httpIsEncrypted(http)) + { + /* + * Validate TLS credentials... + */ + + cups_array_t *creds; /* TLS credentials */ + cups_array_t *lcreds = NULL; /* Loaded credentials */ + http_trust_t trust; /* Trust level */ + static const char *trusts[] = { NULL, "+cups-pki-invalid", "+cups-pki-changed", "+cups-pki-expired", NULL, "+cups-pki-unknown" }; + /* Trust keywords */ + + fputs("DEBUG: Connection is encrypted.\n", stderr); + + if (!httpCopyCredentials(http, &creds)) + { + trust = httpCredentialsGetTrust(creds, hostname); + + fprintf(stderr, "DEBUG: trust=%d\n", (int)trust); + + update_reasons(NULL, "-cups-pki-invalid,cups-pki-changed,cups-pki-expired,cups-pki-unknown"); + if (trusts[trust]) + { + update_reasons(NULL, trusts[trust]); + return (CUPS_BACKEND_STOP); + } + + if (httpLoadCredentials(NULL, &lcreds, hostname)) + { + /* + * Could not load the credentials, let's save the ones we have so we + * can detect changes... + */ + + httpSaveCredentials(NULL, creds, hostname); + } + + httpFreeCredentials(lcreds); + httpFreeCredentials(creds); + } + else + { + update_reasons(NULL, "cups-pki-unknown"); + return (CUPS_BACKEND_STOP); + } + } + update_reasons(NULL, "-connecting-to-device"); _cupsLangPrintFilter(stderr, "INFO", _("Connected to printer.")); |