* src/ne_session.c (ne__ssl_set_verify_err): Moved here...

* src/ne_openssl.c (verify_err): ... from here.
(check_certificate): Use it.

* src/ne_gnutls.c (check_certificate): Use it on verification failure.

* src/ne_private.h (ne__ssl_set_verify_err): Add prototype.


git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@955 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845

1 files changed, 27 insertions, 0 deletions

diff --git a/src/ne_session.c b/src/ne_session.c
index b30b424..2ffeca7 100644
--- a/src/ne_session.c
+++ b/src/ne_session.c
@@ -286,6 +286,33 @@ void ne_ssl_trust_cert(ne_session *sess, const ne_ssl_certificate *cert)
 #endif
 }
 
+#ifdef NE_HAVE_SSL
+void ne__ssl_set_verify_err(ne_session *sess, int failures)
+{
+    struct {
+	int bit;
+	const char *str;
+    } reasons[] = {
+	{ NE_SSL_NOTYETVALID, N_("certificate is not yet valid") },
+	{ NE_SSL_EXPIRED, N_("certificate has expired") },
+	{ NE_SSL_IDMISMATCH, N_("certificate issued for a different hostname") },
+	{ NE_SSL_UNTRUSTED, N_("issuer is not trusted") },
+	{ 0, NULL }
+    };
+    int n, flag = 0;
+
+    strcpy(sess->error, _("Server certificate verification failed: "));
+
+    for (n = 0; reasons[n].bit; n++) {
+	if (failures & reasons[n].bit) {
+	    if (flag) strncat(sess->error, ", ", sizeof sess->error);
+	    strncat(sess->error, _(reasons[n].str), sizeof sess->error);
+	    flag = 1;
+	}
+    }
+}
+#endif
+
 typedef void (*void_fn)(void);
 
 #define ADD_HOOK(hooks, fn, ud) add_hook(&(hooks), NULL, (void_fn)(fn), (ud))