diff options
author | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2009-03-03 21:44:05 +0000 |
---|---|---|
committer | joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845> | 2009-03-03 21:44:05 +0000 |
commit | 1b0c8b1289932fede5539a8828b941b3c07a32b7 (patch) | |
tree | ea27c85ab31f9510fcaf743b4c829578b2d28fc8 /src/ne_session.h | |
parent | 321f16a3f2bd1a4d6125c44de581d296b43e3d2e (diff) | |
download | neon-1b0c8b1289932fede5539a8828b941b3c07a32b7.tar.gz |
Expose the cert verification failure case where a cert higher in the
validation chain is outside its validity-period; test cases and thanks
to Ludwig Nussel:
* src/ne_session.h (NE_SSL_BADCHAIN): New constant.
(NE_SSL_FAILMASK): Bumped up.
* src/ne_gnutls.c (check_certificate): Check validity period of all
certs in the chain; flag NE_SSL_BADCHAIN appropriately.
* src/ne_openssl.c (verify_cert): New function.
(check_certificate): Rely on failure bits collected via
verify_cert invocations.
(ne_ssl_context_create): Install verify_cert as OpenSSL
verify callback.
(ne__negotiate_ssl): Clear ctx->failures.
* test/makekeys.sh, test/openssl.conf: Create ca[1-3] with ca1, ca3
being expired and not-yet-valid respectively; create
ca[13]server.cert signed by these CAs.
* test/ssl.c (fail_ca_notyetvalid, fail_ca_expired): New test cases.
git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1641 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
Diffstat (limited to 'src/ne_session.h')
-rw-r--r-- | src/ne_session.h | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/ne_session.h b/src/ne_session.h index 1d52385..1a7e2df 100644 --- a/src/ne_session.h +++ b/src/ne_session.h @@ -1,6 +1,6 @@ /* HTTP session handling - Copyright (C) 1999-2008, Joe Orton <joe@manyfish.co.uk> + Copyright (C) 1999-2009, Joe Orton <joe@manyfish.co.uk> This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public @@ -218,11 +218,19 @@ void ne_set_notifier(ne_session *sess, ne_notify_status status, void *userdata); * not trusted: there is no indicatation the server is who they claim * to be: */ #define NE_SSL_UNTRUSTED (0x08) - -/* The bitmask of known failure bits: if (failures & ~NE_SSL_FAILMASK) - * is non-zero, an unrecognized failure is given, and the verification - * should be failed. */ -#define NE_SSL_FAILMASK (0x0f) +/* The certificate chain contained a certificate other than the server + * cert which failed verification for a reason other than lack of + * trust; for example, due to a CA cert being outside its validity + * period: */ +#define NE_SSL_BADCHAIN (0x10) +/* N.B.: 0x20 is reserved. */ + +/* For purposes of forwards-compatibility, the bitmask of all + * currently defined failure bits is given as NE_SSL_FAILMASK. If the + * expression (failures & ~NE_SSL_FAILMASK) is non-zero a failure type + * is present which the application does not recognize but must treat + * as a verification failure nonetheless. */ +#define NE_SSL_FAILMASK (0x1f) /* A callback which is used when server certificate verification is * needed. The reasons for verification failure are given in the |