diff options
author | Insu Yun <wuninsu@gmail.com> | 2015-11-20 14:08:11 -0500 |
---|---|---|
committer | Alan Antonuk <alan.antonuk@gmail.com> | 2015-11-27 18:08:56 -0800 |
commit | 103ab6fc51da820978a96eb24c9d3e9bb5c6f871 (patch) | |
tree | 379feea8c8811f50e47fab156448dd21006c2372 /librabbitmq | |
parent | 2a12d8cc3f94e565a1adcdb308909cb232f08706 (diff) | |
download | rabbitmq-c-103ab6fc51da820978a96eb24c9d3e9bb5c6f871.tar.gz |
Lib: correctly check SSL connection
According to "https://www.openssl.org/docs/manmaster/ssl/SSL_get_verify_result.html",
to verify SSL connection result, SSL_get_verify_result() needs to be
called with SSL_get_peer_certificate(). In default mode, which
verify_peer and verify_hostname are activated, then there is no problem
because in verify_hostname, the existence of certificate is confirmed.
However, it is possible that the user want to verify_peer,
but not verify_host. In such case, it is not working as they wanted.
Because with invalid certificate, the attacker can bypass certificate validity check.
Diffstat (limited to 'librabbitmq')
-rw-r--r-- | librabbitmq/amqp_openssl.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/librabbitmq/amqp_openssl.c b/librabbitmq/amqp_openssl.c index 42c8f5b..32246b3 100644 --- a/librabbitmq/amqp_openssl.c +++ b/librabbitmq/amqp_openssl.c @@ -236,6 +236,16 @@ start_connect: } if (self->verify_peer) { + X509 *cert; + cert = SSL_get_peer_certificate(self->ssl); + if (!cert) { + self->internal_error = 0; + status = AMQP_STATUS_SSL_PEER_VERIFY_FAILED; + goto error_out3; + } + + X509_free(cert); + result = SSL_get_verify_result(self->ssl); if (X509_V_OK != result) { self->internal_error = result; |