# HG changeset patch
# User Paul Aurich <paul@darkrain42.org>
# Date 1290312251 28800
# Node ID 36ed99e1ce1ee5119eed18850b2f13f2f666f080
# Parent  a812bd8f1e6cb9a649345754051c9543bdaee49b
ssl.core, context: Add ability to verify and continue, retrieve verification result

diff -r a812bd8f1e6c -r 36ed99e1ce1e src/context.c
--- a/src/context.c	Sat Nov 20 20:04:11 2010 -0800
+++ b/src/context.c	Sat Nov 20 20:04:11 2010 -0800
@@ -387,6 +387,11 @@
   return 1;
 }
 
+int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
+{
+   return 1;
+}
+
 /**
  * Set the handshake verify options.
  */
@@ -394,18 +399,22 @@
 {
   int i;
   int flag = 0;
+  int ignore_errors = 0;
   SSL_CTX *ctx = ctx_getcontext(L, 1);
   int max = lua_gettop(L);
   /* any flag? */
   if (max > 1) {
     for (i = 2; i <= max; i++) {
-      if (!set_verify_flag(luaL_checkstring(L, i), &flag)) {
+      const char *s = luaL_checkstring(L, i);
+      if (!strcmp(s, "continue")) {
+        ignore_errors = 1;
+      } else if (!set_verify_flag(s, &flag)) {
         lua_pushboolean(L, 0);
         lua_pushstring(L, "invalid verify option");
         return 2;
       }
     }
-    SSL_CTX_set_verify(ctx, flag, NULL);
+    SSL_CTX_set_verify(ctx, flag, ignore_errors ? verify_cb : NULL);
   }
   lua_pushboolean(L, 1);
   return 1;
diff -r a812bd8f1e6c -r 36ed99e1ce1e src/ssl.c
--- a/src/ssl.c	Sat Nov 20 20:04:11 2010 -0800
+++ b/src/ssl.c	Sat Nov 20 20:04:11 2010 -0800
@@ -376,6 +376,24 @@
 }
 
 /**
+ * Return the validation state of the peer chain
+ */
+static int meth_getpeerchainvalid(lua_State *L)
+{
+   p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection");
+   long result = SSL_get_verify_result(ssl->ssl);
+
+   if (result == X509_V_OK) {
+     lua_pushboolean(L, 1);
+     return 1;
+   }
+
+   lua_pushboolean(L, 0);
+   lua_pushstring(L, X509_verify_cert_error_string(result));
+   return 2;
+}
+
+/**
  * Return the peer certificate.
  */
 static int meth_getpeercertificate(lua_State *L)
@@ -448,6 +466,7 @@
   {"want",              meth_want},
   {"compression",       meth_compression},
   {"getpeercertificate",meth_getpeercertificate},
+  {"getpeerchainvalid", meth_getpeerchainvalid},
   {"getfinished",       meth_getfinished},
   {"getpeerfinished",   meth_getpeerfinished},
   {NULL,                NULL}