Sat, 20 Nov 2010 20:04:11 -0800
ssl.core, context: Add ability to verify and continue, retrieve verification result
src/context.c | file | annotate | diff | comparison | revisions | |
src/ssl.c | file | annotate | diff | comparison | revisions |
--- a/src/context.c Sat Nov 20 20:04:11 2010 -0800 +++ b/src/context.c Sat Nov 20 20:04:11 2010 -0800 @@ -387,6 +387,11 @@ return 1; } +int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) +{ + return 1; +} + /** * Set the handshake verify options. */ @@ -394,18 +399,22 @@ { int i; int flag = 0; + int ignore_errors = 0; SSL_CTX *ctx = ctx_getcontext(L, 1); int max = lua_gettop(L); /* any flag? */ if (max > 1) { for (i = 2; i <= max; i++) { - if (!set_verify_flag(luaL_checkstring(L, i), &flag)) { + const char *s = luaL_checkstring(L, i); + if (!strcmp(s, "continue")) { + ignore_errors = 1; + } else if (!set_verify_flag(s, &flag)) { lua_pushboolean(L, 0); lua_pushstring(L, "invalid verify option"); return 2; } } - SSL_CTX_set_verify(ctx, flag, NULL); + SSL_CTX_set_verify(ctx, flag, ignore_errors ? verify_cb : NULL); } lua_pushboolean(L, 1); return 1;
--- a/src/ssl.c Sat Nov 20 20:04:11 2010 -0800 +++ b/src/ssl.c Sat Nov 20 20:04:11 2010 -0800 @@ -376,6 +376,24 @@ } /** + * Return the validation state of the peer chain + */ +static int meth_getpeerchainvalid(lua_State *L) +{ + p_ssl ssl = (p_ssl)luaL_checkudata(L, 1, "SSL:Connection"); + long result = SSL_get_verify_result(ssl->ssl); + + if (result == X509_V_OK) { + lua_pushboolean(L, 1); + return 1; + } + + lua_pushboolean(L, 0); + lua_pushstring(L, X509_verify_cert_error_string(result)); + return 2; +} + +/** * Return the peer certificate. */ static int meth_getpeercertificate(lua_State *L) @@ -448,6 +466,7 @@ {"want", meth_want}, {"compression", meth_compression}, {"getpeercertificate",meth_getpeercertificate}, + {"getpeerchainvalid", meth_getpeerchainvalid}, {"getfinished", meth_getfinished}, {"getpeerfinished", meth_getpeerfinished}, {NULL, NULL}