aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--ChangeLog8
-rw-r--r--url.c81
2 files changed, 10 insertions, 79 deletions
diff --git a/ChangeLog b/ChangeLog
index 658ddc8..bc2bd3f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2001-12-27 Hironori Sakamoto <hsaka@mth.biglobe.ne.jp>
+
+ * [w3m-dev 02753]
+ * url (ssl_verify_error_string): deleted
+ * url.c (openSSLHandle): use X509_verify_cert_error_string()
+
2001-12-27 Fumitoshi UKAI <ukai@debian.or.jp>
* [w3m-dev 02750] RFC2818 server identity check
@@ -1686,4 +1692,4 @@
* release-0-2-1
* import w3m-0.2.1
-$Id: ChangeLog,v 1.185 2001/12/26 18:46:33 ukai Exp $
+$Id: ChangeLog,v 1.186 2001/12/27 02:28:17 ukai Exp $
diff --git a/url.c b/url.c
index 2a835d3..cc971de 100644
--- a/url.c
+++ b/url.c
@@ -1,4 +1,4 @@
-/* $Id: url.c,v 1.25 2001/12/26 18:46:33 ukai Exp $ */
+/* $Id: url.c,v 1.26 2001/12/27 02:28:17 ukai Exp $ */
#include "fm.h"
#include <sys/types.h>
#include <sys/socket.h>
@@ -272,81 +272,6 @@ init_PRNG()
}
#endif /* SSLEAY_VERSION_NUMBER >= 0x00905100 */
-
-#ifdef USE_SSL_VERIFY
-static const char *
-ssl_verify_error_string(unsigned long verr)
-{
- /* see verify(1ssl) - we can't use ERR_error_string()? */
- switch (verr) {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- return "Unable to get issuer cert";
- case X509_V_ERR_UNABLE_TO_GET_CRL:
- return "Unable to get CRL";
- case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
- return "Unable to decrypt cert signature";
- case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
- return "Unable to decrypt CRL signature";
- case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
- return "Unable to decode issuer public key";
- case X509_V_ERR_CERT_SIGNATURE_FAILURE:
- return "Certificate signature failture";
- case X509_V_ERR_CRL_SIGNATURE_FAILURE:
- return "CRL signature failture";
- case X509_V_ERR_CERT_NOT_YET_VALID:
- return "Certificate not yet valid";
- case X509_V_ERR_CERT_HAS_EXPIRED:
- return "Certificate has expired";
- case X509_V_ERR_CRL_NOT_YET_VALID:
- return "CRL not yet valid";
- case X509_V_ERR_CRL_HAS_EXPIRED:
- return "CRL has expired";
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- return "Error in certificate Not Before: field";
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- return "Error in certificate Not After: field";
- case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
- return "Error in CRL Last Update: field";
- case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
- return "Error in CRL Next Update: field";
- case X509_V_ERR_OUT_OF_MEM:
- return "Out of memory";
- case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
- return "Depth zero self signed certificate";
- case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
- return "Self signed certificate in chain";
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
- return "Unable to get issuer certificate locally";
- case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
- return "Unable to verify leaf signature";
- case X509_V_ERR_CERT_CHAIN_TOO_LONG:
- return "Certificate chain too long";
- case X509_V_ERR_CERT_REVOKED:
- return "Certificate revoked";
- case X509_V_ERR_INVALID_CA:
- return "Invalid CA";
- case X509_V_ERR_PATH_LENGTH_EXCEEDED:
- return "Path length exceeded";
- case X509_V_ERR_INVALID_PURPOSE:
- return "Invalid purpose";
- case X509_V_ERR_CERT_UNTRUSTED:
- return "Certificate untrusted";
- case X509_V_ERR_CERT_REJECTED:
- return "Certificate rejected";
- case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
- return "Subject Issuer mismatch";
- case X509_V_ERR_AKID_SKID_MISMATCH:
- return "akid skid mismatch";
- case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
- return "akid issuer serial mismatch";
- case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
- return "Keyusage no certsign";
- default:
- return "unknown verification error";
- }
-}
-#endif
-
static SSL *
openSSLHandle(int sock, char *hostname)
{
@@ -470,10 +395,10 @@ openSSLHandle(int sock, char *hostname)
}
}
else {
- unsigned long verr;
+ long verr;
X509_free(x);
if ((verr = SSL_get_verify_result(handle)) != X509_V_OK) {
- const char *em = ssl_verify_error_string(verr);
+ const char *em = X509_verify_cert_error_string(verr);
if (accept_this_site
&& strcasecmp(accept_this_site->ptr, hostname) == 0)
ans = "y";