diff options
Diffstat (limited to 'url.c')
-rw-r--r-- | url.c | 81 |
1 files changed, 3 insertions, 78 deletions
@@ -1,4 +1,4 @@ -/* $Id: url.c,v 1.25 2001/12/26 18:46:33 ukai Exp $ */ +/* $Id: url.c,v 1.26 2001/12/27 02:28:17 ukai Exp $ */ #include "fm.h" #include <sys/types.h> #include <sys/socket.h> @@ -272,81 +272,6 @@ init_PRNG() } #endif /* SSLEAY_VERSION_NUMBER >= 0x00905100 */ - -#ifdef USE_SSL_VERIFY -static const char * -ssl_verify_error_string(unsigned long verr) -{ - /* see verify(1ssl) - we can't use ERR_error_string()? */ - switch (verr) { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - return "Unable to get issuer cert"; - case X509_V_ERR_UNABLE_TO_GET_CRL: - return "Unable to get CRL"; - case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: - return "Unable to decrypt cert signature"; - case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: - return "Unable to decrypt CRL signature"; - case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: - return "Unable to decode issuer public key"; - case X509_V_ERR_CERT_SIGNATURE_FAILURE: - return "Certificate signature failture"; - case X509_V_ERR_CRL_SIGNATURE_FAILURE: - return "CRL signature failture"; - case X509_V_ERR_CERT_NOT_YET_VALID: - return "Certificate not yet valid"; - case X509_V_ERR_CERT_HAS_EXPIRED: - return "Certificate has expired"; - case X509_V_ERR_CRL_NOT_YET_VALID: - return "CRL not yet valid"; - case X509_V_ERR_CRL_HAS_EXPIRED: - return "CRL has expired"; - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - return "Error in certificate Not Before: field"; - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - return "Error in certificate Not After: field"; - case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: - return "Error in CRL Last Update: field"; - case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: - return "Error in CRL Next Update: field"; - case X509_V_ERR_OUT_OF_MEM: - return "Out of memory"; - case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - return "Depth zero self signed certificate"; - case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: - return "Self signed certificate in chain"; - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - return "Unable to get issuer certificate locally"; - case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: - return "Unable to verify leaf signature"; - case X509_V_ERR_CERT_CHAIN_TOO_LONG: - return "Certificate chain too long"; - case X509_V_ERR_CERT_REVOKED: - return "Certificate revoked"; - case X509_V_ERR_INVALID_CA: - return "Invalid CA"; - case X509_V_ERR_PATH_LENGTH_EXCEEDED: - return "Path length exceeded"; - case X509_V_ERR_INVALID_PURPOSE: - return "Invalid purpose"; - case X509_V_ERR_CERT_UNTRUSTED: - return "Certificate untrusted"; - case X509_V_ERR_CERT_REJECTED: - return "Certificate rejected"; - case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: - return "Subject Issuer mismatch"; - case X509_V_ERR_AKID_SKID_MISMATCH: - return "akid skid mismatch"; - case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: - return "akid issuer serial mismatch"; - case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: - return "Keyusage no certsign"; - default: - return "unknown verification error"; - } -} -#endif - static SSL * openSSLHandle(int sock, char *hostname) { @@ -470,10 +395,10 @@ openSSLHandle(int sock, char *hostname) } } else { - unsigned long verr; + long verr; X509_free(x); if ((verr = SSL_get_verify_result(handle)) != X509_V_OK) { - const char *em = ssl_verify_error_string(verr); + const char *em = X509_verify_cert_error_string(verr); if (accept_this_site && strcasecmp(accept_this_site->ptr, hostname) == 0) ans = "y"; |