Changeset 3b2edd6 in mod_gnutls


Ignore:
Timestamp:
Jan 16, 2020, 2:50:04 PM (7 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
master, proxy-ticket
Children:
e24e3bf9
Parents:
ee2854b
Message:

Use GnuTLS' certificate status text instead of hard-coded cases

gnutls_certificate_verification_status_print() replaces a bunch of
ifs.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_hooks.c

    ree2854b r3b2edd6  
    17911791    cur_time = apr_time_now();
    17921792
    1793     if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
     1793    if (status != 0) {
     1794        gnutls_datum_t errmsg;
     1795        gnutls_certificate_verification_status_print(
     1796            status, gnutls_certificate_type_get(ctxt->session),
     1797            &errmsg, 0);
    17941798        ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
    1795                 "GnuTLS: Could not find Signer for Peer Certificate");
    1796     }
    1797 
    1798     if (status & GNUTLS_CERT_SIGNER_NOT_CA) {
    1799         ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
    1800                 "GnuTLS: Peer's Certificate signer is not a CA");
    1801     }
    1802 
    1803     if (status & GNUTLS_CERT_INSECURE_ALGORITHM) {
    1804         ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
    1805                 "GnuTLS: Peer's Certificate is using insecure algorithms");
    1806     }
    1807 
    1808     if (status & GNUTLS_CERT_EXPIRED
    1809             || status & GNUTLS_CERT_NOT_ACTIVATED) {
    1810         ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
    1811                 "GnuTLS: Peer's Certificate signer is expired or not yet activated");
    1812     }
    1813 
    1814     if (status & GNUTLS_CERT_INVALID) {
    1815         ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
    1816                 "GnuTLS: Peer Certificate is invalid.");
    1817     } else if (status & GNUTLS_CERT_REVOKED) {
    1818         ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
    1819                 "GnuTLS: Peer Certificate is revoked.");
     1799                      "Client authentication failed: %s", errmsg.data);
     1800        gnutls_free(errmsg.data);
    18201801    }
    18211802
Note: See TracChangeset for help on using the changeset viewer.