You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by du...@apache.org on 2008/01/13 19:53:02 UTC

svn commit: r611625 - /webservices/axis2/trunk/c/src/core/transport/http/sender/ssl/ssl_utils.c

Author: dumindu
Date: Sun Jan 13 10:53:01 2008
New Revision: 611625

URL: http://svn.apache.org/viewvc?rev=611625&view=rev
Log:
Applying patch sent by Senaka for Jira issue AXIS2C-894.


Modified:
    webservices/axis2/trunk/c/src/core/transport/http/sender/ssl/ssl_utils.c

Modified: webservices/axis2/trunk/c/src/core/transport/http/sender/ssl/ssl_utils.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/src/core/transport/http/sender/ssl/ssl_utils.c?rev=611625&r1=611624&r2=611625&view=diff
==============================================================================
--- webservices/axis2/trunk/c/src/core/transport/http/sender/ssl/ssl_utils.c (original)
+++ webservices/axis2/trunk/c/src/core/transport/http/sender/ssl/ssl_utils.c Sun Jan 13 10:53:01 2008
@@ -133,11 +133,13 @@
     {
         return NULL;
     }
+
     sbio = BIO_new_socket(socket, BIO_NOCLOSE);
     if (!sbio)
     {
         return NULL;
     }
+
     SSL_set_bio(ssl, sbio, sbio);
     if (SSL_connect(ssl) <= 0)
     {
@@ -147,8 +149,45 @@
 
     if (SSL_get_verify_result(ssl) != X509_V_OK)
     {
-
         char sslerror[128]; /** error buffer must be at least 120 bytes long */
+        X509 *peer_cert = NULL;
+        X509_STORE *cert_store = NULL;
+        X509_NAME *peer_name = NULL;
+        X509_OBJECT *client_object = NULL;
+        X509 *client_cert = NULL;
+
+        peer_cert = SSL_get_peer_certificate(ssl);
+        if (peer_cert && peer_cert->cert_info)
+        {
+            peer_name = (peer_cert->cert_info)->subject;
+        }
+        cert_store = SSL_CTX_get_cert_store(ctx);
+        if (peer_name && cert_store)
+        {
+            client_object = X509_OBJECT_retrieve_by_subject(cert_store->objs,
+                                                            X509_LU_X509,
+                                                            peer_name);
+        }
+        if (client_object)
+        {
+            client_cert = (client_object->data).x509;
+            if (client_cert && 
+		(M_ASN1_BIT_STRING_cmp(client_cert->signature, 
+                                       peer_cert->signature) == 0))
+            {
+                if (peer_cert)
+                {
+                    X509_free(peer_cert);
+                }
+                AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI,
+                        "[ssl client] SSL certificate verified against peer");
+                return ssl;
+            }
+        }
+        if (peer_cert)
+        {
+            X509_free(peer_cert);
+        }
         ERR_error_string(SSL_get_verify_result(ssl), sslerror);
         AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
                         "[ssl client] SSL certificate verification failed (%s)",



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org