/**
* Check the transmitted client certs and a do NOT compare with client cert
* database
*/
static int verify_callback_noclientcert(int preverify_ok,
X509_STORE_CTX *ctx) {
char subject[STRLEN];
/* RATS: ignore */ /* buffer size is limited by STRLEN-1 */
X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), subject,
STRLEN-1);
if(!preverify_ok) {
if (!check_preverify(ctx)) {
goto reject;
}
}
return 1;
reject:
return 0;
}
/**
* Check the transmitted client certs and a compare with client cert database
*/
static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) {
char subject[STRLEN];
X509_OBJECT found_cert;
X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), subject, STRLEN-1);
if (!preverify_ok && !check_preverify(ctx))
return 0;
if (ctx->error_depth == 0 && X509_STORE_get_by_subject(ctx, X509_LU_X509, X509_get_subject_name(ctx->current_cert), &found_cert) != 1) {
LogError("%s: SSL connection rejected. No matching certificate found -- %s\n", prog, SSLERROR);
return 0;
}
return 1;
}
/**
* Check the transmitted client certs and a compare with client cert database
*/
static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) {
char subject[STRLEN];
X509_OBJECT found_cert;
/* RATS: ignore */ /* buffer size is limited by STRLEN */
X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), subject,
STRLEN-1);
if(!preverify_ok) {
if (!check_preverify(ctx)) {
goto reject;
}
}
if(ctx->error_depth==0 &&
X509_STORE_get_by_subject(ctx, X509_LU_X509,
X509_get_subject_name(ctx->current_cert),
&found_cert)!=1) {
handle_ssl_error("verify_callback()");
log("%s: verify_callback(): SSL connection rejected. No matching "
"certificate found.", prog);
goto reject;
}
return 1;
reject:
return 0;
}
