static int ssl_verify_callback (void *data, int failures, const ne_ssl_certificate * cert) { GstNeonhttpSrc *src = GST_NEONHTTP_SRC (data); if ((failures & NE_SSL_UNTRUSTED) && src->accept_self_signed && !ne_ssl_cert_signedby (cert)) { GST_ELEMENT_INFO (src, RESOURCE, READ, (NULL), ("Accepting self-signed server certificate")); failures &= ~NE_SSL_UNTRUSTED; } if (failures & NE_SSL_NOTYETVALID) GST_ELEMENT_ERROR (src, RESOURCE, READ, (NULL), ("Server certificate not valid yet")); if (failures & NE_SSL_EXPIRED) GST_ELEMENT_ERROR (src, RESOURCE, READ, (NULL), ("Server certificate has expired")); if (failures & NE_SSL_IDMISMATCH) GST_ELEMENT_ERROR (src, RESOURCE, READ, (NULL), ("Server certificate doesn't match hostname")); if (failures & NE_SSL_UNTRUSTED) GST_ELEMENT_ERROR (src, RESOURCE, READ, (NULL), ("Server certificate signer not trusted")); GST_DEBUG_OBJECT (src, "failures: %d\n", failures); return failures; }
static int verify_sslcert(void *userdata, int failures, const ne_ssl_certificate *certificate) { char problem[LEN]; char buf[MAX(NE_SSL_DIGESTLEN, NE_ABUFSIZ)]; int ret = -1; const ne_ssl_certificate *cert = certificate; (void) userdata; memset( problem, 0, LEN ); while( cert ) { addSSLWarning( problem, "There are problems with the SSL certificate:\n", LEN ); if( failures & NE_SSL_NOTYETVALID ) { addSSLWarning( problem, " * The certificate is not yet valid.\n", LEN ); } if( failures & NE_SSL_EXPIRED ) { addSSLWarning( problem, " * The certificate has expired.\n", LEN ); } if( failures & NE_SSL_UNTRUSTED ) { addSSLWarning( problem, " * The certificate is not trusted!\n", LEN ); } if( failures & NE_SSL_IDMISMATCH ) { addSSLWarning( problem, " * The hostname for which the certificate was " "issued does not match the hostname of the server\n", LEN ); } if( failures & NE_SSL_BADCHAIN ) { addSSLWarning( problem, " * The certificate chain contained a certificate other than the server cert\n", LEN ); } if( failures & NE_SSL_REVOKED ) { addSSLWarning( problem, " * The server certificate has been revoked by the issuing authority.\n", LEN ); } if (ne_ssl_cert_digest(cert, buf) == 0) { addSSLWarning( problem, "Certificate fingerprint: ", LEN ); addSSLWarning( problem, buf, LEN ); addSSLWarning( problem, "\n", LEN ); } cert = ne_ssl_cert_signedby( cert ); } addSSLWarning( problem, "Do you want to accept the certificate chain anyway?\nAnswer yes to do so and take the risk: ", LEN ); if( _authcb ){ /* call the csync callback */ DEBUG_WEBDAV("Call the csync callback for SSL problems"); memset( buf, 0, NE_ABUFSIZ ); (*_authcb) ( problem, buf, NE_ABUFSIZ-1, 1, 0, NULL ); if( buf[0] == 'y' || buf[0] == 'Y') { ret = 0; } else { DEBUG_WEBDAV("Authentication callback replied %s", buf ); } } DEBUG_WEBDAV("## VERIFY_SSL CERT: %d", ret ); return ret; }