static int do_decrypt(EVP_CIPHER_CTX* aes256, pubnub_bymebl_t data, uint8_t const* key, uint8_t const* iv, pubnub_bymebl_t *msg) { int len = 0; if (!EVP_DecryptInit_ex(aes256, EVP_aes_256_cbc(), NULL, key, iv)) { ERR_print_errors_cb(print_to_pubnub_log, NULL); PUBNUB_LOG_ERROR("Failed to initialize AES-256 decryption\n"); return -1; } if (!EVP_DecryptUpdate(aes256, msg->ptr, &len, data.ptr, data.size)) { ERR_print_errors_cb(print_to_pubnub_log, NULL); PUBNUB_LOG_ERROR("Failed to AES-256 decrypt the mesage\n"); return -1; } msg->size = len; if (!EVP_DecryptFinal_ex(aes256, msg->ptr + len, &len)) { ERR_print_errors_cb(print_to_pubnub_log, NULL); PUBNUB_LOG_ERROR("Failed to finalize AES-256 decryption\n"); return -1; } msg->size += len; return 0; }
static int add_pem_cert(SSL_CTX *sslCtx, char const* pem_cert) { X509 *cert; BIO *mem = BIO_new(BIO_s_mem()); if (NULL == mem) { PUBNUB_LOG_ERROR("SSL_CTX=%p: Failed BIO_new for PEM certificate\n", sslCtx); return -1; } BIO_puts(mem, pem_cert); cert = PEM_read_bio_X509(mem, NULL, 0, NULL); BIO_free(mem); if (NULL == cert) { ERR_print_errors_cb(print_to_pubnub_log, NULL); PUBNUB_LOG_ERROR("SSL_CTX=%p: Failed to read PEM certificate\n", sslCtx); return -1; } if (0 == X509_STORE_add_cert(SSL_CTX_get_cert_store(sslCtx), cert)) { ERR_print_errors_cb(print_to_pubnub_log, NULL); PUBNUB_LOG_ERROR("SSL_CTX=%p: Failed to add PEM certificate\n", sslCtx); X509_free(cert); return -1; } X509_free(cert); return 0; }
Profile(const std::string& profilename, ConfigTag* tag) : name(profilename) , dh(ServerInstance->Config->Paths.PrependConfig(tag->getString("dhfile", "dh.pem"))) , ctx(SSL_CTX_new(SSLv23_server_method())) , clictx(SSL_CTX_new(SSLv23_client_method())) { if ((!ctx.SetDH(dh)) || (!clictx.SetDH(dh))) throw Exception("Couldn't set DH parameters"); std::string hash = tag->getString("hash", "md5"); digest = EVP_get_digestbyname(hash.c_str()); if (digest == NULL) throw Exception("Unknown hash type " + hash); std::string ciphers = tag->getString("ciphers"); if (!ciphers.empty()) { if ((!ctx.SetCiphers(ciphers)) || (!clictx.SetCiphers(ciphers))) { ERR_print_errors_cb(error_callback, this); throw Exception("Can't set cipher list to \"" + ciphers + "\" " + lasterr); } } /* Load our keys and certificates * NOTE: OpenSSL's error logging API sucks, don't blame us for this clusterfuck. */ std::string filename = ServerInstance->Config->Paths.PrependConfig(tag->getString("certfile", "cert.pem")); if ((!ctx.SetCerts(filename)) || (!clictx.SetCerts(filename))) { ERR_print_errors_cb(error_callback, this); throw Exception("Can't read certificate file: " + lasterr); } filename = ServerInstance->Config->Paths.PrependConfig(tag->getString("keyfile", "key.pem")); if ((!ctx.SetPrivateKey(filename)) || (!clictx.SetPrivateKey(filename))) { ERR_print_errors_cb(error_callback, this); throw Exception("Can't read key file: " + lasterr); } // Load the CAs we trust filename = ServerInstance->Config->Paths.PrependConfig(tag->getString("cafile", "ca.pem")); if ((!ctx.SetCA(filename)) || (!clictx.SetCA(filename))) { ERR_print_errors_cb(error_callback, this); ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Can't read CA list from %s. This is only a problem if you want to verify client certificates, otherwise it's safe to ignore this message. Error: %s", filename.c_str(), lasterr.c_str()); } }
static enum pbpal_resolv_n_connect_result resolv_and_connect_wout_SSL(pubnub_t *pb) { PUBNUB_LOG_TRACE("resolv_and_connect_wout_SSL\n"); if (NULL == pb->pal.socket) { char const*origin = PUBNUB_ORIGIN_SETTABLE ? pb->origin : PUBNUB_ORIGIN; PUBNUB_LOG_TRACE("pb=%p: Don't have BIO\n", pb); pb->pal.socket = BIO_new_connect((char*)origin); } if (NULL == pb->pal.socket) { return pbpal_resolv_resource_failure; } BIO_set_conn_port(pb->pal.socket, "http"); BIO_set_nbio(pb->pal.socket, !pb->options.use_blocking_io); WATCH_ENUM(pb->options.use_blocking_io); if (BIO_do_connect(pb->pal.socket) <= 0) { if (BIO_should_retry(pb->pal.socket)) { return pbpal_connect_wouldblock; } ERR_print_errors_cb(print_to_pubnub_log, NULL); PUBNUB_LOG_ERROR("BIO_do_connect failed\n"); return pbpal_connect_failed; } PUBNUB_LOG_TRACE("pb=%p: BIO connected\n", pb); { int fd = BIO_get_fd(pb->pal.socket, NULL); socket_set_rcv_timeout(fd, pb->transaction_timeout_ms); } return pbpal_connect_success; }
static void finalize(int success) { if (success) ERR_clear_error(); else ERR_print_errors_cb(openssl_error_cb, NULL); }
int UI_process(UI *ui) { int i, ok = 0; if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui)) return -1; if (ui->flags & UI_FLAG_PRINT_ERRORS) ERR_print_errors_cb( (int (*)(const char *, size_t, void *)) print_error, (void *)ui); for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { if (ui->meth->ui_write_string && !ui->meth->ui_write_string(ui, sk_UI_STRING_value(ui->strings, i))) { ok = -1; goto err; } } if (ui->meth->ui_flush) switch (ui->meth->ui_flush(ui)) { case -1: /* Interrupt/Cancel/something... */ ok = -2; goto err; case 0: /* Errors */ ok = -1; goto err; default: /* Success */ ok = 0; break; } for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { if (ui->meth->ui_read_string) { switch (ui->meth->ui_read_string(ui, sk_UI_STRING_value(ui->strings, i))) { case -1: /* Interrupt/Cancel/something... */ ui->flags &= ~UI_FLAG_REDOABLE; ok = -2; goto err; case 0: /* Errors */ ok = -1; goto err; default: /* Success */ ok = 0; break; } } } err: if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui)) return -1; return ok; }
void ERR_print_errors_fp(FILE *fp) { BIO *bio = BIO_new_fp(fp, BIO_NOCLOSE); if (bio == NULL) return; ERR_print_errors_cb(print_bio, bio); BIO_free(bio); }
static int handshake( PCLIENT pc ) { struct ssl_session *ses = pc->ssl_session; if (!SSL_is_init_finished(ses->ssl)) { int r; lprintf( "doing handshake...." ); /* NOT INITIALISED */ r = SSL_do_handshake(ses->ssl); lprintf( "handle data posted to SSL? %d", r ); if( r == 0 ) { ERR_print_errors_cb( logerr, (void*)__LINE__ ); r = SSL_get_error( ses->ssl, r ); ERR_print_errors_cb( logerr, (void*)__LINE__ ); lprintf( "SSL_Read failed... %d", r ); return -1; } if (r < 0) { r = SSL_get_error(ses->ssl, r); if( SSL_ERROR_SSL == r ) { lprintf( "SSL_Read failed... %d", r ); ERR_print_errors_cb( logerr, (void*)__LINE__ ); return -1; } if (SSL_ERROR_WANT_READ == r) { int pending = BIO_ctrl_pending( ses->wbio); if (pending > 0) { int read; if( pending > ses->obuflen ) { if( ses->obuffer ) Deallocate( uint8_t *, ses->obuffer ); ses->obuffer = NewArray( uint8_t, ses->obuflen = pending*2 ); } read = BIO_read(ses->wbio, ses->obuffer, pending); lprintf( "send %d for handshake", read ); if (read > 0) SendTCP( pc, ses->obuffer, read ); }
static void log_message(int level, const char *fmt, ...) { va_list ap; va_start(ap, fmt); # ifdef OCSP_DAEMON if (multi) { char buf[1024]; if (vsnprintf(buf, sizeof(buf), fmt, ap) > 0) { syslog(level, "%s", buf); } if (level >= LOG_ERR) ERR_print_errors_cb(print_syslog, &level); } # endif if (!multi) { BIO_printf(bio_err, "%s: ", prog); BIO_vprintf(bio_err, fmt, ap); BIO_printf(bio_err, "\n"); } va_end(ap); }
void my_ERR_print_errors_fp(FILE *fp) { ERR_print_errors_cb(my_print_fp, fp); }
int UI_process(UI *ui) { int i, ok = 0; const char *state = "processing"; if (ui->meth->ui_open_session != NULL && ui->meth->ui_open_session(ui) <= 0) { state = "opening session"; ok = -1; goto err; } if (ui->flags & UI_FLAG_PRINT_ERRORS) ERR_print_errors_cb((int (*)(const char *, size_t, void *)) print_error, (void *)ui); for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { if (ui->meth->ui_write_string != NULL && (ui->meth->ui_write_string(ui, sk_UI_STRING_value(ui->strings, i)) <= 0)) { state = "writing strings"; ok = -1; goto err; } } if (ui->meth->ui_flush != NULL) switch (ui->meth->ui_flush(ui)) { case -1: /* Interrupt/Cancel/something... */ ok = -2; goto err; case 0: /* Errors */ state = "flushing"; ok = -1; goto err; default: /* Success */ ok = 0; break; } for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { if (ui->meth->ui_read_string != NULL) { switch (ui->meth->ui_read_string(ui, sk_UI_STRING_value(ui->strings, i))) { case -1: /* Interrupt/Cancel/something... */ ok = -2; goto err; case 0: /* Errors */ state = "reading strings"; ok = -1; goto err; default: /* Success */ ok = 0; break; } } } state = NULL; err: if (ui->meth->ui_close_session != NULL && ui->meth->ui_close_session(ui) <= 0) { if (state == NULL) state = "closing session"; ok = -1; } if (ok == -1) { UIerr(UI_F_UI_PROCESS, UI_R_PROCESSING_ERROR); ERR_add_error_data(2, "while ", state); } return ok; }
static void openssl_poll (GstDtlsConnection * self) { int ret; int error; log_state (self, "poll: before handshake"); ERR_clear_error (); ret = SSL_do_handshake (self->priv->ssl); log_state (self, "poll: after handshake"); switch (ret) { case 1: if (!self->priv->keys_exported) { GST_INFO_OBJECT (self, "handshake just completed successfully, exporting keys"); export_srtp_keys (self); } else { GST_INFO_OBJECT (self, "handshake is completed"); } return; case 0: GST_DEBUG_OBJECT (self, "do_handshake encountered EOF"); break; case -1: GST_DEBUG_OBJECT (self, "do_handshake encountered BIO error"); break; default: GST_DEBUG_OBJECT (self, "do_handshake returned %d", ret); } error = SSL_get_error (self->priv->ssl, ret); switch (error) { case SSL_ERROR_NONE: GST_WARNING_OBJECT (self, "no error, handshake should be done"); break; case SSL_ERROR_SSL: GST_ERROR_OBJECT (self, "SSL error"); ERR_print_errors_cb (ssl_err_cb, self); return; case SSL_ERROR_WANT_READ: GST_LOG_OBJECT (self, "SSL wants read"); break; case SSL_ERROR_WANT_WRITE: GST_LOG_OBJECT (self, "SSL wants write"); break; case SSL_ERROR_SYSCALL:{ gchar message[1024] = "<unknown>"; gint syserror; #ifdef G_OS_WIN32 syserror = WSAGetLastError (); FormatMessage (FORMAT_MESSAGE_FROM_SYSTEM, NULL, syserror, 0, message, sizeof message, NULL); #else syserror = errno; strerror_r (syserror, message, sizeof message); #endif GST_CAT_LEVEL_LOG (GST_CAT_DEFAULT, syserror != 0 ? GST_LEVEL_WARNING : GST_LEVEL_LOG, self, "SSL syscall error: errno %d: %s", syserror, message); break; } default: GST_WARNING_OBJECT (self, "Unknown SSL error: %d, ret: %d", error, ret); } ERR_print_errors_cb (ssl_warn_cb, self); }
enum pbpal_resolv_n_connect_result pbpal_resolv_and_connect(pubnub_t *pb) { SSL *ssl = NULL; int rslt; char const* origin = PUBNUB_ORIGIN_SETTABLE ? pb->origin : PUBNUB_ORIGIN; PUBNUB_ASSERT(pb_valid_ctx_ptr(pb)); PUBNUB_ASSERT_OPT((pb->state == PBS_READY) || (pb->state == PBS_WAIT_CONNECT)); if (!pb->options.useSSL) { return resolv_and_connect_wout_SSL(pb); } if (NULL == pb->pal.ctx) { PUBNUB_LOG_TRACE("pb=%p: Don't have SSL_CTX\n", pb); pb->pal.ctx = SSL_CTX_new(SSLv23_client_method()); if (NULL == pb->pal.ctx) { ERR_print_errors_cb(print_to_pubnub_log, NULL); PUBNUB_LOG_ERROR("pb=%p SSL_CTX_new failed\n", pb); return pbpal_resolv_resource_failure; } PUBNUB_LOG_TRACE("pb=%p: Got SSL_CTX\n", pb); add_pubnub_cert(pb->pal.ctx); } if (NULL == pb->pal.socket) { PUBNUB_LOG_TRACE("pb=%p: Don't have BIO\n", pb); pb->pal.socket = BIO_new_ssl_connect(pb->pal.ctx); if (PUBNUB_TIMERS_API) { pb->pal.connect_timeout = time(NULL) + pb->transaction_timeout_ms/1000; } } else { BIO_get_ssl(pb->pal.socket, &ssl); if (NULL == ssl) { return resolv_and_connect_wout_SSL(pb); } ssl = NULL; } if (NULL == pb->pal.socket) { ERR_print_errors_cb(print_to_pubnub_log, NULL); return pbpal_resolv_resource_failure; } PUBNUB_LOG_TRACE("pb=%p: Using BIO == %p\n", pb, pb->pal.socket); BIO_get_ssl(pb->pal.socket, &ssl); PUBNUB_ASSERT(NULL != ssl); SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); /* maybe not auto_retry? */ if (pb->pal.session != NULL) { SSL_set_session(ssl, pb->pal.session); } BIO_set_conn_hostname(pb->pal.socket, origin); BIO_set_conn_port(pb->pal.socket, "https"); if (pb->pal.ip_timeout != 0) { if (pb->pal.ip_timeout < time(NULL)) { pb->pal.ip_timeout = 0; } else { PUBNUB_LOG_TRACE("SSL re-connect to: %d.%d.%d.%d\n", pb->pal.ip[0], pb->pal.ip[1], pb->pal.ip[2], pb->pal.ip[3]); BIO_set_conn_ip(pb->pal.socket, pb->pal.ip); } } BIO_set_nbio(pb->pal.socket, !pb->options.use_blocking_io); WATCH_ENUM(pb->options.use_blocking_io); if (BIO_do_connect(pb->pal.socket) <= 0) { if (BIO_should_retry(pb->pal.socket) && PUBNUB_TIMERS_API && (pb->pal.connect_timeout > time(NULL))) { PUBNUB_LOG_TRACE("pb=%p: BIO_should_retry\n", pb); return pbpal_connect_wouldblock; } /* Expire the IP for the next connect */ pb->pal.ip_timeout = 0; ERR_print_errors_cb(print_to_pubnub_log, NULL); if (pb->pal.session != NULL) { SSL_SESSION_free(pb->pal.session); pb->pal.session = NULL; } PUBNUB_LOG_ERROR("pb=%p: BIO_do_connect failed\n", pb); return pbpal_connect_failed; } PUBNUB_LOG_TRACE("pb=%p: BIO connected\n", pb); { int fd = BIO_get_fd(pb->pal.socket, NULL); socket_set_rcv_timeout(fd, pb->transaction_timeout_ms); } rslt = SSL_get_verify_result(ssl); if (rslt != X509_V_OK) { PUBNUB_LOG_WARNING("pb=%p: SSL_get_verify_result() failed == %d(%s)\n", pb, rslt, X509_verify_cert_error_string(rslt)); ERR_print_errors_cb(print_to_pubnub_log, NULL); if (pb->options.fallbackSSL) { BIO_free_all(pb->pal.socket); pb->pal.socket = NULL; return resolv_and_connect_wout_SSL(pb); } return pbpal_connect_failed; } PUBNUB_LOG_INFO("pb=%p: SSL session reused: %s\n", pb, SSL_session_reused(ssl) ? "yes" : "no"); if (pb->pal.session != NULL) { SSL_SESSION_free(pb->pal.session); } pb->pal.session = SSL_get1_session(ssl); if (0 == pb->pal.ip_timeout) { pb->pal.ip_timeout = SSL_SESSION_get_time(pb->pal.session) + SSL_SESSION_get_timeout(pb->pal.session); memcpy(pb->pal.ip, BIO_get_conn_ip(pb->pal.socket), 4); } PUBNUB_LOG_TRACE("pb=%p: SSL connected to IP: %d.%d.%d.%d\n", pb, pb->pal.ip[0], pb->pal.ip[1], pb->pal.ip[2], pb->pal.ip[3]); return pbpal_connect_success; }
void BIO_print_errors(BIO *bio) { ERR_print_errors_cb(print_bio, bio); }
static void openssl_log_errors() { ERR_print_errors_cb(&log_callback, nullptr); }
void ERR_print_errors_fp(TINYCLR_SSL_FILE *fp) { ERR_print_errors_cb(print_fp, fp); }
HttpResponse* http_response_recv(rdpTls* tls, BOOL readContentLength) { size_t size; size_t position; size_t bodyLength = 0; size_t payloadOffset; HttpResponse* response; size = 2048; payloadOffset = 0; response = http_response_new(); if (!response) return NULL; response->ContentLength = 0; while (payloadOffset == 0) { size_t s; char* end; /* Read until we encounter \r\n\r\n */ int status = BIO_read(tls->bio, Stream_Pointer(response->data), 1); if (status <= 0) { if (!BIO_should_retry(tls->bio)) { WLog_ERR(TAG, "%s: Retries exceeded", __FUNCTION__); ERR_print_errors_cb(print_bio_error, NULL); goto out_error; } USleep(100); continue; } #ifdef HAVE_VALGRIND_MEMCHECK_H VALGRIND_MAKE_MEM_DEFINED(Stream_Pointer(response->data), status); #endif Stream_Seek(response->data, (size_t)status); if (!Stream_EnsureRemainingCapacity(response->data, 1024)) goto out_error; position = Stream_GetPosition(response->data); if (position < 4) continue; else if (position > RESPONSE_SIZE_LIMIT) { WLog_ERR(TAG, "Request header too large! (%"PRIdz" bytes) Aborting!", bodyLength); goto out_error; } /* Always check at most the lase 8 bytes for occurance of the desired * sequence of \r\n\r\n */ s = (position > 8) ? 8 : position; end = (char*)Stream_Pointer(response->data) - s; if (string_strnstr(end, "\r\n\r\n", s) != NULL) payloadOffset = Stream_GetPosition(response->data); } if (payloadOffset) { size_t count = 0; char* buffer = (char*)Stream_Buffer(response->data); char* line = (char*) Stream_Buffer(response->data); while ((line = string_strnstr(line, "\r\n", payloadOffset - (line - buffer) - 2UL))) { line += 2; count++; } response->count = count; if (count) { response->lines = (char**) calloc(response->count, sizeof(char*)); if (!response->lines) goto out_error; } buffer[payloadOffset - 1] = '\0'; buffer[payloadOffset - 2] = '\0'; count = 0; line = strtok(buffer, "\r\n"); while (line && (response->count > count)) { response->lines[count] = line; line = strtok(NULL, "\r\n"); count++; } if (!http_response_parse_header(response)) goto out_error; response->BodyLength = Stream_GetPosition(response->data) - payloadOffset; bodyLength = response->BodyLength; /* expected body length */ if (readContentLength) { const char* cur = response->ContentType; while (cur != NULL) { if (http_use_content_length(cur)) { if (response->ContentLength < RESPONSE_SIZE_LIMIT) bodyLength = response->ContentLength; break; } cur = strchr(cur, ';'); } } if (bodyLength > RESPONSE_SIZE_LIMIT) { WLog_ERR(TAG, "Expected request body too large! (%"PRIdz" bytes) Aborting!", bodyLength); goto out_error; } /* Fetch remaining body! */ while (response->BodyLength < bodyLength) { int status; if (!Stream_EnsureRemainingCapacity(response->data, bodyLength - response->BodyLength)) goto out_error; status = BIO_read(tls->bio, Stream_Pointer(response->data), bodyLength - response->BodyLength); if (status <= 0) { if (!BIO_should_retry(tls->bio)) { WLog_ERR(TAG, "%s: Retries exceeded", __FUNCTION__); ERR_print_errors_cb(print_bio_error, NULL); goto out_error; } USleep(100); continue; } Stream_Seek(response->data, (size_t)status); response->BodyLength += (unsigned long)status; if (response->BodyLength > RESPONSE_SIZE_LIMIT) { WLog_ERR(TAG, "Request body too large! (%"PRIdz" bytes) Aborting!", response->BodyLength); goto out_error; } } if (response->BodyLength > 0) response->BodyContent = &(Stream_Buffer(response->data))[payloadOffset]; if (bodyLength != response->BodyLength) { WLog_WARN(TAG, "%s: %s unexpected body length: actual: %d, expected: %d", __FUNCTION__, response->ContentType, response->BodyLength, bodyLength); if (bodyLength > 0) response->BodyLength = MIN(bodyLength, response->BodyLength); } } return response; out_error: http_response_free(response); return NULL; }
void ERR_print_errors(BIO *bp) { ERR_print_errors_cb(print_bio, bp); }
static int rtCrPkcs7VerifySignedDataUsingOpenSsl(PCRTCRPKCS7CONTENTINFO pContentInfo, uint32_t fFlags, RTCRSTORE hAdditionalCerts, RTCRSTORE hTrustedCerts, void const *pvContent, uint32_t cbContent, PRTERRINFO pErrInfo) { /* * Verify using OpenSSL. */ int rcOssl; unsigned char const *pbRawContent = RTASN1CORE_GET_RAW_ASN1_PTR(&pContentInfo->SeqCore.Asn1Core); PKCS7 *pOsslPkcs7 = NULL; if (d2i_PKCS7(&pOsslPkcs7, &pbRawContent, RTASN1CORE_GET_RAW_ASN1_SIZE(&pContentInfo->SeqCore.Asn1Core)) == pOsslPkcs7) { STACK_OF(X509) *pAddCerts = NULL; if (hAdditionalCerts != NIL_RTCRSTORE) rcOssl = RTCrStoreConvertToOpenSslCertStack(hAdditionalCerts, 0, (void **)&pAddCerts); else { pAddCerts = sk_X509_new_null(); rcOssl = RT_LIKELY(pAddCerts != NULL) ? VINF_SUCCESS : VERR_NO_MEMORY; } if (RT_SUCCESS(rcOssl)) { PCRTCRPKCS7SETOFCERTS pCerts = &pContentInfo->u.pSignedData->Certificates; for (uint32_t i = 0; i < pCerts->cItems; i++) if (pCerts->paItems[i].enmChoice == RTCRPKCS7CERTCHOICE_X509) rtCrOpenSslAddX509CertToStack(pAddCerts, pCerts->paItems[i].u.pX509Cert); X509_STORE *pTrustedCerts = NULL; if (hTrustedCerts != NIL_RTCRSTORE) rcOssl = RTCrStoreConvertToOpenSslCertStore(hTrustedCerts, 0, (void **)&pTrustedCerts); if (RT_SUCCESS(rcOssl)) { rtCrOpenSslInit(); BIO *pBioContent = BIO_new_mem_buf((void *)pvContent, cbContent); if (pBioContent) { uint32_t fOsslFlags = PKCS7_NOCHAIN; fOsslFlags |= PKCS7_NOVERIFY; // temporary hack. if (PKCS7_verify(pOsslPkcs7, pAddCerts, pTrustedCerts, pBioContent, NULL /*out*/, fOsslFlags)) rcOssl = VINF_SUCCESS; else { rcOssl = RTErrInfoSet(pErrInfo, VERR_CR_PKCS7_OSSL_VERIFY_FAILED, "PKCS7_verify failed: "); if (pErrInfo) ERR_print_errors_cb(rtCrOpenSslErrInfoCallback, pErrInfo); } BIO_free(pBioContent); } if (pTrustedCerts) X509_STORE_free(pTrustedCerts); } else rcOssl = RTErrInfoSet(pErrInfo, rcOssl, "RTCrStoreConvertToOpenSslCertStack failed"); if (pAddCerts) sk_X509_pop_free(pAddCerts, X509_free); } else rcOssl = RTErrInfoSet(pErrInfo, rcOssl, "RTCrStoreConvertToOpenSslCertStack failed"); PKCS7_free(pOsslPkcs7); } else rcOssl = RTErrInfoSet(pErrInfo, VERR_CR_PKCS7_OSSL_D2I_FAILED, "d2i_PKCS7 failed"); return rcOssl; }
void ERR_print_errors_fp(FILE *fp) { ERR_print_errors_cb(print_fp, fp); }
MONO_API void mono_btls_ssl_print_errors_cb (ERR_print_errors_callback_t callback, void *ctx) { ERR_print_errors_cb (callback, ctx); }