static int netconn_secure_verify( int preverify_ok, X509_STORE_CTX *ctx )
{
SSL *ssl;
WCHAR *server;
BOOL ret = FALSE;
netconn_t *conn;
ssl = pX509_STORE_CTX_get_ex_data( ctx, pSSL_get_ex_data_X509_STORE_CTX_idx() );
server = pSSL_get_ex_data( ssl, hostname_idx );
conn = pSSL_get_ex_data( ssl, conn_idx );
if (preverify_ok)
{
HCERTSTORE store = CertOpenStore( CERT_STORE_PROV_MEMORY, 0, 0,
CERT_STORE_CREATE_NEW_FLAG, NULL );
if (store)
{
X509 *cert;
int i;
PCCERT_CONTEXT endCert = NULL;
ret = TRUE;
for (i = 0; ret && i < psk_num((struct stack_st *)ctx->chain); i++)
{
PCCERT_CONTEXT context;
cert = (X509 *)psk_value((struct stack_st *)ctx->chain, i);
if ((context = X509_to_cert_context( cert )))
{
if (i == 0)
ret = CertAddCertificateContextToStore( store, context,
CERT_STORE_ADD_ALWAYS, &endCert );
else
ret = CertAddCertificateContextToStore( store, context,
CERT_STORE_ADD_ALWAYS, NULL );
CertFreeCertificateContext( context );
}
}
if (!endCert) ret = FALSE;
if (ret)
{
DWORD_PTR err = netconn_verify_cert( endCert, store, server,
conn->security_flags );
if (err)
{
pSSL_set_ex_data( ssl, error_idx, (void *)err );
ret = FALSE;
}
}
CertFreeCertificateContext( endCert );
CertCloseStore( store, 0 );
}
}
return ret;
}
const void *netconn_get_certificate( netconn_t *conn )
{
#ifdef SONAME_LIBSSL
X509 *cert;
const CERT_CONTEXT *ret;
if (!conn->secure) return NULL;
if (!(cert = pSSL_get_peer_certificate( conn->ssl_conn ))) return NULL;
ret = X509_to_cert_context( cert );
return ret;
#else
return NULL;
#endif
}
LPCVOID NETCON_GetCert(netconn_t *connection)
{
#ifdef SONAME_LIBSSL
X509* cert;
LPCVOID r = NULL;
if (!connection->ssl_s)
return NULL;
cert = pSSL_get_peer_certificate(connection->ssl_s);
r = X509_to_cert_context(cert);
return r;
#else
return NULL;
#endif
}