void TLSClient::LogVerifyCallback(bool preverified, asio::ssl::verify_context& ctx)
{
const int MAX_SUBJECT_NAME = 512;
int depth = X509_STORE_CTX_get_error_depth(ctx.native_handle());
// lookup the subject name
X509* cert = X509_STORE_CTX_get_current_cert(ctx.native_handle());
char subjectName[MAX_SUBJECT_NAME];
X509_NAME_oneline(X509_get_subject_name(cert), subjectName, MAX_SUBJECT_NAME);
if (preverified)
{
FORMAT_LOG_BLOCK(this->logger, flags::INFO, "Verified certificate at depth: %d subject: %s", depth,
subjectName);
}
else
{
const int err = X509_STORE_CTX_get_error(ctx.native_handle());
FORMAT_LOG_BLOCK(this->logger, flags::WARN, "Error verifying certificate at depth: %d subject: %s error: %d:%s",
depth, subjectName, err, X509_verify_cert_error_string(err));
}
}
bool verify_certificate(bool preverified,
asio::ssl::verify_context& ctx)
{
// The verify callback can be used to check whether the certificate that is
// being presented is valid for the peer. For example, RFC 2818 describes
// the steps involved in doing this for HTTPS. Consult the OpenSSL
// documentation for more details. Note that the callback is called once
// for each certificate in the certificate chain, starting from the root
// certificate authority.
// In this example we will simply print the certificate's subject name.
char subject_name[256];
X509* cert = X509_STORE_CTX_get_current_cert(ctx.native_handle());
X509_NAME_oneline(X509_get_subject_name(cert), subject_name, 256);
std::cout << "Verifying " << subject_name << "\n";
return preverified;
}
