httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 35083] - Certificate validation problems trapping
Date Wed, 01 Jun 2005 09:15:22 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=35083>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=35083





------- Additional Comments From mstern@csc.com  2005-06-01 11:15 -------
Sorry, I forgot something.
Here is the correct version:

+ orig_verify_mode = filter_ctx->pssl->verify_mode;
+ if ( sslErrorRedirected )
+    filter_ctx->pssl->verify_mode &= ~SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
 if ((n = SSL_accept(filter_ctx->pssl)) <= 0) {

...

 verify_result = SSL_get_verify_result(filter_ctx->pssl);

+ if ( (orig_verify_mode != filter_ctx->pssl->verify_mode) &&
+      !filter_ctx->pssl->session->peer ) {
+    verify_result = X509_V_ERR_CERT_REJECTED;
+    sslconn->verify_error = X509_verify_cert_error_string(verify_result);
+ }

 if ((verify_result != X509_V_OK) ||

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message