* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#include <string.h>
#include <ctype.h>
#include <openssl/x509v3.h>
#include "ustream-ssl.h"
return NULL;
SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL);
+ SSL_CTX_set_quiet_shutdown(c, 1);
return (void *) c;
}
SSL_CTX_free((void *) ctx);
}
+void __ustream_ssl_session_free(void *ssl)
+{
+ SSL_shutdown(ssl);
+ SSL_free(ssl);
+}
+
static void ustream_ssl_error(struct ustream_ssl *us, int ret)
{
us->error = ret;
for (; (c = tolower(*pattern++)) != 0; cn++) {
if (c != '*') {
- if (c != *cn)
+ if (c != tolower(*cn))
return false;
continue;
}
{
GENERAL_NAMES *alt_names;
int i, n_alt;
+ bool ret = false;
alt_names = X509_get_ext_d2i (cert, NID_subject_alt_name, NULL, NULL);
if (!alt_names)
if (name->type != GEN_DNS)
continue;
- if (host_pattern_match_asn1(name->d.dNSName, us->peer_cn))
- return true;
+ if (host_pattern_match_asn1(name->d.dNSName, us->peer_cn)) {
+ ret = true;
+ break;
+ }
}
- return false;
+ sk_GENERAL_NAME_free(alt_names);
+ return ret;
}
static bool ustream_ssl_verify_cn(struct ustream_ssl *us, X509 *cert)
X509 *cert;
int res;
- cert = SSL_get_peer_certificate(ssl);
- if (!cert)
- return;
-
res = SSL_get_verify_result(ssl);
if (res != X509_V_OK) {
if (us->notify_verify_error)
return;
}
+ cert = SSL_get_peer_certificate(ssl);
+ if (!cert)
+ return;
+
us->valid_cert = true;
us->valid_cn = ustream_ssl_verify_cn(us, cert);
+ X509_free(cert);
}
#endif