2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
|
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
|
+
+
+
+
|
if (certNames != NULL) {
SSL_CTX_set_client_CA_list(ctx, certNames);
}
Tcl_DStringFree(&ds);
}
#endif
}
if (abort > 0) {
/* return error */
}
return ctx;
}
/*
*-------------------------------------------------------------------
*
* StatusObjCmd -- return certificate for connected peer info.
|
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
|
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
|
-
+
-
+
-
+
-
+
-
+
|
/* Verify the X509 certificate presented by the peer */
LAPPEND_STR(interp, objPtr, "verifyResult",
X509_verify_cert_error_string(SSL_get_verify_result(statePtr->ssl)), -1);
/* Verify mode */
mode = SSL_get_verify_mode(statePtr->ssl);
if (mode && SSL_VERIFY_NONE) {
if (mode & SSL_VERIFY_NONE) {
LAPPEND_STR(interp, objPtr, "verifyMode", "none", -1);
} else {
Tcl_Obj *listObjPtr = Tcl_NewListObj(0, NULL);
if (mode && SSL_VERIFY_PEER) {
if (mode & SSL_VERIFY_PEER) {
Tcl_ListObjAppendElement(interp, listObjPtr, Tcl_NewStringObj("peer", -1));
}
if (mode && SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
Tcl_ListObjAppendElement(interp, listObjPtr, Tcl_NewStringObj("fail if no peer cert", -1));
}
if (mode && SSL_VERIFY_CLIENT_ONCE) {
if (mode & SSL_VERIFY_CLIENT_ONCE) {
Tcl_ListObjAppendElement(interp, listObjPtr, Tcl_NewStringObj("client once", -1));
}
if (mode && SSL_VERIFY_POST_HANDSHAKE) {
if (mode & SSL_VERIFY_POST_HANDSHAKE) {
Tcl_ListObjAppendElement(interp, listObjPtr, Tcl_NewStringObj("post handshake", -1));
}
LAPPEND_OBJ(interp, objPtr, "verifyMode", listObjPtr)
}
/* Verify mode depth */
LAPPEND_INT(interp, objPtr, "verifyDepth", SSL_get_verify_depth(statePtr->ssl));
|