Overview
| Comment: | Disabled checking the client certificate and aborting if not found |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | wip-fix-io-layer |
| Files: | files | file ages | folders |
| SHA1: |
916215af0a7034c60f77d0d46f2a9f11 |
| User & Date: | rkeene on 2016-12-12 01:56:01 |
| Other Links: | branch diff | manifest | tags |
Context
|
2016-12-12
| ||
| 22:29 | Merged in trunk check-in: 77c3091474 user: rkeene tags: wip-fix-io-layer | |
| 01:56 | Disabled checking the client certificate and aborting if not found check-in: 916215af0a user: rkeene tags: wip-fix-io-layer | |
| 01:51 | Made I/O test more useful when debugging is on and updated to deal with newer versions of OpenSSL check-in: 270ffbbc3e user: rkeene tags: wip-fix-io-layer | |
Changes
Modified tlsIO.c from [38a7baa9a1] to [0f85acc9f6].
| ︙ | ︙ | |||
851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 |
default:
dprintf("We got a confusing reply: %i", rc);
*errorCodePtr = Tcl_GetErrno();
dprintf("ERR(%d, %d) ", rc, *errorCodePtr);
return(-1);
}
if (statePtr->flags & TLS_TCL_SERVER) {
dprintf("This is an TLS server, checking the certificate for the peer");
err = SSL_get_verify_result(statePtr->ssl);
if (err != X509_V_OK) {
dprintf("Invalid certificate, returning in failure");
Tls_Error(statePtr, (char *)X509_verify_cert_error_string(err));
statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
*errorCodePtr = ECONNABORTED;
return(-1);
}
}
dprintf("Removing the \"TLS_TCL_INIT\" flag since we have completed the handshake");
statePtr->flags &= ~TLS_TCL_INIT;
dprintf("Returning in success");
*errorCodePtr = 0;
| > > | 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 |
default:
dprintf("We got a confusing reply: %i", rc);
*errorCodePtr = Tcl_GetErrno();
dprintf("ERR(%d, %d) ", rc, *errorCodePtr);
return(-1);
}
#if 0
if (statePtr->flags & TLS_TCL_SERVER) {
dprintf("This is an TLS server, checking the certificate for the peer");
err = SSL_get_verify_result(statePtr->ssl);
if (err != X509_V_OK) {
dprintf("Invalid certificate, returning in failure");
Tls_Error(statePtr, (char *)X509_verify_cert_error_string(err));
statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
*errorCodePtr = ECONNABORTED;
return(-1);
}
}
#endif
dprintf("Removing the \"TLS_TCL_INIT\" flag since we have completed the handshake");
statePtr->flags &= ~TLS_TCL_INIT;
dprintf("Returning in success");
*errorCodePtr = 0;
|
| ︙ | ︙ |