Check-in [916215af0a]
Overview
Comment:Disabled checking the client certificate and aborting if not found
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | wip-fix-io-layer
Files: files | file ages | folders
SHA1: 916215af0a7034c60f77d0d46f2a9f11afe48e52
User & Date: rkeene on 2016-12-12 01:56:01
Other Links: branch diff | manifest | tags
Context
2016-12-12
22:29
Merged in trunk check-in: 77c3091474 user: rkeene tags: wip-fix-io-layer
01:56
Disabled checking the client certificate and aborting if not found check-in: 916215af0a user: rkeene tags: wip-fix-io-layer
01:51
Made I/O test more useful when debugging is on and updated to deal with newer versions of OpenSSL check-in: 270ffbbc3e user: rkeene tags: wip-fix-io-layer
Changes
Modified tlsIO.c from [38a7baa9a1] to [0f85acc9f6].
851
852
853
854
855
856
857

858
859
860
861
862
863
864
865
866
867
868
869
870

871
872
873
874
875
876
877
		default:
			dprintf("We got a confusing reply: %i", rc);
			*errorCodePtr = Tcl_GetErrno();
			dprintf("ERR(%d, %d) ", rc, *errorCodePtr);
			return(-1);
	}


	if (statePtr->flags & TLS_TCL_SERVER) {
		dprintf("This is an TLS server, checking the certificate for the peer");

		err = SSL_get_verify_result(statePtr->ssl);
		if (err != X509_V_OK) {
			dprintf("Invalid certificate, returning in failure");

			Tls_Error(statePtr, (char *)X509_verify_cert_error_string(err));
			statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
			*errorCodePtr = ECONNABORTED;
			return(-1);
		}
	}


	dprintf("Removing the \"TLS_TCL_INIT\" flag since we have completed the handshake");
	statePtr->flags &= ~TLS_TCL_INIT;

	dprintf("Returning in success");
	*errorCodePtr = 0;








>













>







851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
		default:
			dprintf("We got a confusing reply: %i", rc);
			*errorCodePtr = Tcl_GetErrno();
			dprintf("ERR(%d, %d) ", rc, *errorCodePtr);
			return(-1);
	}

#if 0
	if (statePtr->flags & TLS_TCL_SERVER) {
		dprintf("This is an TLS server, checking the certificate for the peer");

		err = SSL_get_verify_result(statePtr->ssl);
		if (err != X509_V_OK) {
			dprintf("Invalid certificate, returning in failure");

			Tls_Error(statePtr, (char *)X509_verify_cert_error_string(err));
			statePtr->flags |= TLS_TCL_HANDSHAKE_FAILED;
			*errorCodePtr = ECONNABORTED;
			return(-1);
		}
	}
#endif

	dprintf("Removing the \"TLS_TCL_INIT\" flag since we have completed the handshake");
	statePtr->flags &= ~TLS_TCL_INIT;

	dprintf("Returning in success");
	*errorCodePtr = 0;