diff options
Diffstat (limited to 'src/libwaitress/waitress.c')
-rw-r--r-- | src/libwaitress/waitress.c | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/src/libwaitress/waitress.c b/src/libwaitress/waitress.c index 8a8315f..efb76a9 100644 --- a/src/libwaitress/waitress.c +++ b/src/libwaitress/waitress.c @@ -1,5 +1,5 @@ /* -Copyright (c) 2009-2011 +Copyright (c) 2009-2012 Lars-Dominik Braun <lars@6xq.net> Permission is hereby granted, free of charge, to any person obtaining a copy @@ -725,44 +725,45 @@ static int WaitressParseStatusline (const char * const line) { /* verify server certificate */ -static int WaitressTlsVerify (const WaitressHandle_t *waith) { +static WaitressReturn_t WaitressTlsVerify (const WaitressHandle_t *waith) { gnutls_session_t session = waith->request.tlsSession; unsigned int certListSize; const gnutls_datum_t *certList; gnutls_x509_crt_t cert; if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509) { - return GNUTLS_E_CERTIFICATE_ERROR; + return WAITRESS_RET_TLS_HANDSHAKE_ERR; } if ((certList = gnutls_certificate_get_peers (session, &certListSize)) == NULL) { - return GNUTLS_E_CERTIFICATE_ERROR; + return WAITRESS_RET_TLS_HANDSHAKE_ERR; } if (gnutls_x509_crt_init (&cert) != GNUTLS_E_SUCCESS) { - return GNUTLS_E_CERTIFICATE_ERROR; + return WAITRESS_RET_TLS_HANDSHAKE_ERR; } if (gnutls_x509_crt_import (cert, &certList[0], GNUTLS_X509_FMT_DER) != GNUTLS_E_SUCCESS) { - return GNUTLS_E_CERTIFICATE_ERROR; + return WAITRESS_RET_TLS_HANDSHAKE_ERR; } char fingerprint[20]; size_t fingerprintSize = sizeof (fingerprint); if (gnutls_x509_crt_get_fingerprint (cert, GNUTLS_DIG_SHA1, fingerprint, &fingerprintSize) != 0) { - return GNUTLS_E_CERTIFICATE_ERROR; + return WAITRESS_RET_TLS_HANDSHAKE_ERR; } + assert (waith->tlsFingerprint != NULL); if (memcmp (fingerprint, waith->tlsFingerprint, sizeof (fingerprint)) != 0) { - return GNUTLS_E_CERTIFICATE_ERROR; + return WAITRESS_RET_TLS_FINGERPRINT_MISMATCH; } gnutls_x509_crt_deinit (cert); - return 0; + return WAITRESS_RET_OK; } /* Connect to server @@ -823,11 +824,12 @@ static WaitressReturn_t WaitressConnect (WaitressHandle_t *waith) { } if (waith->url.tls) { + WaitressReturn_t wRet; + /* set up proxy tunnel */ if (WaitressProxyEnabled (waith)) { char buf[256]; size_t size; - WaitressReturn_t wRet; snprintf (buf, sizeof (buf), "CONNECT %s:%s HTTP/" WAITRESS_HTTP_VERSION "\r\n" @@ -855,8 +857,8 @@ static WaitressReturn_t WaitressConnect (WaitressHandle_t *waith) { return WAITRESS_RET_TLS_HANDSHAKE_ERR; } - if (WaitressTlsVerify (waith) != 0) { - return WAITRESS_RET_TLS_HANDSHAKE_ERR; + if ((wRet = WaitressTlsVerify (waith)) != WAITRESS_RET_OK) { + return wRet; } /* now we can talk encrypted */ @@ -1199,8 +1201,8 @@ const char *WaitressErrorToStr (WaitressReturn_t wRet) { return "TLS handshake failed."; break; - case WAITRESS_RET_TLS_TRUSTFILE_ERR: - return "Loading root certificates failed."; + case WAITRESS_RET_TLS_FINGERPRINT_MISMATCH: + return "TLS fingerprint mismatch."; break; default: |