diff options
Diffstat (limited to 'src/libwaitress')
| -rw-r--r-- | src/libwaitress/waitress.c | 27 | 
1 files changed, 10 insertions, 17 deletions
| diff --git a/src/libwaitress/waitress.c b/src/libwaitress/waitress.c index 7082ffd..69c4d3a 100644 --- a/src/libwaitress/waitress.c +++ b/src/libwaitress/waitress.c @@ -687,14 +687,11 @@ static int WaitressParseStatusline (const char * const line) {  /*	verify server certificate   */ -static int WaitressTlsVerify (gnutls_session_t session) { -	unsigned int status, certListSize; +static int WaitressTlsVerify (const WaitressHandle_t *waith) { +	gnutls_session_t session = waith->request.tlsSession; +	unsigned int certListSize;  	const gnutls_datum_t *certList;  	gnutls_x509_crt_t cert; -	const WaitressHandle_t *waith; - -	waith = gnutls_session_get_ptr (session); -	assert (waith != NULL);  	if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509) {  		return GNUTLS_E_CERTIFICATE_ERROR; @@ -807,6 +804,10 @@ static WaitressReturn_t WaitressConnect (WaitressHandle_t *waith) {  		if (gnutls_handshake (waith->request.tlsSession) != GNUTLS_E_SUCCESS) {  			return WAITRESS_RET_TLS_HANDSHAKE_ERR;  		} + +		if (WaitressTlsVerify (waith) != 0) { +			return WAITRESS_RET_TLS_HANDSHAKE_ERR; +		}  	}  	return WAITRESS_RET_OK; @@ -1020,12 +1021,10 @@ WaitressReturn_t WaitressFetchCall (WaitressHandle_t *waith) {  	if (waith->url.tls) {  		waith->request.read = WaitressGnutlsRead;  		waith->request.write = WaitressGnutlsWrite; +  		gnutls_init (&waith->request.tlsSession, GNUTLS_CLIENT); -		const char *err; -		if (gnutls_priority_set_direct (waith->request.tlsSession, -				"PERFORMANCE", &err) != GNUTLS_E_SUCCESS) { -			return WAITRESS_RET_ERR; -		} +		gnutls_set_default_priority (waith->request.tlsSession); +  		gnutls_certificate_allocate_credentials (&waith->tlsCred);  		if (gnutls_credentials_set (waith->request.tlsSession,  				GNUTLS_CRD_CERTIFICATE, @@ -1040,12 +1039,6 @@ WaitressReturn_t WaitressFetchCall (WaitressHandle_t *waith) {  				WaitressPollRead);  		gnutls_transport_set_push_function (waith->request.tlsSession,  				WaitressPollWrite); - -		/* certificate verification function */ -		gnutls_session_set_ptr (waith->request.tlsSession, -				(gnutls_transport_ptr_t) waith); -		gnutls_certificate_set_verify_function (waith->tlsCred, -				WaitressTlsVerify);  	}  	/* request */ | 
