summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordu.net>2012-04-26 10:19:52 +0200
committerLinus Nordberg <linus@nordu.net>2012-04-26 10:19:52 +0200
commitc562df4b073a288862dd3c4ceaba7d6439f33b45 (patch)
tree4641c6f6d69314508b2455ac9cb5fdaa31c8d296
parent6e6672cffd42def79813dbf7f1588d2ce219ca79 (diff)
Verify certificate CN against configured hostname.
NOTE: The subjectAltName check is not well tested.
-rw-r--r--lib/event.c16
-rw-r--r--lib/event.h2
-rw-r--r--lib/tcp.c6
3 files changed, 21 insertions, 3 deletions
diff --git a/lib/event.c b/lib/event.c
index 2229689..bfb34bc 100644
--- a/lib/event.c
+++ b/lib/event.c
@@ -236,10 +236,22 @@ event_on_disconnect (struct rs_connection *conn)
conn->callbacks.disconnected_cb (conn->user_data);
}
-void
+/** Internal connect event returning 0 on success or -1 on error. */
+int
event_on_connect (struct rs_connection *conn, struct rs_packet *pkt)
{
assert (!conn->is_connecting);
+
+#if defined (RS_ENABLE_TLS)
+ if (conn->realm->type == RS_CONN_TYPE_TLS
+ || conn->realm->type == RS_CONN_TYPE_DTLS)
+ if (tls_verify_cert (conn) != RSE_OK)
+ {
+ rs_debug (("%s: server cert verification failed\n", __func__));
+ return -1;
+ }
+#endif /* RS_ENABLE_TLS */
+
conn->is_connected = 1;
rs_debug (("%s: %p connected\n", __func__, conn->active_peer));
@@ -248,6 +260,8 @@ event_on_connect (struct rs_connection *conn, struct rs_packet *pkt)
if (pkt)
packet_do_send (pkt);
+
+ return 0;
}
int
diff --git a/lib/event.h b/lib/event.h
index e042599..befbd0d 100644
--- a/lib/event.h
+++ b/lib/event.h
@@ -2,7 +2,7 @@
See the file COPYING for licensing information. */
void event_on_disconnect (struct rs_connection *conn);
-void event_on_connect (struct rs_connection *conn, struct rs_packet *pkt);
+int event_on_connect (struct rs_connection *conn, struct rs_packet *pkt);
int event_loopbreak (struct rs_connection *conn);
int event_init_eventbase (struct rs_connection *conn);
int event_init_socket (struct rs_connection *conn, struct rs_peer *p);
diff --git a/lib/tcp.c b/lib/tcp.c
index f98e971..c4948c0 100644
--- a/lib/tcp.c
+++ b/lib/tcp.c
@@ -179,7 +179,11 @@ tcp_event_cb (struct bufferevent *bev, short events, void *user_data)
{
if (conn->tev)
evtimer_del (conn->tev); /* Cancel connect timer. */
- event_on_connect (conn, pkt);
+ if (event_on_connect (conn, pkt))
+ {
+ event_on_disconnect (conn);
+ event_loopbreak (conn);
+ }
}
else if (events & BEV_EVENT_EOF)
{