diff options
author | Linus Nordberg <linus@nordu.net> | 2012-04-26 10:19:52 +0200 |
---|---|---|
committer | Linus Nordberg <linus@nordu.net> | 2012-04-26 10:19:52 +0200 |
commit | c562df4b073a288862dd3c4ceaba7d6439f33b45 (patch) | |
tree | 4641c6f6d69314508b2455ac9cb5fdaa31c8d296 | |
parent | 6e6672cffd42def79813dbf7f1588d2ce219ca79 (diff) |
Verify certificate CN against configured hostname.
NOTE: The subjectAltName check is not well tested.
-rw-r--r-- | lib/event.c | 16 | ||||
-rw-r--r-- | lib/event.h | 2 | ||||
-rw-r--r-- | lib/tcp.c | 6 |
3 files changed, 21 insertions, 3 deletions
diff --git a/lib/event.c b/lib/event.c index 2229689..bfb34bc 100644 --- a/lib/event.c +++ b/lib/event.c @@ -236,10 +236,22 @@ event_on_disconnect (struct rs_connection *conn) conn->callbacks.disconnected_cb (conn->user_data); } -void +/** Internal connect event returning 0 on success or -1 on error. */ +int event_on_connect (struct rs_connection *conn, struct rs_packet *pkt) { assert (!conn->is_connecting); + +#if defined (RS_ENABLE_TLS) + if (conn->realm->type == RS_CONN_TYPE_TLS + || conn->realm->type == RS_CONN_TYPE_DTLS) + if (tls_verify_cert (conn) != RSE_OK) + { + rs_debug (("%s: server cert verification failed\n", __func__)); + return -1; + } +#endif /* RS_ENABLE_TLS */ + conn->is_connected = 1; rs_debug (("%s: %p connected\n", __func__, conn->active_peer)); @@ -248,6 +260,8 @@ event_on_connect (struct rs_connection *conn, struct rs_packet *pkt) if (pkt) packet_do_send (pkt); + + return 0; } int diff --git a/lib/event.h b/lib/event.h index e042599..befbd0d 100644 --- a/lib/event.h +++ b/lib/event.h @@ -2,7 +2,7 @@ See the file COPYING for licensing information. */ void event_on_disconnect (struct rs_connection *conn); -void event_on_connect (struct rs_connection *conn, struct rs_packet *pkt); +int event_on_connect (struct rs_connection *conn, struct rs_packet *pkt); int event_loopbreak (struct rs_connection *conn); int event_init_eventbase (struct rs_connection *conn); int event_init_socket (struct rs_connection *conn, struct rs_peer *p); @@ -179,7 +179,11 @@ tcp_event_cb (struct bufferevent *bev, short events, void *user_data) { if (conn->tev) evtimer_del (conn->tev); /* Cancel connect timer. */ - event_on_connect (conn, pkt); + if (event_on_connect (conn, pkt)) + { + event_on_disconnect (conn); + event_loopbreak (conn); + } } else if (events & BEV_EVENT_EOF) { |