Verify certificate CN against configured hostname.

NOTE: The subjectAltName check is not well tested.
author: Linus Nordberg <linus@nordu.net> 2012-04-26 10:19:52 +0200
committer: Linus Nordberg <linus@nordu.net> 2012-04-26 10:19:52 +0200
commit: c562df4b073a288862dd3c4ceaba7d6439f33b45 (patch)
tree: 4641c6f6d69314508b2455ac9cb5fdaa31c8d296 /lib/event.c
parent: 6e6672cffd42def79813dbf7f1588d2ce219ca79 (diff)
1 files changed, 15 insertions, 1 deletions
diff --git a/lib/event.c b/lib/event.c
index 2229689..bfb34bc 100644
--- a/lib/event.c
+++ b/lib/event.c
@@ -236,10 +236,22 @@ event_on_disconnect (struct rs_connection *conn)
     conn->callbacks.disconnected_cb (conn->user_data);
 }
 
-void
+/** Internal connect event returning 0 on success or -1 on error.  */
+int
 event_on_connect (struct rs_connection *conn, struct rs_packet *pkt)
 {
   assert (!conn->is_connecting);
+
+#if defined (RS_ENABLE_TLS)
+  if (conn->realm->type == RS_CONN_TYPE_TLS
+      || conn->realm->type == RS_CONN_TYPE_DTLS)
+    if (tls_verify_cert (conn) != RSE_OK)
+      {
+        rs_debug (("%s: server cert verification failed\n", __func__));
+        return -1;
+      }
+#endif	/* RS_ENABLE_TLS */
+
   conn->is_connected = 1;
   rs_debug (("%s: %p connected\n", __func__, conn->active_peer));
 
@@ -248,6 +260,8 @@ event_on_connect (struct rs_connection *conn, struct rs_packet *pkt)
 
   if (pkt)
     packet_do_send (pkt);
+
+  return 0;
 }
 
 int
author	Linus Nordberg <linus@nordu.net>	2012-04-26 10:19:52 +0200
committer	Linus Nordberg <linus@nordu.net>	2012-04-26 10:19:52 +0200
commit	c562df4b073a288862dd3c4ceaba7d6439f33b45 (patch)
tree	4641c6f6d69314508b2455ac9cb5fdaa31c8d296 /lib/event.c
parent	6e6672cffd42def79813dbf7f1588d2ce219ca79 (diff)