diff options
| author | corvid <devnull@localhost> | 2015-07-05 01:29:52 +0000 |
|---|---|---|
| committer | corvid <devnull@localhost> | 2015-07-05 01:29:52 +0000 |
| commit | 48f7f6645e665e174f687d2caebeb803a06c1fea (patch) | |
| tree | 5d09030556770fee4a942e27d141b8deb7979071 /src/IO | |
| parent | a56ff5f67537396ca030a1c4fe907b62eb81f5f1 (diff) | |
tls.c a little cleanup
Diffstat (limited to 'src/IO')
| -rw-r--r-- | src/IO/tls.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/src/IO/tls.c b/src/IO/tls.c index cfe050ec..c1062c9a 100644 --- a/src/IO/tls.c +++ b/src/IO/tls.c @@ -807,14 +807,14 @@ static void Tls_get_expiration_str(X509 *cert, char *buf, uint_t buflen) * to do. * Return: -1 if connection should be canceled, or 0 if it should continue. */ -static int Tls_examine_certificate(SSL *ssl, Server_t *srv,const char *host) +static int Tls_examine_certificate(SSL *ssl, Server_t *srv) { X509 *remote_cert; long st; const uint_t buflen = 4096; char buf[buflen], *cn, *msg; int choice = -1, ret = -1; - char *title = dStrconcat("Dillo TLS security warning: ", host, NULL); + char *title = dStrconcat("Dillo TLS security warning: ",srv->hostname,NULL); remote_cert = SSL_get_peer_certificate(ssl); if (remote_cert == NULL){ @@ -829,7 +829,7 @@ static int Tls_examine_certificate(SSL *ssl, Server_t *srv,const char *host) ret = 0; } } else if (Tls_check_cert_strength(ssl, srv, &choice) && - Tls_check_cert_hostname(remote_cert, host, &choice)) { + Tls_check_cert_hostname(remote_cert, srv->hostname, &choice)) { /* Figure out if (and why) the remote system can't be trusted */ st = SSL_get_verify_result(ssl); switch (st) { @@ -865,11 +865,9 @@ static int Tls_examine_certificate(SSL *ssl, Server_t *srv,const char *host) case 2: break; case 3: - /* Save certificate to a file here and recheck the chain */ - /* Potential security problems because we are writing - * to the filesystem */ + /* Save certificate to a file */ Tls_save_certificate_home(remote_cert); - ret = 1; + ret = 0; break; default: break; @@ -1131,7 +1129,7 @@ static void Tls_connect(int fd, int connkey) } if (srv->cert_status == CERT_STATUS_USER_ACCEPTED || - (Tls_examine_certificate(conn->ssl, srv, URL_HOST(conn->url))!=-1)) { + (Tls_examine_certificate(conn->ssl, srv) != -1)) { failed = FALSE; } } |