Changeset 543:40141acabee7 in freeDiameter for freeDiameter/cnxctx.c
- Timestamp:
- Sep 14, 2010, 1:31:27 PM (14 years ago)
- Branch:
- default
- Phase:
- public
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
freeDiameter/cnxctx.c
r542 r543 995 995 int fd_tls_verify_credentials(gnutls_session_t session, struct cnxctx * conn, int verbose) 996 996 { 997 int i ;997 int i, ret = 0; 998 998 unsigned int gtret; 999 999 const gnutls_datum_t *cert_list; … … 1176 1176 CHECK_GNUTLS_DO( gnutls_x509_crt_import (cert, &cert_list[i], GNUTLS_X509_FMT_DER), return EINVAL); 1177 1177 1178 /* When gnutls 2.10.1 is around, we should use gnutls_certificate_set_verify_function */1179 1180 1178 GNUTLS_TRACE( deadline = gnutls_x509_crt_get_expiration_time(cert) ); 1181 1179 if ((deadline != (time_t)-1) && (deadline < now)) { … … 1184 1182 fd_log_debug(" - The certificate %d in the chain is expired\n", i); 1185 1183 } 1186 ret urnEINVAL;1184 ret = EINVAL; 1187 1185 } 1188 1186 … … 1193 1191 fd_log_debug(" - The certificate %d in the chain is not yet activated\n", i); 1194 1192 } 1195 ret urnEINVAL;1193 ret = EINVAL; 1196 1194 } 1197 1195 … … 1202 1200 fd_log_debug(" - The certificate hostname does not match '%s'\n", conn->cc_tls_para.cn); 1203 1201 } 1204 ret urnEINVAL;1202 ret = EINVAL; 1205 1203 } 1206 1204 } … … 1209 1207 } 1210 1208 1211 return 0;1209 return ret; 1212 1210 } 1213 1211 … … 1256 1254 int ret; 1257 1255 1258 /* When gnutls 2.10.1 is around, we should use gnutls_certificate_set_verify_function */1256 /* When gnutls 2.10.1 is around, we should use gnutls_certificate_set_verify_function and fd_tls_verify_credentials, so that handshake fails directly. */ 1259 1257 1260 1258 CHECK_GNUTLS_DO( ret = gnutls_handshake(conn->cc_tls_para.session), … … 1279 1277 if (conn->cc_sctp_para.pairs > 1) { 1280 1278 #ifndef DISABLE_SCTP 1279 /* Start reading the messages from the master session. That way, if the remote peer closed, we are not stuck inside handshake */ 1280 CHECK_FCT(fd_sctps_startthreads(conn, 0)); 1281 1281 1282 /* Resume all additional sessions from the master one. */ 1282 1283 CHECK_FCT(fd_sctps_handshake_others(conn, priority, alt_creds)); 1283 1284 1284 1285 /* Start decrypting the messages from all threads and queuing them in target queue */ 1285 CHECK_FCT(fd_sctps_startthreads(conn ));1286 CHECK_FCT(fd_sctps_startthreads(conn, 1)); 1286 1287 #endif /* DISABLE_SCTP */ 1287 1288 } else {
Note: See TracChangeset
for help on using the changeset viewer.