diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-04-09 09:44:01 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-04-09 10:20:44 +0200 |
| commit | e665044f1c8894993665fcc1030dc4344326797a (patch) | |
| tree | 47475cf83c789016a6153bdfd76b6f8ab62c66d0 /src/common.c | |
| parent | f7ad44f1b587e057070f57ceee521b8eecf060db (diff) | |
| download | gnutls-e665044f1c8894993665fcc1030dc4344326797a.tar.gz | |
Replaced gnutls_certificate_verify_peers3() with the extendable gnutls_certificate_verify_peers().
That will allow adding new functionality to verification
without the need to add new functions.
Diffstat (limited to 'src/common.c')
| -rw-r--r-- | src/common.c | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/src/common.c b/src/common.c index 81fea5f254..d878ecf29d 100644 --- a/src/common.c +++ b/src/common.c @@ -285,14 +285,30 @@ print_openpgp_info(gnutls_session_t session, int flag, int print_cert) /* returns false (0) if not verified, or true (1) otherwise */ -int cert_verify(gnutls_session_t session, const char *hostname) +int cert_verify(gnutls_session_t session, const char *hostname, const char *purpose) { int rc; unsigned int status = 0; gnutls_datum_t out; int type; + gnutls_typed_vdata_st data[2]; + unsigned elements = 0; - rc = gnutls_certificate_verify_peers3(session, hostname, &status); + memset(data, 0, sizeof(data)); + + if (hostname) { + data[elements].type = GNUTLS_DT_DNS_HOSTNAME; + data[elements].data = (void*)hostname; + elements++; + } + + if (purpose) { + data[elements].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[elements].data = (void*)purpose; + elements++; + } + + rc = gnutls_certificate_verify_peers(session, data, elements, &status); if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND) { printf("- Peer did not send any certificate.\n"); return 0; |