diff options
| author | Simon Josefsson <simon@josefsson.org> | 2008-04-29 00:15:10 +0200 |
|---|---|---|
| committer | Simon Josefsson <simon@josefsson.org> | 2008-04-29 00:15:10 +0200 |
| commit | 21e52370c84be4d1a804070351024e8a212f8bc6 (patch) | |
| tree | bffba1f926c8446da050ef36eddb18c4323e0aed /src | |
| parent | 08e4c95c3659544c39b93539d62209d4c296d5b1 (diff) | |
| parent | a0e582d0c183dfad274a82c02a54bb5317a987a4 (diff) | |
| download | gnutls-21e52370c84be4d1a804070351024e8a212f8bc6.tar.gz | |
Merge branch 'master' of ssh://jas@git.sv.gnu.org/srv/git/gnutls
Diffstat (limited to 'src')
| -rw-r--r-- | src/cli.c | 4 | ||||
| -rw-r--r-- | src/common.c | 25 | ||||
| -rw-r--r-- | src/common.h | 4 | ||||
| -rw-r--r-- | src/serv.c | 4 | ||||
| -rw-r--r-- | src/tests.c | 2 |
5 files changed, 23 insertions, 16 deletions
@@ -649,7 +649,7 @@ main (int argc, char **argv) gnutls_session_get_id (hd.session, session_id, &session_id_size); /* print some information */ - print_info (hd.session, hostname); + print_info (hd.session, hostname, info.insecure); printf ("- Disconnecting\n"); socket_bye (&hd); @@ -933,7 +933,7 @@ do_handshake (socket_st * socket) if (ret == 0) { /* print some information */ - print_info (socket->session, socket->hostname); + print_info (socket->session, socket->hostname, info.insecure); if ((x509_cafile || pgp_keyring) && !insecure) { diff --git a/src/common.c b/src/common.c index aec6966299..964a9fc844 100644 --- a/src/common.c +++ b/src/common.c @@ -82,7 +82,7 @@ my_ctime (const time_t * tv) void -print_x509_info (gnutls_session_t session, const char *hostname) +print_x509_info (gnutls_session_t session, const char *hostname, int insecure) { gnutls_x509_crt_t crt; const gnutls_datum_t *cert_list; @@ -153,6 +153,8 @@ print_x509_info (gnutls_session_t session, const char *hostname) printf (" # The hostname in the certificate does NOT match '%s'.\n", hostname); + if (!insecure) + exit(1); } else { @@ -280,7 +282,7 @@ print_x509_info (gnutls_session_t session, const char *hostname) #ifdef ENABLE_OPENPGP void -print_openpgp_info (gnutls_session_t session, const char *hostname) +print_openpgp_info (gnutls_session_t session, const char *hostname, int insecure) { char digest[20]; @@ -340,12 +342,14 @@ print_openpgp_info (gnutls_session_t session, const char *hostname) if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0) { printf - (" # The hostname in the key does NOT match '%s'.\n", + (" # The hostname in the certificate does NOT match '%s'.\n", hostname); + if (!insecure) + exit(1); } else { - printf (" # The hostname in the key matches '%s'.\n", hostname); + printf (" # The hostname in the certificate matches '%s'.\n", hostname); } } @@ -517,7 +521,7 @@ print_dh_info (gnutls_session_t session, const char *str) } int -print_info (gnutls_session_t session, const char *hostname) +print_info (gnutls_session_t session, const char *hostname, int insecure) { const char *tmp; gnutls_credentials_type_t cred; @@ -577,7 +581,7 @@ print_info (gnutls_session_t session, const char *hostname) if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) print_dh_info (session, "Ephemeral "); - print_cert_info (session, hostname); + print_cert_info (session, hostname, insecure); print_cert_vrfy (session); @@ -612,7 +616,7 @@ print_info (gnutls_session_t session, const char *hostname) } void -print_cert_info (gnutls_session_t session, const char *hostname) +print_cert_info (gnutls_session_t session, const char *hostname, int insecure) { if (gnutls_certificate_client_get_request_status (session) != 0) @@ -623,15 +627,18 @@ print_cert_info (gnutls_session_t session, const char *hostname) { case GNUTLS_CRT_UNKNOWN: printf ("Unknown\n"); + + if (!insecure) + exit(1); break; case GNUTLS_CRT_X509: printf ("X.509\n"); - print_x509_info (session, hostname); + print_x509_info (session, hostname, insecure); break; #ifdef ENABLE_OPENPGP case GNUTLS_CRT_OPENPGP: printf ("OpenPGP\n"); - print_openpgp_info (session, hostname); + print_openpgp_info (session, hostname, insecure); break; #endif } diff --git a/src/common.h b/src/common.h index d22d995c13..89d22ce944 100644 --- a/src/common.h +++ b/src/common.h @@ -23,8 +23,8 @@ extern const char str_unknown[]; -int print_info (gnutls_session_t state, const char *hostname); -void print_cert_info (gnutls_session_t state, const char *hostname); +int print_info (gnutls_session_t state, const char *hostname, int insecure); +void print_cert_info (gnutls_session_t state, const char *hostname, int insecure); void print_list (int verbose); void parse_comp (char **comp, int ncomp, int *comp_priority); diff --git a/src/serv.c b/src/serv.c index 2edaca30e6..a9864f5fb2 100644 --- a/src/serv.c +++ b/src/serv.c @@ -1143,7 +1143,7 @@ main (int argc, char **argv) addr_ntop ((struct sockaddr *)&client_address, calen, topbuf, sizeof (topbuf)), get_port (&client_address)); - print_info (j->tls_session, NULL); + print_info (j->tls_session, NULL, 1); } j->handshake_ok = 1; } @@ -1240,7 +1240,7 @@ main (int argc, char **argv) topbuf, sizeof (topbuf)), get_port (&client_address)); - print_info (j->tls_session, NULL); + print_info (j->tls_session, NULL, 1); } j->handshake_ok = 1; } diff --git a/src/tests.c b/src/tests.c index 66cd61baf4..844013f26a 100644 --- a/src/tests.c +++ b/src/tests.c @@ -1086,7 +1086,7 @@ test_certificate (gnutls_session_t session) return ret; printf ("\n"); - print_cert_info (session, hostname); + print_cert_info (session, hostname, 1); return TEST_SUCCEED; } |