interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixed error detection in certificate verification.

This commit is contained in:
Jim Hague 2018-12-11 17:56:14 +00:00
parent ab69a9a7da
commit aa49a935c7
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/stub.c
View File

@ -958,7 +958,7 @@ tls_do_handshake(getdns_upstream *upstream)
const char* verify_errmsg; const char* verify_errmsg;
if (_getdns_tls_connection_certificate_verify(upstream->tls_obj, &verify_errno, &verify_errmsg)) { if (_getdns_tls_connection_certificate_verify(upstream->tls_obj, &verify_errno, &verify_errmsg)) {
upstream->tls_auth_state = GETDNS_AUTH_OK; upstream->tls_auth_state = GETDNS_AUTH_FAILED;
if (verify_errno != 0) { if (verify_errno != 0) {
_getdns_upstream_log(upstream, _getdns_upstream_log(upstream,
GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_UPSTREAM_STATS,
@ -978,9 +978,10 @@ tls_do_handshake(getdns_upstream *upstream)
( upstream->tls_fallback_ok ( upstream->tls_fallback_ok
? "Tolerated because of Opportunistic profile" ? "Tolerated because of Opportunistic profile"
: "*Failure*" ), : "*Failure*" ),
verify_errno, verify_errmsg); verify_errmsg);
} }
} else { } else {
upstream->tls_auth_state = GETDNS_AUTH_OK;
_getdns_upstream_log(upstream, _getdns_upstream_log(upstream,
GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
"%-40s : Verify passed : TLS\n", "%-40s : Verify passed : TLS\n",