session->verified = false;
/* get the X509 name */
- subject = X509_NAME_oneline (X509_get_subject_name (cert), NULL, 0);
- if (!subject)
+ if (verify_get_subject(&subject, cert))
{
msg (D_TLS_ERRORS, "VERIFY ERROR: depth=%d, could not extract X509 "
"subject string from certificate", cert_depth);
void cert_hash_remember (struct tls_session *session, const int cert_depth,
const unsigned char *sha1_hash);
+/*
+ * Library-specific functions.
+ *
+ * The following functions must be implemented on a library-specific basis.
+ */
+
+/*
+ * Retrieve certificate's subject name, and place it in **subject.
+ *
+ * Memory for subject is allocated in the process, and must be freed.
+ *
+ * @param subject Pointer to memory to be allocated for the subject
+ * @param cert Certificate to retrieve the subject from.
+ *
+ * @return \c 1 on failure, \c 0 on success
+ */
+bool verify_get_subject (char **subject, x509_cert_t *cert);
+
#endif /* SSL_VERIFY_BACKEND_H_ */
return verify_cert(session, ctx->current_cert, ctx->error_depth);
}
+
+int
+verify_get_subject (char **subject, X509 *cert)
+{
+ *subject = X509_NAME_oneline (X509_get_subject_name (cert), NULL, 0);
+ if (!*subject)
+ return 1;
+
+ return 0;
+}
projects / thirdparty / openvpn.git / commitdiff
