diff options
author | Andreas Kotes <count@flatline.de> | 2014-04-16 21:37:48 +0200 |
---|---|---|
committer | Andreas Kotes <count@flatline.de> | 2014-04-16 21:37:48 +0200 |
commit | 3c74b2a12a4a9e10fd768dad5ecb1f66f2be9afa (patch) | |
tree | d5a5c639cc32a1e5ab304733fdaa48c53527736b /vchat-ssl.c | |
parent | 3297473435ad53b6691d6c772f83457a72134c48 (diff) |
reintroduce ignssl, safeguard pinning
Diffstat (limited to 'vchat-ssl.c')
-rwxr-xr-x | vchat-ssl.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/vchat-ssl.c b/vchat-ssl.c index d240cbd..9495877 100755 --- a/vchat-ssl.c +++ b/vchat-ssl.c | |||
@@ -164,6 +164,14 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store ) | |||
164 | if (sslp) { | 164 | if (sslp) { |
165 | long result = SSL_get_verify_result(sslp); | 165 | long result = SSL_get_verify_result(sslp); |
166 | 166 | ||
167 | #if 1 == 1 | ||
168 | if (result == X509_V_OK) { | ||
169 | return 0; | ||
170 | } else if (getintoption(CF_IGNSSL)) { | ||
171 | writecf(FS_ERR, "[SSL VERIFY ERROR ] FAILURE IGNORED!!!"); | ||
172 | return 0; | ||
173 | } | ||
174 | #else | ||
167 | /* show & verify fingerprint */ | 175 | /* show & verify fingerprint */ |
168 | if (result == X509_V_OK) { | 176 | if (result == X509_V_OK) { |
169 | X509 *peercert = SSL_get_peer_certificate(sslp); | 177 | X509 *peercert = SSL_get_peer_certificate(sslp); |
@@ -227,6 +235,7 @@ int vc_connect_ssl( BIO **conn, vc_x509store_t *vc_store ) | |||
227 | } | 235 | } |
228 | } | 236 | } |
229 | } | 237 | } |
238 | #endif | ||
230 | } | 239 | } |
231 | } | 240 | } |
232 | } | 241 | } |
@@ -305,7 +314,7 @@ int vc_verify_callback(int ok, X509_STORE_CTX *store) | |||
305 | X509_verify_cert_error_string(store->error)); | 314 | X509_verify_cert_error_string(store->error)); |
306 | writecf(FS_ERR, tmpstr); | 315 | writecf(FS_ERR, tmpstr); |
307 | } | 316 | } |
308 | return ok; | 317 | return (ok | getintoption(CF_IGNSSL)); |
309 | } | 318 | } |
310 | 319 | ||
311 | void vc_x509store_setflags(vc_x509store_t *store, int flags) | 320 | void vc_x509store_setflags(vc_x509store_t *store, int flags) |