Skip to content
Snippets Groups Projects
Commit 5068de7b authored by Seva's avatar Seva Committed by Adrien Béraud
Browse files

http: remove x509 subject name logging in verify cb

parent 2a5f786f
No related branches found
No related tags found
No related merge requests found
...@@ -169,18 +169,9 @@ Connection::set_endpoint(const asio::ip::tcp::endpoint& endpoint, const asio::ss ...@@ -169,18 +169,9 @@ Connection::set_endpoint(const asio::ip::tcp::endpoint& endpoint, const asio::ss
auto hostname = endpoint_.address().to_string(); auto hostname = endpoint_.address().to_string();
ssl_socket_->asio_ssl_stream().set_verify_mode(verify_mode); ssl_socket_->asio_ssl_stream().set_verify_mode(verify_mode);
ssl_socket_->asio_ssl_stream().set_verify_callback( ssl_socket_->asio_ssl_stream().set_verify_callback(
[this, hostname](bool preverified, asio::ssl::verify_context& ctx) -> bool [this, hostname](bool preverified, asio::ssl::verify_context& ctx) -> bool {
{
// extract cert info prior to verification
char subject_name[256];
X509* cert = X509_STORE_CTX_get_current_cert(ctx.native_handle());
X509_NAME_oneline(X509_get_subject_name(cert), subject_name, 256);
if (logger_)
logger_->d("[http:client] [connection:%i] verify certificate: %s", id_, subject_name);
// run the verification
auto verifier = asio::ssl::rfc2818_verification(hostname); auto verifier = asio::ssl::rfc2818_verification(hostname);
bool verified = verifier(preverified, ctx); bool verified = verifier(preverified, ctx);
// post verification, codes: https://www.openssl.org/docs/man1.0.2/man1/verify.html
auto verify_ec = X509_STORE_CTX_get_error(ctx.native_handle()); auto verify_ec = X509_STORE_CTX_get_error(ctx.native_handle());
if (verify_ec == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN /*19*/) if (verify_ec == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN /*19*/)
verified = true; verified = true;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment