Fixed bugs while developing tests for IceSSL

author: Anthony Neal <aneal@zeroc.com> 2002-03-24 00:08:08 +0000
committer: Anthony Neal <aneal@zeroc.com> 2002-03-24 00:08:08 +0000
commit: 8adad8d4286c63735ef6bdd6a35c1f43a2f5b975 (patch)
tree: 6bc7f117c631b6ca8c78e82e33f7f3c8ead9b756 /cpp/src/Ice/SslConnectionOpenSSLClient.cpp
parent: Updated to contain better verification directives. (diff)
download: ice-8adad8d4286c63735ef6bdd6a35c1f43a2f5b975.tar.bz2
ice-8adad8d4286c63735ef6bdd6a35c1f43a2f5b975.tar.xz
ice-8adad8d4286c63735ef6bdd6a35c1f43a2f5b975.zip
1 files changed, 27 insertions, 6 deletions
diff --git a/cpp/src/Ice/SslConnectionOpenSSLClient.cpp b/cpp/src/Ice/SslConnectionOpenSSLClient.cpp
index 86b44d65b56..519ca3f9d7f 100644
--- a/cpp/src/Ice/SslConnectionOpenSSLClient.cpp
+++ b/cpp/src/Ice/SslConnectionOpenSSLClient.cpp
@@ -108,7 +108,7 @@ IceSSL::OpenSSL::ClientConnection::init(int timeout)
 
         // Find out what the error was (if any).
         int code = getLastError();
-
+
         switch (code)
         {
             case SSL_ERROR_WANT_READ:
@@ -173,18 +173,39 @@ IceSSL::OpenSSL::ClientConnection::init(int timeout)
                     protocolEx._message = "Encountered an EOF during handshake that violates the SSL Protocol.\n";
                     protocolEx._message += sslGetErrors();
 
-                    throw protocolEx;
+                    throw protocolEx;
                 }
             }
 
             case SSL_ERROR_SSL:
             {
-                ProtocolException protocolEx(__FILE__, __LINE__);
+                int verifyError = SSL_get_verify_result(_sslConnection);
+
+                if (verifyError != X509_V_OK && verifyError != 1)
+	        {
+                    CertificateVerificationException certVerEx(__FILE__, __LINE__);
+
+                    certVerEx._message = "SSL certificate verification error.";
+
+                    string errors = sslGetErrors();
+
+                    if (!errors.empty())
+                    {
+                        certVerEx._message += "\n";
+                        certVerEx._message += errors;
+                    }
+
+                    throw certVerEx;
+	        }
+                else
+                {
+                    ProtocolException protocolEx(__FILE__, __LINE__);
 
-                protocolEx._message = "Encountered a violation of the SSL Protocol during handshake.\n";
-                protocolEx._message += sslGetErrors();
+                    protocolEx._message = "Encountered a violation of the SSL Protocol during handshake.\n";
+                    protocolEx._message += sslGetErrors();
 
-                throw protocolEx;
+                    throw protocolEx;
+                }
             }
         }
author	Anthony Neal <aneal@zeroc.com>	2002-03-24 00:08:08 +0000
committer	Anthony Neal <aneal@zeroc.com>	2002-03-24 00:08:08 +0000
commit	8adad8d4286c63735ef6bdd6a35c1f43a2f5b975 (patch)
tree	6bc7f117c631b6ca8c78e82e33f7f3c8ead9b756 /cpp/src/Ice/SslConnectionOpenSSLClient.cpp
parent	Updated to contain better verification directives. (diff)
download	ice-8adad8d4286c63735ef6bdd6a35c1f43a2f5b975.tar.bz2 ice-8adad8d4286c63735ef6bdd6a35c1f43a2f5b975.tar.xz ice-8adad8d4286c63735ef6bdd6a35c1f43a2f5b975.zip