summaryrefslogtreecommitdiff
path: root/cpp/src/IceSSL/Context.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'cpp/src/IceSSL/Context.cpp')
-rw-r--r--cpp/src/IceSSL/Context.cpp16
1 files changed, 14 insertions, 2 deletions
diff --git a/cpp/src/IceSSL/Context.cpp b/cpp/src/IceSSL/Context.cpp
index 03668dce76b..2635a51a9ec 100644
--- a/cpp/src/IceSSL/Context.cpp
+++ b/cpp/src/IceSSL/Context.cpp
@@ -484,7 +484,7 @@ IceSSL::Context::ctx() const
}
void
-IceSSL::Context::validatePeer(SSL* ssl, const string& address, bool incoming)
+IceSSL::Context::verifyPeer(SSL* ssl, const string& address, bool incoming)
{
long result = SSL_get_verify_result(ssl);
if(result != X509_V_OK)
@@ -642,7 +642,19 @@ IceSSL::Context::validatePeer(SSL* ssl, const string& address, bool incoming)
const_cast<string&>(info.address) = address;
const_cast<vector<string>&>(info.dnsNames) = dnsNames;
const_cast<vector<string>&>(info.ipAddresses) = ipAddresses;
- verifier->verify(info);
+ if(!verifier->verify(info))
+ {
+ string msg = string(incoming ? "incoming" : "outgoing") +
+ " connection rejected by certificate verifier";
+ if(_instance->securityTraceLevel() >= 1)
+ {
+ _logger->trace(_instance->securityTraceCategory(), msg + "\n" +
+ IceInternal::fdToString(SSL_get_fd(ssl)));
+ }
+ SecurityException ex(__FILE__, __LINE__);
+ ex.reason = msg;
+ throw ex;
+ }
}
}
catch(...)
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-05 16:02:12 +0000