diff options
author | Alexander Færøy <ahf@0x90.dk> | 2016-10-16 14:15:29 +0200 |
---|---|---|
committer | Alexander Færøy <ahf@0x90.dk> | 2016-10-22 21:58:49 +0200 |
commit | 13f75d49e05b4e29104ef52ee1742564c7eed8df (patch) | |
tree | 15adc1aa07e1a3133da212576b53648821d828bf /src/core | |
parent | b630fd1703ef3a87060bb6d2acbc562b9c1c9081 (diff) | |
download | irssi-13f75d49e05b4e29104ef52ee1742564c7eed8df.zip |
Simplify TLS verification error handling.
Diffstat (limited to 'src/core')
-rw-r--r-- | src/core/network-openssl.c | 34 |
1 files changed, 1 insertions, 33 deletions
diff --git a/src/core/network-openssl.c b/src/core/network-openssl.c index 55fb1157..8e12bd53 100644 --- a/src/core/network-openssl.c +++ b/src/core/network-openssl.c @@ -243,39 +243,7 @@ static gboolean irssi_ssl_verify(SSL *ssl, SSL_CTX *ctx, const char* hostname, i result = SSL_get_verify_result(ssl); if (result != X509_V_OK) { - unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int n; - char *str; - - g_warning("Could not verify SSL servers certificate: %s", - X509_verify_cert_error_string(result)); - if ((str = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0)) == NULL) - g_warning(" Could not get subject-name from peer certificate"); - else { - g_warning(" Subject : %s", str); - free(str); - } - if ((str = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0)) == NULL) - g_warning(" Could not get issuer-name from peer certificate"); - else { - g_warning(" Issuer : %s", str); - free(str); - } - if (! X509_digest(cert, EVP_md5(), md, &n)) - g_warning(" Could not get fingerprint from peer certificate"); - else { - char hex[] = "0123456789ABCDEF"; - char fp[EVP_MAX_MD_SIZE*3]; - if (n < sizeof(fp)) { - unsigned int i; - for (i = 0; i < n; i++) { - fp[i*3+0] = hex[(md[i] >> 4) & 0xF]; - fp[i*3+1] = hex[(md[i] >> 0) & 0xF]; - fp[i*3+2] = i == n - 1 ? '\0' : ':'; - } - g_warning(" MD5 Fingerprint : %s", fp); - } - } + g_warning("Could not verify TLS servers certificate: %s", X509_verify_cert_error_string(result)); return FALSE; } else if (! irssi_ssl_verify_hostname(cert, hostname)){ return FALSE; |