phase=999; //no need to go furter
}
break;
- case 2 : //displaying certificate
- if (peer!=(X509 *)0) { //always
- char *line;
+ case 2 : { //displaying certificate
+ char *line;
- line=X509_NAME_oneline(X509_get_subject_name(peer),0,0);
- (void) rou_alert(2,"Certificate subject=<%s>",line);
- (void) free(line);
- line=X509_NAME_oneline(X509_get_issuer_name(peer),0,0);
- (void) rou_alert(2,"Certificate issuer=<%s>",line);
- (void) free(line);
- }
- break;
- case 3 : //everything is fine
- (void) X509_free(peer);
- ok=true;
+ line=X509_NAME_oneline(X509_get_subject_name(peer),0,0);
+ (void) rou_alert(2,"Certificate subject=<%s>",line);
+ line=rou_freestr(line);
+ line=X509_NAME_oneline(X509_get_issuer_name(peer),0,0);
+ (void) rou_alert(2,"Certificate issuer=<%s>",line);
+ line=rou_freestr(line);
+ }
break;
- case 4 : { //verifying certificate
+ case 3 : { //verifying certificate
int verif;
+ char *line;
+ char *cn; //Certificate Common Name
+ cn="CN=Unknown";
+ line=X509_NAME_oneline(X509_get_subject_name(peer),0,0);
+ if (line!=(char *)0) {
+ char *ptr;
+
+ if ((ptr=strstr(line,"CN="))!=(char *)0)
+ cn=ptr;
+ }
verif=SSL_get_verify_result(tls->ssl);
switch (verif) {
case X509_V_OK :
- (void) rou_alert(0,"%s Remote certificate is V_OK",OPEP);
+ (void) rou_alert(0,"Peer [%s], %s; Remote certificate is verified",
+ tls->peerip,cn);
break;
default :
(void) rou_alert(0,"%s Remote certificate status='%d'",OPEP,verif);
break;
}
+ line=rou_freestr(line);
}
break;
+ case 4 : //everything is fine
+ (void) X509_free(peer);
+ ok=true;
+ break;
default : //SAFE Guard
proceed=false;
break;