From 8bf864d1d223bcbe457b5a32fffe4a7c2041acce Mon Sep 17 00:00:00 2001
From: "Jean-Marc Pigeon (Delson)" <jmp@safe.ca>
Date: Mon, 5 May 2025 07:15:49 -0400
Subject: [PATCH] Improving certificate verification

---
 lib/unitls.c | 43 +++++++++++++++++++++++++++----------------
 1 file changed, 27 insertions(+), 16 deletions(-)

diff --git a/lib/unitls.c b/lib/unitls.c
index a7a954a..5d65b0e 100644
--- a/lib/unitls.c
+++ b/lib/unitls.c
@@ -379,36 +379,47 @@ while (proceed==true) {
         phase=999;      //no need to go furter
         }
       break;
-    case 2      :       //displaying certificate
-      if (peer!=(X509 *)0) {    //always
-        char *line;
+    case 2      :  {    //displaying certificate
+      char *line;
 
-        line=X509_NAME_oneline(X509_get_subject_name(peer),0,0);
-        (void) rou_alert(2,"Certificate subject=<%s>",line);
-        (void) free(line);
-        line=X509_NAME_oneline(X509_get_issuer_name(peer),0,0);
-        (void) rou_alert(2,"Certificate issuer=<%s>",line);
-        (void) free(line);
-        }
-      break;
-    case 3      :       //everything is fine
-      (void) X509_free(peer);
-      ok=true;
+      line=X509_NAME_oneline(X509_get_subject_name(peer),0,0);
+      (void) rou_alert(2,"Certificate subject=<%s>",line);
+      line=rou_freestr(line);
+      line=X509_NAME_oneline(X509_get_issuer_name(peer),0,0);
+      (void) rou_alert(2,"Certificate issuer=<%s>",line);
+      line=rou_freestr(line);
+      }
       break;
-    case 4      :  {     //verifying certificate
+    case 3      :  {     //verifying certificate
       int verif;
+      char *line;
+      char *cn;         //Certificate Common Name
 
+      cn="CN=Unknown";
+      line=X509_NAME_oneline(X509_get_subject_name(peer),0,0);
+      if (line!=(char *)0) {
+        char *ptr;
+
+        if ((ptr=strstr(line,"CN="))!=(char *)0) 
+          cn=ptr;
+        }
       verif=SSL_get_verify_result(tls->ssl);
       switch (verif) {
         case X509_V_OK  :
-          (void) rou_alert(0,"%s Remote certificate is V_OK",OPEP);
+          (void) rou_alert(0,"Peer [%s], %s; Remote certificate is verified",
+                                 tls->peerip,cn);
           break;
         default         :
           (void) rou_alert(0,"%s Remote certificate status='%d'",OPEP,verif);
           break;
         }
+      line=rou_freestr(line);
       }
       break;
+    case 4      :       //everything is fine
+      (void) X509_free(peer);
+      ok=true;
+      break;
     default     :       //SAFE Guard
       proceed=false;
       break;
-- 
2.47.3