Update structure for partials and examples

2022-01-13 20:42:40 +01:00 · 2022-01-13 20:42:40 +01:00 · 531ddf0721
commit 531ddf0721
parent b1b3d6a960
89 changed files with 79 additions and 79 deletions
--- a/modules/ROOT/examples/Features-TLS-Client-GNUTLS-Verify.adoc
+++ b/modules/ROOT/examples/Features-TLS-Client-GNUTLS-Verify.adoc
@ -0,0 +1,38 @@
+
+// Obtain the server certificate chain.  The server certificate
+// itself is stored in the first element of the array.
+unsigned certslen = 0;
+const gnutls_datum_t *const certs =
+  gnutls_certificate_get_peers(session, &certslen);
+if (certs == NULL || certslen == 0) {
+  fprintf(stderr, "error: could not obtain peer certificate\n");
+  exit(1);
+}
+
+// Validate the certificate chain.
+unsigned status = (unsigned)-1;
+ret = gnutls_certificate_verify_peers3(session, host, &status);
+if (ret != GNUTLS_E_SUCCESS) {
+  fprintf(stderr, "error: gnutls_certificate_verify_peers3: %s\n",
+	    gnutls_strerror(ret));
+  exit(1);
+}
+if (status != 0 && !certificate_validity_override(certs[0])) {
+  gnutls_datum_t msg;
+#if GNUTLS_VERSION_AT_LEAST_3_1_4
+  int type = gnutls_certificate_type_get (session);
+  ret = gnutls_certificate_verification_status_print(status, type, &out, 0);
+#else
+  ret = -1;
+#endif
+  if (ret == 0) {
+    fprintf(stderr, "error: %s\n", msg.data);
+    gnutls_free(msg.data);
+    exit(1);
+  } else {
+    fprintf(stderr, "error: certificate validation failed with code 0x%x\n",
+	      status);
+    exit(1);
+  }
+}
+