# 
# AUTHOR <EMAIL@ADDRESS>, YEAR.
#
msgid ""
msgstr ""
"Project-Id-Version: 0\n"
"POT-Creation-Date: 2013-08-13T01:54:52\n"
"PO-Revision-Date: 2013-08-13T01:54:52\n"
"Last-Translator: Automatically generated\n"
"Language-Team: None\n"
"MIME-Version: 1.0\n"
"Content-Type: application/x-publican; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"

#. Tag: programlisting
#, no-c-format
msgid "\n"
"// Create the connection object.\n"
"SSL *ssl = SSL_new(ctx);\n"
"if (ssl == NULL) {\n"
"  ERR_print_errors(bio_err);\n"
"  exit(1);\n"
"}\n"
"SSL_set_fd(ssl, sockfd);\n"
"\n"
"// Enable the ServerNameIndication extension\n"
"if (!SSL_set_tlsext_host_name(ssl, host)) {\n"
"  ERR_print_errors(bio_err);\n"
"  exit(1);\n"
"}\n"
"\n"
"// Perform the TLS handshake with the server.\n"
"ret = SSL_connect(ssl);\n"
"if (ret != 1) {\n"
"  // Error status can be 0 or negative.\n"
"  ssl_print_error_and_exit(ssl, \"SSL_connect\", ret);\n"
"}\n"
"\n"
"// Obtain the server certificate.\n"
"X509 *peercert = SSL_get_peer_certificate(ssl);\n"
"if (peercert == NULL) {\n"
"  fprintf(stderr, \"peer certificate missing\");\n"
"  exit(1);\n"
"}\n"
"\n"
"// Check the certificate verification result.  Allow an explicit\n"
"// certificate validation override in case verification fails.\n"
"int verifystatus = SSL_get_verify_result(ssl);\n"
"if (verifystatus != X509_V_OK &amp;&amp; !certificate_validity_override(peercert)) {\n"
"  fprintf(stderr, \"SSL_connect: verify result: %s\n"
"\",\n"
"	    X509_verify_cert_error_string(verifystatus));\n"
"  exit(1);\n"
"}\n"
"\n"
"// Check if the server certificate matches the host name used to\n"
"// establish the connection.\n"
"// FIXME: Currently needs OpenSSL 1.1.\n"
"if (X509_check_host(peercert, (const unsigned char *)host, strlen(host),\n"
"		      0) != 1\n"
"    &amp;&amp; !certificate_host_name_override(peercert, host)) {\n"
"  fprintf(stderr, \"SSL certificate does not match host name\n"
"\");\n"
"  exit(1);\n"
"}\n"
"\n"
"X509_free(peercert);\n"
"\n"
""
msgstr ""