38 lines
1.1 KiB
Text
38 lines
1.1 KiB
Text
|
|
// Obtain the server certificate chain. The server certificate
|
|
// itself is stored in the first element of the array.
|
|
unsigned certslen = 0;
|
|
const gnutls_datum_t *const certs =
|
|
gnutls_certificate_get_peers(session, &certslen);
|
|
if (certs == NULL || certslen == 0) {
|
|
fprintf(stderr, "error: could not obtain peer certificate\n");
|
|
exit(1);
|
|
}
|
|
|
|
// Validate the certificate chain.
|
|
unsigned status = (unsigned)-1;
|
|
ret = gnutls_certificate_verify_peers3(session, host, &status);
|
|
if (ret != GNUTLS_E_SUCCESS) {
|
|
fprintf(stderr, "error: gnutls_certificate_verify_peers3: %s\n",
|
|
gnutls_strerror(ret));
|
|
exit(1);
|
|
}
|
|
if (status != 0 && !certificate_validity_override(certs[0])) {
|
|
gnutls_datum_t msg;
|
|
#if GNUTLS_VERSION_AT_LEAST_3_1_4
|
|
int type = gnutls_certificate_type_get (session);
|
|
ret = gnutls_certificate_verification_status_print(status, type, &out, 0);
|
|
#else
|
|
ret = -1;
|
|
#endif
|
|
if (ret == 0) {
|
|
fprintf(stderr, "error: %s\n", msg.data);
|
|
gnutls_free(msg.data);
|
|
exit(1);
|
|
} else {
|
|
fprintf(stderr, "error: certificate validation failed with code 0x%x\n",
|
|
status);
|
|
exit(1);
|
|
}
|
|
}
|
|
|