42 lines
1.4 KiB
XML
42 lines
1.4 KiB
XML
<?xml version='1.0' encoding='utf-8' ?>
|
|
<!DOCTYPE programlisting PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
]>
|
|
<!-- Automatically generated file. Do not edit. -->
|
|
<programlisting language="C">
|
|
// Obtain the server certificate chain. The server certificate
|
|
// itself is stored in the first element of the array.
|
|
unsigned certslen = 0;
|
|
const gnutls_datum_t *const certs =
|
|
gnutls_certificate_get_peers(session, &certslen);
|
|
if (certs == NULL || certslen == 0) {
|
|
fprintf(stderr, "error: could not obtain peer certificate\n");
|
|
exit(1);
|
|
}
|
|
|
|
// Validate the certificate chain.
|
|
unsigned status = (unsigned)-1;
|
|
ret = gnutls_certificate_verify_peers2(session, &status);
|
|
if (ret != GNUTLS_E_SUCCESS) {
|
|
fprintf(stderr, "error: gnutls_certificate_verify_peers2: %s\n",
|
|
gnutls_strerror(ret));
|
|
exit(1);
|
|
}
|
|
if (status != 0 && !certificate_validity_override(certs[0])) {
|
|
gnutls_datum_t msg;
|
|
#if GNUTLS_VERSION_AT_LEAST_3_1_4
|
|
int type = gnutls_certificate_type_get (session);
|
|
ret = gnutls_certificate_verification_status_print(status, type, &out, 0);
|
|
#else
|
|
ret = -1;
|
|
#endif
|
|
if (ret == 0) {
|
|
fprintf(stderr, "error: %s\n", msg.data);
|
|
gnutls_free(msg.data);
|
|
exit(1);
|
|
} else {
|
|
fprintf(stderr, "error: certificate validation failed with code 0x%x\n",
|
|
status);
|
|
exit(1);
|
|
}
|
|
}
|
|
</programlisting>
|