71 lines
2 KiB
Text
71 lines
2 KiB
Text
#
|
|
# AUTHOR <EMAIL@ADDRESS>, YEAR.
|
|
#
|
|
msgid ""
|
|
msgstr ""
|
|
"Project-Id-Version: 0\n"
|
|
"POT-Creation-Date: 2013-08-13T01:54:52\n"
|
|
"PO-Revision-Date: 2013-08-13T01:54:52\n"
|
|
"Last-Translator: Automatically generated\n"
|
|
"Language-Team: None\n"
|
|
"MIME-Version: 1.0\n"
|
|
"Content-Type: application/x-publican; charset=UTF-8\n"
|
|
"Content-Transfer-Encoding: 8bit\n"
|
|
|
|
#. Tag: programlisting
|
|
#, no-c-format
|
|
msgid "\n"
|
|
"// Create the connection object.\n"
|
|
"SSL *ssl = SSL_new(ctx);\n"
|
|
"if (ssl == NULL) {\n"
|
|
" ERR_print_errors(bio_err);\n"
|
|
" exit(1);\n"
|
|
"}\n"
|
|
"SSL_set_fd(ssl, sockfd);\n"
|
|
"\n"
|
|
"// Enable the ServerNameIndication extension\n"
|
|
"if (!SSL_set_tlsext_host_name(ssl, host)) {\n"
|
|
" ERR_print_errors(bio_err);\n"
|
|
" exit(1);\n"
|
|
"}\n"
|
|
"\n"
|
|
"// Perform the TLS handshake with the server.\n"
|
|
"ret = SSL_connect(ssl);\n"
|
|
"if (ret != 1) {\n"
|
|
" // Error status can be 0 or negative.\n"
|
|
" ssl_print_error_and_exit(ssl, \"SSL_connect\", ret);\n"
|
|
"}\n"
|
|
"\n"
|
|
"// Obtain the server certificate.\n"
|
|
"X509 *peercert = SSL_get_peer_certificate(ssl);\n"
|
|
"if (peercert == NULL) {\n"
|
|
" fprintf(stderr, \"peer certificate missing\");\n"
|
|
" exit(1);\n"
|
|
"}\n"
|
|
"\n"
|
|
"// Check the certificate verification result. Allow an explicit\n"
|
|
"// certificate validation override in case verification fails.\n"
|
|
"int verifystatus = SSL_get_verify_result(ssl);\n"
|
|
"if (verifystatus != X509_V_OK && !certificate_validity_override(peercert)) {\n"
|
|
" fprintf(stderr, \"SSL_connect: verify result: %s\n"
|
|
"\",\n"
|
|
" X509_verify_cert_error_string(verifystatus));\n"
|
|
" exit(1);\n"
|
|
"}\n"
|
|
"\n"
|
|
"// Check if the server certificate matches the host name used to\n"
|
|
"// establish the connection.\n"
|
|
"// FIXME: Currently needs OpenSSL 1.1.\n"
|
|
"if (X509_check_host(peercert, (const unsigned char *)host, strlen(host),\n"
|
|
" 0) != 1\n"
|
|
" && !certificate_host_name_override(peercert, host)) {\n"
|
|
" fprintf(stderr, \"SSL certificate does not match host name\n"
|
|
"\");\n"
|
|
" exit(1);\n"
|
|
"}\n"
|
|
"\n"
|
|
"X509_free(peercert);\n"
|
|
"\n"
|
|
""
|
|
msgstr ""
|
|
|