#include "intl.h"
#include "utils.h"
#include "ssl.h"
-#include "log.h"
#include "ssl_certificate.h"
static SSL_CTX *ssl_ctx;
void ssl_init(void)
{
SSL_METHOD *meth;
- FILE *cert_test;
/* Global system initialization*/
SSL_library_init();
/* Set default certificate paths */
SSL_CTX_set_default_verify_paths(ssl_ctx);
- /* this problem seems quite common */
- cert_test = fopen (X509_get_default_cert_file(), "r");
- if (cert_test != NULL)
- fclose(cert_test);
- else {
- printf("ssl_init: warning, can't open %s\n", X509_get_default_cert_file());
- printf("ssl_init: it means that certificates' signatures won't appear as Correct,\n");
- printf("ssl_init: even if they should. Check your openssl install.\n");
- }
#if (OPENSSL_VERSION_NUMBER < 0x0090600fL)
SSL_CTX_set_verify_depth(ctx,1);
#endif
ssl = SSL_new(ssl_ctx);
if (ssl == NULL) {
- log_warning(_("Error creating ssl context\n"));
+ g_warning(_("Error creating ssl context\n"));
return FALSE;
}
SSL_set_fd(ssl, sockinfo->sock);
if (SSL_connect(ssl) == -1) {
- log_warning(_("SSL connect failed (%s)\n"),
+ g_warning(_("SSL connect failed (%s)\n"),
ERR_error_string(ERR_get_error(), NULL));
SSL_free(ssl);
return FALSE;
}
/* Get the cipher */
- log_print(_("SSL connection using %s\n"), SSL_get_cipher(ssl));
+
+ debug_print("SSL connection using %s\n", SSL_get_cipher(ssl));
/* Get server's certificate (note: beware of dynamic allocation) */
if ((server_cert = SSL_get_peer_certificate(ssl)) == NULL) {
return FALSE;
}
+/*
if (!ssl_certificate_check(server_cert, sockinfo->hostname, sockinfo->port)) {
X509_free(server_cert);
SSL_free(ssl);
return FALSE;
}
+*/
X509_free(server_cert);
sockinfo->ssl = ssl;