-static int etpan_certificate_check(const unsigned char *certificate, int len, void *data)
-{
-#ifdef USE_OPENSSL
- struct connect_param *param = (struct connect_param *)data;
- X509 *cert = NULL;
-
- if (certificate == NULL || len < 0) {
- g_warning("no cert presented.\n");
- return 0;
- }
- cert = d2i_X509(NULL, (const unsigned char **)&certificate, len);
- if (cert == NULL) {
- g_warning("nntp: can't get cert\n");
- return 0;
- } else if (ssl_certificate_check(cert, NULL,
- (gchar *)param->server, (gushort)param->port) == TRUE) {
- X509_free(cert);
- return 0;
- } else {
- X509_free(cert);
- return -1;
- }
-#elif USE_GNUTLS
- struct connect_param *param = (struct connect_param *)data;
- gnutls_x509_crt cert = NULL;
- gnutls_datum tmp;
-
- if (certificate == NULL || len < 0) {
- g_warning("no cert presented.\n");
- return 0;
- }
-
- tmp.data = malloc(len);
- memcpy(tmp.data, certificate, len);
- tmp.size = len;
- gnutls_x509_crt_init(&cert);
- if (gnutls_x509_crt_import(cert, &tmp, GNUTLS_X509_FMT_DER) < 0) {
- g_warning("nntp: can't get cert\n");
- return 0;
- } else if (ssl_certificate_check(cert, (guint)-1, NULL,
- (gchar *)param->server, (gushort)param->port) == TRUE) {
- gnutls_x509_crt_deinit(cert);
- return 0;
- } else {
- gnutls_x509_crt_deinit(cert);
- return -1;
- }
-#endif
- return 0;
-}
-