upstream/oracle/userland-gate: components/proftpd/patches/mod_tls_self

764 1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	1	--- a/contrib/mod_tls.c
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	2	+++ b/contrib/mod_tls.c
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	3	@@ -3962,6 +3962,7 @@ static int tls_verify_cb(int ok, X509_STORE_CTX *ctx) {
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	4	case X509_V_ERR_CERT_HAS_EXPIRED:
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	5	case X509_V_ERR_CERT_REVOKED:
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	6	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	7	+ case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	8	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	9	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	10	case X509_V_ERR_APPLICATION_VERIFICATION:
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	11	@@ -3986,17 +3987,6 @@ static int tls_verify_cb(int ok, X509_STORE_CTX *ctx) {
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	12	break;
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	13	}
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	14
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	15	- case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	16	- /* XXX this is strange. we get this error for certain clients
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	17	- * (i.e. Jeff Altman's kftp) when all is ok. I think it's because the
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	18	- * client is actually sending the whole CA cert. This must be figured
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	19	- * out, but we let it pass for now. If the CA cert isn't available
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	20	- * locally, we will fail anyway.
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	21	- */
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	22	- tls_log("%s", X509_verify_cert_error_string(ctx->error));
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	23	- ok = 1;
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	24	- break;
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	25	-
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	26	default:
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	27	tls_log("error verifying client certificate: [%d] %s",
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	28	ctx->error, X509_verify_cert_error_string(ctx->error));
1927dad105b7 7145399 Problem with network/ftp_server tomas klacko - Sun Microsystems - Prague Czech Republic <tomas.klacko@oracle.com> parents: diff changeset	29

author	Alex Chiu <Alex.Chiu@Oracle.COM>
	Thu, 14 Jun 2012 11:34:02 -0700
changeset 869	ab908b713ec5
parent 764	1927dad105b7
permissions	-rw-r--r--