mirror of https://github.com/Icinga/icinga2.git
Gunnar Beutner
parent
311cce5d41
commit
fd6fe82606
|
|
@ -36,7 +36,7 @@ bool I2_EXPORT TlsStream::m_SSLIndexInitialized = false;
|
|||
* @param sslContext The SSL context for the client.
|
||||
*/
|
||||
TlsStream::TlsStream(const Socket::Ptr& socket, ConnectionRole role, const shared_ptr<SSL_CTX>& sslContext)
|
||||
: m_Eof(false), m_Socket(socket), m_Role(role), m_VerifyOK(false)
|
||||
: m_Eof(false), m_Socket(socket), m_Role(role), m_VerifyOK(true)
|
||||
{
|
||||
std::ostringstream msgbuf;
|
||||
char errbuf[120];
|
||||
|
|
@ -75,7 +75,8 @@ int TlsStream::ValidateCertificate(int preverify_ok, X509_STORE_CTX *ctx)
|
|||
{
|
||||
SSL *ssl = static_cast<SSL *>(X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
|
||||
TlsStream *stream = static_cast<TlsStream *>(SSL_get_ex_data(ssl, m_SSLIndex));
|
||||
stream->m_VerifyOK = preverify_ok;
|
||||
if (!preverify_ok)
|
||||
stream->m_VerifyOK = false;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -119,16 +119,21 @@ int PKISignCSRCommand::Run(const boost::program_options::variables_map& vm, cons
|
|||
|
||||
X509 *cert = CreateCert(pubkey, X509_REQ_get_subject_name(req), X509_get_subject_name(cacert), privkey, false);
|
||||
|
||||
EVP_PKEY_free(pubkey);
|
||||
X509_free(cacert);
|
||||
|
||||
BIO *certbio = BIO_new_fp(stdout, BIO_NOCLOSE);
|
||||
|
||||
if (!PEM_write_bio_X509(certbio, cert)) {
|
||||
BIO_free(certbio);
|
||||
|
||||
msgbuf << "Could not write X509 certificate: " << ERR_peek_error() << ", \"" << ERR_error_string(ERR_peek_error(), errbuf) << "\"";
|
||||
Log(LogCritical, "SSL", msgbuf.str());
|
||||
return 1;
|
||||
}
|
||||
|
||||
X509_free(cert);
|
||||
|
||||
BIO_free(certbio);
|
||||
|
||||
return 0;
|
||||
|
|
|
|||
Loading…
Reference in New Issue