github
/
aria2
mirror of https://github.com/aria2/aria2
1
0
Fork 0
Code Issues Releases Wiki Activity

gnutls: Added more status checking when verifying peer

pull/31/head
Tatsuhiro Tsujikawa 2012-10-27 17:46:53 +09:00
parent d689ad3bd0
commit d6f73292fa
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/SocketCore.cc
View File

@ -1060,6 +1060,17 @@ bool SocketCore::tlsHandshake(TLSContext* tlsctx, const std::string& hostname)
if(status & GNUTLS_CERT_SIGNER_NOT_FOUND) { if(status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
errors += " `issuer is not known'"; errors += " `issuer is not known'";
} }
// TODO should check GNUTLS_CERT_SIGNER_NOT_CA ?
if(status & GNUTLS_CERT_INSECURE_ALGORITHM) {
errors += " `insecure algorithm'";
}
if(status & GNUTLS_CERT_NOT_ACTIVATED) {
errors += " `not activated yet'";
}
if(status & GNUTLS_CERT_EXPIRED) {
errors += " `expired'";
}
// TODO Add GNUTLS_CERT_SIGNATURE_FAILURE here
if(!errors.empty()) { if(!errors.empty()) {
throw DL_ABORT_EX(fmt(MSG_CERT_VERIFICATION_FAILED, errors.c_str())); throw DL_ABORT_EX(fmt(MSG_CERT_VERIFICATION_FAILED, errors.c_str()));
} }