commit be672569f079cc36c2815fc4c05adef66d746ba1
parent 8db8abb95406ca4cacaaa89a8550d4f25e8df172
Author: ukai <ukai>
Date: Thu, 27 Dec 2001 02:28:17 +0000
[w3m-dev 02753]
From: Hironori Sakamoto <hsaka@mth.biglobe.ne.jp>
Diffstat:
M | ChangeLog | | | 6 | ++++++ |
M | url.c | | | 79 | ++----------------------------------------------------------------------------- |
2 files changed, 8 insertions(+), 77 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,9 @@
+2001-12-27 Hironori Sakamoto <hsaka@mth.biglobe.ne.jp>
+
+ * [w3m-dev 02753]
+ * url (ssl_verify_error_string): deleted
+ * url.c (openSSLHandle): use X509_verify_cert_error_string()
+
2001-12-27 Fumitoshi UKAI <ukai@debian.or.jp>
* [w3m-dev 02750] RFC2818 server identity check
diff --git a/url.c b/url.c
@@ -272,81 +272,6 @@ init_PRNG()
}
#endif /* SSLEAY_VERSION_NUMBER >= 0x00905100 */
-
-#ifdef USE_SSL_VERIFY
-static const char *
-ssl_verify_error_string(unsigned long verr)
-{
- /* see verify(1ssl) - we can't use ERR_error_string()? */
- switch (verr) {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- return "Unable to get issuer cert";
- case X509_V_ERR_UNABLE_TO_GET_CRL:
- return "Unable to get CRL";
- case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
- return "Unable to decrypt cert signature";
- case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
- return "Unable to decrypt CRL signature";
- case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
- return "Unable to decode issuer public key";
- case X509_V_ERR_CERT_SIGNATURE_FAILURE:
- return "Certificate signature failture";
- case X509_V_ERR_CRL_SIGNATURE_FAILURE:
- return "CRL signature failture";
- case X509_V_ERR_CERT_NOT_YET_VALID:
- return "Certificate not yet valid";
- case X509_V_ERR_CERT_HAS_EXPIRED:
- return "Certificate has expired";
- case X509_V_ERR_CRL_NOT_YET_VALID:
- return "CRL not yet valid";
- case X509_V_ERR_CRL_HAS_EXPIRED:
- return "CRL has expired";
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- return "Error in certificate Not Before: field";
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- return "Error in certificate Not After: field";
- case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
- return "Error in CRL Last Update: field";
- case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
- return "Error in CRL Next Update: field";
- case X509_V_ERR_OUT_OF_MEM:
- return "Out of memory";
- case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
- return "Depth zero self signed certificate";
- case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
- return "Self signed certificate in chain";
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
- return "Unable to get issuer certificate locally";
- case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
- return "Unable to verify leaf signature";
- case X509_V_ERR_CERT_CHAIN_TOO_LONG:
- return "Certificate chain too long";
- case X509_V_ERR_CERT_REVOKED:
- return "Certificate revoked";
- case X509_V_ERR_INVALID_CA:
- return "Invalid CA";
- case X509_V_ERR_PATH_LENGTH_EXCEEDED:
- return "Path length exceeded";
- case X509_V_ERR_INVALID_PURPOSE:
- return "Invalid purpose";
- case X509_V_ERR_CERT_UNTRUSTED:
- return "Certificate untrusted";
- case X509_V_ERR_CERT_REJECTED:
- return "Certificate rejected";
- case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
- return "Subject Issuer mismatch";
- case X509_V_ERR_AKID_SKID_MISMATCH:
- return "akid skid mismatch";
- case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
- return "akid issuer serial mismatch";
- case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
- return "Keyusage no certsign";
- default:
- return "unknown verification error";
- }
-}
-#endif
-
static SSL *
openSSLHandle(int sock, char *hostname)
{
@@ -470,10 +395,10 @@ openSSLHandle(int sock, char *hostname)
}
}
else {
- unsigned long verr;
+ long verr;
X509_free(x);
if ((verr = SSL_get_verify_result(handle)) != X509_V_OK) {
- const char *em = ssl_verify_error_string(verr);
+ const char *em = X509_verify_cert_error_string(verr);
if (accept_this_site
&& strcasecmp(accept_this_site->ptr, hostname) == 0)
ans = "y";