From 38d1eba3b57d13ece2ee65596306059054789a82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 23 Aug 2013 10:44:29 +0200 Subject: [PATCH] Move verify_result from ssl_context to session --- include/polarssl/ssl.h | 1 + library/ssl_cache.c | 2 ++ library/ssl_tls.c | 12 ++++++------ programs/ssl/ssl_client2.c | 3 +++ 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index d5a2fc001..bf6b10cb8 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -355,6 +355,7 @@ struct _ssl_session #if defined(POLARSSL_X509_PARSE_C) x509_cert *peer_cert; /*!< peer X.509 cert chain */ #endif /* POLARSSL_X509_PARSE_C */ + int verify_result; /*!< verification result */ #if defined(POLARSSL_SSL_SESSION_TICKETS) unsigned char *ticket; /*!< RFC 5077 session ticket */ diff --git a/library/ssl_cache.c b/library/ssl_cache.c index f5d3e48cc..7c7da4b17 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -83,6 +83,8 @@ int ssl_cache_get( void *data, ssl_session *session ) memcpy( session->master, entry->session.master, 48 ); + session->verify_result = entry->session.verify_result; + #if defined(POLARSSL_X509_PARSE_C) /* * Restore peer certificate (without rest of the original chain) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9c1e53a4c..625cafd40 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2113,7 +2113,7 @@ int ssl_parse_certificate( ssl_context *ssl ) if( ssl->endpoint == SSL_IS_SERVER && ssl->authmode == SSL_VERIFY_NONE ) { - ssl->verify_result = BADCERT_SKIP_VERIFY; + ssl->session_negotiate->verify_result = BADCERT_SKIP_VERIFY; SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); ssl->state++; return( 0 ); @@ -2140,7 +2140,7 @@ int ssl_parse_certificate( ssl_context *ssl ) { SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) ); - ssl->verify_result = BADCERT_MISSING; + ssl->session_negotiate->verify_result = BADCERT_MISSING; if( ssl->authmode == SSL_VERIFY_OPTIONAL ) return( 0 ); else @@ -2158,7 +2158,7 @@ int ssl_parse_certificate( ssl_context *ssl ) { SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); - ssl->verify_result = BADCERT_MISSING; + ssl->session_negotiate->verify_result = BADCERT_MISSING; if( ssl->authmode == SSL_VERIFY_REQUIRED ) return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE ); else @@ -2241,8 +2241,8 @@ int ssl_parse_certificate( ssl_context *ssl ) } ret = x509parse_verify( ssl->session_negotiate->peer_cert, - ssl->ca_chain, ssl->ca_crl, - ssl->peer_cn, &ssl->verify_result, + ssl->ca_chain, ssl->ca_crl, ssl->peer_cn, + &ssl->session_negotiate->verify_result, ssl->f_vrfy, ssl->p_vrfy ); if( ret != 0 ) @@ -3325,7 +3325,7 @@ size_t ssl_get_bytes_avail( const ssl_context *ssl ) int ssl_get_verify_result( const ssl_context *ssl ) { - return( ssl->verify_result ); + return( ssl->session->verify_result ); } const char *ssl_get_ciphersuite( const ssl_context *ssl ) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 7dd11b9b7..dd7fc465e 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -859,6 +859,9 @@ send_request: { --opt.reconnect; + printf( " ! Press a key to reconnect\n" ); + (void) getchar(); + printf( " . Reconnecting with saved session..." ); fflush( stdout );