aboutsummaryrefslogtreecommitdiffstats
path: root/socket.c
diff options
context:
space:
mode:
authorMatthias Andree <matthias.andree@gmx.de>2009-08-05 22:55:43 +0000
committerMatthias Andree <matthias.andree@gmx.de>2009-08-05 22:55:43 +0000
commitc47559dc34fd1e93c467664270ec9aef5693ba5c (patch)
tree7c4866f944848e7b3f28fdd0e40930a8630aa74d /socket.c
parent3341cc4c85b751239db0fd9f3800f71a16d6cdc9 (diff)
downloadfetchmail-c47559dc34fd1e93c467664270ec9aef5693ba5c.tar.gz
fetchmail-c47559dc34fd1e93c467664270ec9aef5693ba5c.tar.bz2
fetchmail-c47559dc34fd1e93c467664270ec9aef5693ba5c.zip
Use sdump to display non-printing characters in certificate subject names.
svn path=/branches/BRANCH_6-3/; revision=5393
Diffstat (limited to 'socket.c')
-rw-r--r--socket.c20
1 files changed, 14 insertions, 6 deletions
diff --git a/socket.c b/socket.c
index 45f03a6b..dd025356 100644
--- a/socket.c
+++ b/socket.c
@@ -52,6 +52,7 @@
#include "fetchmail.h"
#include "getaddrinfo.h"
#include "i18n.h"
+#include "sdump.h"
/* Defines to allow BeOS and Cygwin to play nice... */
#ifdef __BEOS__
@@ -598,6 +599,7 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
const EVP_MD *digest_tp;
unsigned int dsz, esz;
X509_NAME *subj, *issuer;
+ char *tt;
x509_cert = X509_STORE_CTX_get_current_cert(ctx);
err = X509_STORE_CTX_get_error(ctx);
@@ -611,13 +613,15 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
if (outlevel >= O_VERBOSE) {
if ((i = X509_NAME_get_text_by_NID(issuer, NID_organizationName, buf, sizeof(buf))) != -1) {
- report(stdout, GT_("Issuer Organization: %s\n"), buf);
+ report(stdout, GT_("Issuer Organization: %s\n"), (tt = sdump(buf, i)));
+ xfree(tt);
if ((size_t)i >= sizeof(buf) - 1)
report(stdout, GT_("Warning: Issuer Organization Name too long (possibly truncated).\n"));
} else
report(stdout, GT_("Unknown Organization\n"));
if ((i = X509_NAME_get_text_by_NID(issuer, NID_commonName, buf, sizeof(buf))) != -1) {
- report(stdout, GT_("Issuer CommonName: %s\n"), buf);
+ report(stdout, GT_("Issuer CommonName: %s\n"), (tt = sdump(buf, i)));
+ xfree(tt);
if ((size_t)i >= sizeof(buf) - 1)
report(stdout, GT_("Warning: Issuer CommonName too long (possibly truncated).\n"));
} else
@@ -625,7 +629,8 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
}
if ((i = X509_NAME_get_text_by_NID(subj, NID_commonName, buf, sizeof(buf))) != -1) {
if (outlevel >= O_VERBOSE)
- report(stdout, GT_("Server CommonName: %s\n"), buf);
+ report(stdout, GT_("Server CommonName: %s\n"), (tt = sdump(buf, i)));
+ xfree(tt);
if ((size_t)i >= sizeof(buf) - 1) {
/* Possible truncation. In this case, this is a DNS name, so this
* is really bad. We do not tolerate this even in the non-strict case. */
@@ -662,8 +667,10 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
sk_GENERAL_NAME_free(gens);
return 0;
}
- if (outlevel >= O_VERBOSE)
- report(stdout, GT_("Subject Alternative Name: %s\n"), p1);
+ if (outlevel >= O_VERBOSE) {
+ report(stdout, GT_("Subject Alternative Name: %s\n"), (tt = sdump(p1, (size_t)gn->d.ia5->length)));
+ xfree(tt);
+ }
if (*p1 == '*') {
++p1;
n = strlen(p2) - strlen(p1);
@@ -689,7 +696,8 @@ static int SSL_verify_callback( int ok_return, X509_STORE_CTX *ctx, int strict )
if (!matched) {
report(stderr,
GT_("Server CommonName mismatch: %s != %s\n"),
- buf, _ssl_server_cname );
+ (tt = sdump(buf, i)), _ssl_server_cname );
+ xfree(tt);
if (ok_return && strict)
return (0);
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-21 21:47:32 +0000