ObjOpenSSL  Check-in [62d33a0d4a]

Overview
Comment:Fix uninitialized access (random error message) in certificate verification
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 62d33a0d4addeabf8f034bb2005a9a7f2d2dae4f3dd1c229cb36b88d03b01a1b
User & Date: florob@babelmonkeys.de on 2012-09-17 14:50:33
Other Links: manifest | tags
Context
2012-09-17
15:51
Indention. check-in: a95890e7ce user: js tags: trunk
14:50
Fix uninitialized access (random error message) in certificate verification check-in: 62d33a0d4a user: florob@babelmonkeys.de tags: trunk
14:27
Return 0 on reads where the SSL layer needs more data to proceed check-in: a39f32eccd user: florob@babelmonkeys.de tags: trunk
Changes

Modified src/SSLSocket.m from [97d862768e] to [2a7445a987].

385
386
387
388
389
390
391
392
393
394
395
396
397







398
399





400
401
385
386
387
388
389
390
391






392
393
394
395
396
397
398


399
400
401
402
403
404
405







-
-
-
-
-
-
+
+
+
+
+
+
+
-
-
+
+
+
+
+


	    initWithX509Struct: certificate] autorelease];
}

- (void)verifyPeerCertificate
{
	unsigned long ret;

	if ((SSL_get_peer_certificate(ssl) == NULL) ||
	    ((ret = SSL_get_verify_result(ssl)) != X509_V_OK)) {
		const char *reason = X509_verify_cert_error_string(ret);
		@throw [SSLInvalidCertificateException
			exceptionWithClass: [self class]
				    reason: [OFString
	if (SSL_get_peer_certificate(ssl) != NULL) {
		if ((ret = SSL_get_verify_result(ssl)) != X509_V_OK) {
			const char *tmp = X509_verify_cert_error_string(ret);
			OFString *reason = [OFString stringWithUTF8String: tmp];
			@throw [SSLInvalidCertificateException
				exceptionWithClass: [self class]
					    reason: reason];
						stringWithUTF8String: reason]];
	}
		}
	} else
		@throw [SSLInvalidCertificateException
			exceptionWithClass: [self class]
				    reason: @"No certificate"];
}
@end