From 50463ca8321c39f3966c278ab25ca158404d72f1 Mon Sep 17 00:00:00 2001 From: Insu Yun Date: Fri, 20 Nov 2015 16:51:08 -0500 Subject: Properly handle missing SSL certificate According to OpenSSL document (https://www.openssl.org/docs/manmaster/ssl/SSL_get_verify_result.html), when using SSL_get_verify_result(), the existence of certificate needs to be checked. However, in current code, it does not. Therefore, certificate existence check is required for correctly handling the exception. Closes #1549 --- src/common/server.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/common/server.c b/src/common/server.c index e4c2e377..19e90969 100644 --- a/src/common/server.c +++ b/src/common/server.c @@ -569,9 +569,8 @@ ssl_do_connect (server * serv) NULL, 0); } else { - g_snprintf (buf, sizeof (buf), " * No Certificate"); - EMIT_SIGNAL (XP_TE_SSLMESSAGE, serv->server_session, buf, NULL, NULL, - NULL, 0); + g_snprintf (buf, sizeof (buf), "No Certificate"); + goto conn_fail; } chiper_info = _SSL_get_cipher_info (serv->ssl); /* static buffer */ -- cgit 1.4.1