Merge pull request #13 from bramp/verify-result

Added support for SSL_get_verify_result(..)

conn.go

@@ -63,6 +63,65 @@ type Conn struct {
 	want_read_future *utils.Future
 }
 
+type VerifyResult int
+
+const (
+	Ok                            VerifyResult = C.X509_V_OK
+	UnableToGetIssuerCert         VerifyResult = C.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
+	UnableToGetCrl                VerifyResult = C.X509_V_ERR_UNABLE_TO_GET_CRL
+	UnableToDecryptCertSignature  VerifyResult = C.X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
+	UnableToDecryptCrlSignature   VerifyResult = C.X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
+	UnableToDecodeIssuerPublicKey VerifyResult = C.X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
+	CertSignatureFailure          VerifyResult = C.X509_V_ERR_CERT_SIGNATURE_FAILURE
+	CrlSignatureFailure           VerifyResult = C.X509_V_ERR_CRL_SIGNATURE_FAILURE
+	CertNotYetValid               VerifyResult = C.X509_V_ERR_CERT_NOT_YET_VALID
+	CertHasExpired                VerifyResult = C.X509_V_ERR_CERT_HAS_EXPIRED
+	CrlNotYetValid                VerifyResult = C.X509_V_ERR_CRL_NOT_YET_VALID
+	CrlHasExpired                 VerifyResult = C.X509_V_ERR_CRL_HAS_EXPIRED
+	ErrorInCertNotBeforeField     VerifyResult = C.X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
+	ErrorInCertNotAfterField      VerifyResult = C.X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
+	ErrorInCrlLastUpdateField     VerifyResult = C.X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
+	ErrorInCrlNextUpdateField     VerifyResult = C.X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
+	OutOfMem                      VerifyResult = C.X509_V_ERR_OUT_OF_MEM
+	DepthZeroSelfSignedCert       VerifyResult = C.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
+	SelfSignedCertInChain         VerifyResult = C.X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
+	UnableToGetIssuerCertLocally  VerifyResult = C.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
+	UnableToVerifyLeafSignature   VerifyResult = C.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
+	CertChainTooLong              VerifyResult = C.X509_V_ERR_CERT_CHAIN_TOO_LONG
+	CertRevoked                   VerifyResult = C.X509_V_ERR_CERT_REVOKED
+	InvalidCa                     VerifyResult = C.X509_V_ERR_INVALID_CA
+	PathLengthExceeded            VerifyResult = C.X509_V_ERR_PATH_LENGTH_EXCEEDED
+	InvalidPurpose                VerifyResult = C.X509_V_ERR_INVALID_PURPOSE
+	CertUntrusted                 VerifyResult = C.X509_V_ERR_CERT_UNTRUSTED
+	CertRejected                  VerifyResult = C.X509_V_ERR_CERT_REJECTED
+	SubjectIssuerMismatch         VerifyResult = C.X509_V_ERR_SUBJECT_ISSUER_MISMATCH
+	AkidSkidMismatch              VerifyResult = C.X509_V_ERR_AKID_SKID_MISMATCH
+	AkidIssuerSerialMismatch      VerifyResult = C.X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
+	KeyusageNoCertsign            VerifyResult = C.X509_V_ERR_KEYUSAGE_NO_CERTSIGN
+	UnableToGetCrlIssuer          VerifyResult = C.X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
+	UnhandledCriticalExtension    VerifyResult = C.X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
+	KeyusageNoCrlSign             VerifyResult = C.X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
+	UnhandledCriticalCrlExtension VerifyResult = C.X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
+	InvalidNonCa                  VerifyResult = C.X509_V_ERR_INVALID_NON_CA
+	ProxyPathLengthExceeded       VerifyResult = C.X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
+	KeyusageNoDigitalSignature    VerifyResult = C.X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
+	ProxyCertificatesNotAllowed   VerifyResult = C.X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
+	InvalidExtension              VerifyResult = C.X509_V_ERR_INVALID_EXTENSION
+	InvalidPolicyExtension        VerifyResult = C.X509_V_ERR_INVALID_POLICY_EXTENSION
+	NoExplicitPolicy              VerifyResult = C.X509_V_ERR_NO_EXPLICIT_POLICY
+	DifferentCrlScope             VerifyResult = C.X509_V_ERR_DIFFERENT_CRL_SCOPE
+	UnsupportedExtensionFeature   VerifyResult = C.X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
+	UnnestedResource              VerifyResult = C.X509_V_ERR_UNNESTED_RESOURCE
+	PermittedViolation            VerifyResult = C.X509_V_ERR_PERMITTED_VIOLATION
+	ExcludedViolation             VerifyResult = C.X509_V_ERR_EXCLUDED_VIOLATION
+	SubtreeMinmax                 VerifyResult = C.X509_V_ERR_SUBTREE_MINMAX
+	UnsupportedConstraintType     VerifyResult = C.X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
+	UnsupportedConstraintSyntax   VerifyResult = C.X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
+	UnsupportedNameSyntax         VerifyResult = C.X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
+	CrlPathValidationError        VerifyResult = C.X509_V_ERR_CRL_PATH_VALIDATION_ERROR
+	ApplicationVerification       VerifyResult = C.X509_V_ERR_APPLICATION_VERIFICATION
+)
+
 func newSSL(ctx *C.SSL_CTX) (*C.SSL, error) {
 	runtime.LockOSThread()
 	defer runtime.UnlockOSThread()
@@ -512,3 +571,7 @@ func (c *Conn) SetTlsExtHostName(name string) error {
 	}
 	return nil
 }
+
+func (c *Conn) VerifyResult() VerifyResult {
+	return VerifyResult(C.SSL_get_verify_result(c.ssl))
+}