Added support for SSL_get_verify_result(..)

2024-12-27 23:40:18 +08:00 · 2014-10-07 20:09:48 -07:00 · 2014-10-07 20:09:48 -07:00 · f13a5e0288
commit f13a5e0288
parent 10dbddf4e6
1 changed files with 63 additions and 0 deletions
--- a/conn.go
+++ b/conn.go
@ -60,6 +60,65 @@ type Conn struct {
 	want_read_future *utils.Future
 }

+type VerifyResult int
+
+const (
+    Ok                             VerifyResult = C.X509_V_OK
+    UnableToGetIssuerCert          VerifyResult = C.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
+    UnableToGetCrl                 VerifyResult = C.X509_V_ERR_UNABLE_TO_GET_CRL
+    UnableToDecryptCertSignature   VerifyResult = C.X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
+    UnableToDecryptCrlSignature    VerifyResult = C.X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
+    UnableToDecodeIssuerPublicKey  VerifyResult = C.X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
+    CertSignatureFailure           VerifyResult = C.X509_V_ERR_CERT_SIGNATURE_FAILURE
+    CrlSignatureFailure            VerifyResult = C.X509_V_ERR_CRL_SIGNATURE_FAILURE
+    CertNotYetValid                VerifyResult = C.X509_V_ERR_CERT_NOT_YET_VALID
+    CertHasExpired                 VerifyResult = C.X509_V_ERR_CERT_HAS_EXPIRED
+    CrlNotYetValid                 VerifyResult = C.X509_V_ERR_CRL_NOT_YET_VALID
+    CrlHasExpired                  VerifyResult = C.X509_V_ERR_CRL_HAS_EXPIRED
+    ErrorInCertNotBeforeField      VerifyResult = C.X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
+    ErrorInCertNotAfterField       VerifyResult = C.X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
+    ErrorInCrlLastUpdateField      VerifyResult = C.X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
+    ErrorInCrlNextUpdateField      VerifyResult = C.X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
+    OutOfMem                       VerifyResult = C.X509_V_ERR_OUT_OF_MEM
+    DepthZeroSelfSignedCert        VerifyResult = C.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
+    SelfSignedCertInChain          VerifyResult = C.X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
+    UnableToGetIssuerCertLocally   VerifyResult = C.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
+    UnableToVerifyLeafSignature    VerifyResult = C.X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
+    CertChainTooLong               VerifyResult = C.X509_V_ERR_CERT_CHAIN_TOO_LONG
+    CertRevoked                    VerifyResult = C.X509_V_ERR_CERT_REVOKED
+    InvalidCa                      VerifyResult = C.X509_V_ERR_INVALID_CA
+    PathLengthExceeded             VerifyResult = C.X509_V_ERR_PATH_LENGTH_EXCEEDED
+    InvalidPurpose                 VerifyResult = C.X509_V_ERR_INVALID_PURPOSE
+    CertUntrusted                  VerifyResult = C.X509_V_ERR_CERT_UNTRUSTED
+    CertRejected                   VerifyResult = C.X509_V_ERR_CERT_REJECTED
+    SubjectIssuerMismatch          VerifyResult = C.X509_V_ERR_SUBJECT_ISSUER_MISMATCH
+    AkidSkidMismatch               VerifyResult = C.X509_V_ERR_AKID_SKID_MISMATCH
+    AkidIssuerSerialMismatch       VerifyResult = C.X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
+    KeyusageNoCertsign             VerifyResult = C.X509_V_ERR_KEYUSAGE_NO_CERTSIGN
+    UnableToGetCrlIssuer           VerifyResult = C.X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER
+    UnhandledCriticalExtension     VerifyResult = C.X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION
+    KeyusageNoCrlSign              VerifyResult = C.X509_V_ERR_KEYUSAGE_NO_CRL_SIGN
+    UnhandledCriticalCrlExtension  VerifyResult = C.X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION
+    InvalidNonCa                   VerifyResult = C.X509_V_ERR_INVALID_NON_CA
+    ProxyPathLengthExceeded        VerifyResult = C.X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED
+    KeyusageNoDigitalSignature     VerifyResult = C.X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE
+    ProxyCertificatesNotAllowed    VerifyResult = C.X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED
+    InvalidExtension               VerifyResult = C.X509_V_ERR_INVALID_EXTENSION
+    InvalidPolicyExtension         VerifyResult = C.X509_V_ERR_INVALID_POLICY_EXTENSION
+    NoExplicitPolicy               VerifyResult = C.X509_V_ERR_NO_EXPLICIT_POLICY
+    DifferentCrlScope              VerifyResult = C.X509_V_ERR_DIFFERENT_CRL_SCOPE
+    UnsupportedExtensionFeature    VerifyResult = C.X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE
+    UnnestedResource               VerifyResult = C.X509_V_ERR_UNNESTED_RESOURCE
+    PermittedViolation             VerifyResult = C.X509_V_ERR_PERMITTED_VIOLATION
+    ExcludedViolation              VerifyResult = C.X509_V_ERR_EXCLUDED_VIOLATION
+    SubtreeMinmax                  VerifyResult = C.X509_V_ERR_SUBTREE_MINMAX
+    UnsupportedConstraintType      VerifyResult = C.X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE
+    UnsupportedConstraintSyntax    VerifyResult = C.X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX
+    UnsupportedNameSyntax          VerifyResult = C.X509_V_ERR_UNSUPPORTED_NAME_SYNTAX
+    CrlPathValidationError         VerifyResult = C.X509_V_ERR_CRL_PATH_VALIDATION_ERROR
+    ApplicationVerification        VerifyResult = C.X509_V_ERR_APPLICATION_VERIFICATION
+)
+
 func newSSL(ctx *C.SSL_CTX) (*C.SSL, error) {
 	runtime.LockOSThread()
 	defer runtime.UnlockOSThread()
@ -500,3 +559,7 @@ func (c *Conn) SetTlsExtHostName(name string) error {
 	}
 	return nil
 }
+
+func (c *Conn) VerifyResult() VerifyResult {
+	return VerifyResult( C.SSL_get_verify_result(c.ssl) );
+}