mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-31 06:15:37 +00:00
Code Issues Releases Wiki Activity

Add debugging statements to certificate checks.

Browse Source
This commit is contained in:
Todd C. Miller
2020-01-18 12:57:24 -07:00
parent 5a86073bd0
commit 47d9504716
4 changed files with 72 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
logsrvd/logsrvd.c
View File

@@ -919,10 +919,11 @@ verify_peer_identity(int preverify_ok, X509_STORE_CTX *ctx)
SSL *ssl;
X509 *current_cert;
X509 *peer_cert;
debug_decl(verify_peer_identity, SUDO_DEBUG_UTIL);
/* if pre-verification of the cert failed, just propagate that result back */
if (preverify_ok != 1) {
return 0;
debug_return_int(0);
}
/* since this callback is called for each cert in the chain,
@@ -932,7 +933,7 @@ verify_peer_identity(int preverify_ok, X509_STORE_CTX *ctx)
peer_cert = X509_STORE_CTX_get0_cert(ctx);
if (current_cert != peer_cert) {
return 1;
debug_return_int(1);
}
/* read out the attached object (closure) from the ssl connection object */
@@ -944,9 +945,9 @@ verify_peer_identity(int preverify_ok, X509_STORE_CTX *ctx)
switch(result)
{
case MatchFound:
return 1;
debug_return_int(1);
default:
return 0;
debug_return_int(0);
}
}