Fix cert-try-verify when denied by event action
authorJeremy Harris <jgh146exb@wizmail.org>
Thu, 30 Oct 2014 20:48:02 +0000 (20:48 +0000)
committerJeremy Harris <jgh146exb@wizmail.org>
Thu, 30 Oct 2014 20:48:02 +0000 (20:48 +0000)
1  2 
src/src/tls-openssl.c

@@@ -338,13 -334,15 +337,15 @@@ else if (depth != 0
    if (ev)
      {
      tlsp->peercert = X509_dup(cert);
 -    if (event_raise(ev, US"tls:cert", string_sprintf("%d", depth)) == DEFER)
 +    if ((yield = event_raise(ev, US"tls:cert", string_sprintf("%d", depth))))
        {
        log_write(0, LOG_MAIN, "SSL verify denied by event-action: "
 -                            "depth=%d cert=%s", depth, txt);
 +                            "depth=%d cert=%s: %s", depth, txt, yield);
-       tlsp->certificate_verified = FALSE;
        *calledp = TRUE;
-       return 0;                           /* reject */
+       if (!*optionalp)
+       return 0;                           /* reject */
+       DEBUG(D_tls) debug_printf("Event-action verify failure overridden "
+       "(host in tls_try_verify_hosts)\n");
        }
      X509_free(tlsp->peercert);
      tlsp->peercert = NULL;
@@@ -405,13 -411,15 +414,15 @@@ els
  #ifdef EXPERIMENTAL_EVENT
    ev = tlsp == &tls_out ? client_static_cbinfo->event_action : event_action;
    if (ev)
 -    if (event_raise(ev, US"tls:cert", US"0") == DEFER)
 +    if ((yield = event_raise(ev, US"tls:cert", US"0")))
        {
        log_write(0, LOG_MAIN, "SSL verify denied by event-action: "
 -                            "depth=0 cert=%s", txt);
 +                            "depth=0 cert=%s: %s", txt, yield);
-       tlsp->certificate_verified = FALSE;
        *calledp = TRUE;
-       return 0;                           /* reject */
+       if (!*optionalp)
+       return 0;                           /* reject */
+       DEBUG(D_tls) debug_printf("Event-action verify failure overridden "
+       "(host in tls_try_verify_hosts)\n");
        }
  #endif