diff options
author | Christian Grothoff <christian@grothoff.org> | 2013-10-26 12:36:51 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2013-10-26 12:36:51 +0000 |
commit | aeb922926c639ffdd992f96cd125e47bb0e2c301 (patch) | |
tree | 85097e40305035ad337f0c0e8dc0f95343dbed3a /src/gns/gnunet-gns-proxy.c | |
parent | 7679eb4a51b8d0e9e4671dae00ca83c9f1b22de7 (diff) | |
download | gnunet-aeb922926c639ffdd992f96cd125e47bb0e2c301.tar.gz gnunet-aeb922926c639ffdd992f96cd125e47bb0e2c301.zip |
-moving code to parse IPv4/IPv6 subnet specifications to strings and making it part of the public API
Diffstat (limited to 'src/gns/gnunet-gns-proxy.c')
-rw-r--r-- | src/gns/gnunet-gns-proxy.c | 34 |
1 files changed, 3 insertions, 31 deletions
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c index 968470bd9..4f65574dd 100644 --- a/src/gns/gnunet-gns-proxy.c +++ b/src/gns/gnunet-gns-proxy.c | |||
@@ -26,7 +26,6 @@ | |||
26 | * | 26 | * |
27 | * TODO: | 27 | * TODO: |
28 | * - double-check queueing logic | 28 | * - double-check queueing logic |
29 | * - actually check SSL certificates (#3038) | ||
30 | */ | 29 | */ |
31 | #include "platform.h" | 30 | #include "platform.h" |
32 | #include <microhttpd.h> | 31 | #include <microhttpd.h> |
@@ -877,6 +876,9 @@ check_ssl_certificate (struct Socks5Request *s5r) | |||
877 | 876 | ||
878 | /* FIXME: add flags to gnutls to NOT read UNBOUND_ROOT_KEY_FILE here! */ | 877 | /* FIXME: add flags to gnutls to NOT read UNBOUND_ROOT_KEY_FILE here! */ |
879 | if (0 != (rc = dane_state_init (&dane_state, | 878 | if (0 != (rc = dane_state_init (&dane_state, |
879 | #ifdef DANE_F_IGNORE_DNSSEC | ||
880 | DANE_F_IGNORE_DNSSEC | | ||
881 | #endif | ||
880 | DANE_F_IGNORE_LOCAL_RESOLVER))) | 882 | DANE_F_IGNORE_LOCAL_RESOLVER))) |
881 | { | 883 | { |
882 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 884 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
@@ -957,36 +959,6 @@ check_ssl_certificate (struct Socks5Request *s5r) | |||
957 | } | 959 | } |
958 | } | 960 | } |
959 | gnutls_x509_crt_deinit (x509_cert); | 961 | gnutls_x509_crt_deinit (x509_cert); |
960 | #if 0 | ||
961 | { | ||
962 | unsigned int i; | ||
963 | |||
964 | for(i=0;i<cert_list_size;i++) | ||
965 | { | ||
966 | gnutls_x509_crt_t cert; | ||
967 | gnutls_datum_t dn; | ||
968 | |||
969 | if (GNUTLS_E_SUCCESS == gnutls_x509_crt_init (&cert)) | ||
970 | { | ||
971 | if (GNUTLS_E_SUCCESS == | ||
972 | gnutls_x509_crt_import (cert, &chainp[i], | ||
973 | GNUTLS_X509_FMT_DER)) | ||
974 | { | ||
975 | if (GNUTLS_E_SUCCESS == | ||
976 | gnutls_x509_crt_print (cert, | ||
977 | GNUTLS_CRT_PRINT_FULL, | ||
978 | &dn)) | ||
979 | { | ||
980 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
981 | "Certificate #%d: %.*s", i, dn.size, dn.data); | ||
982 | gnutls_free (dn.data); | ||
983 | } | ||
984 | } | ||
985 | gnutls_x509_crt_deinit (cert); | ||
986 | } | ||
987 | } | ||
988 | } | ||
989 | #endif | ||
990 | return GNUNET_OK; | 962 | return GNUNET_OK; |
991 | } | 963 | } |
992 | 964 | ||