diff --git a/src/tls_openssl.c b/src/tls_openssl.c index 546049e..7a7bc47 100644 --- a/src/tls_openssl.c +++ b/src/tls_openssl.c @@ -80,33 +80,54 @@ hex_encode(unsigned char* readbuf, void *writebuf, size_t len) static xmpp_ctx_t *xmppctx; +static void +print_certificate(X509* cert) { + char subj[1024+1]; + char issuer[1024+1]; + X509_NAME_oneline(X509_get_subject_name(cert), subj, 1024); + X509_NAME_oneline(X509_get_issuer_name(cert), issuer, 1024); + xmpp_debug(xmppctx, "TLS", "SUBJECT : %s", subj); + xmpp_debug(xmppctx, "TLS", "ISSUER : %s", issuer); +} + static int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) { X509 *cert = X509_STORE_CTX_get_current_cert(x509_ctx); - X509_NAME *issuer = X509_get_issuer_name(cert); - char *nameline = X509_NAME_oneline(issuer, NULL, 0); - xmpp_debug(xmppctx, "TLS", "ISSUER NAME: %s", nameline); - OPENSSL_free(nameline); + const STACK_OF(X509) *sk = X509_STORE_CTX_get1_chain(x509_ctx); + int slen = sk_num((const _STACK *)sk); + unsigned i; + X509 *certsk; + xmpp_debug(xmppctx, "TLS", "STACK"); + for(i=0; issl_ctx, NULL); SSL_CTX_set_mode (tls->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE); SSL_CTX_set_verify (tls->ssl_ctx, SSL_VERIFY_PEER, verify_callback); - tls->ssl = SSL_new(tls->ssl_ctx); ret = SSL_set_fd(tls->ssl, sock);