ARCHIVE/rippled
1
0
Fork 0
mirror of https://github.com/XRPLF/rippled.git synced 2025-12-06 17:27:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Log outbound connection certificate verification failures.

Browse Source
This commit is contained in:
JoelKatz
2013-02-19 13:11:24 -08:00
parent 875b47ca75
commit 6c6e8777f4
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/cpp/ripple/AutoSocket.h
View File

@@ -67,6 +67,15 @@ public:
std::swap(mSecure, s.mSecure); std::swap(mSecure, s.mSecure);
} }
static bool rfc2818_verify(const std::string& domain, bool preverified, boost::asio::ssl::verify_context& ctx)
{
if (boost::asio::ssl::rfc2818_verification(domain)(preverified, ctx))
return true;
Log(lsWARNING, AutoSocketPartition) << "Outbound SSL connection to " <<
domain << " fails certificate verification";
return false;
}
boost::system::error_code verify(const std::string& strDomain) boost::system::error_code verify(const std::string& strDomain)
{ {
boost::system::error_code ec; boost::system::error_code ec;
@@ -74,7 +83,7 @@ public:
mSocket->set_verify_mode(boost::asio::ssl::verify_peer); mSocket->set_verify_mode(boost::asio::ssl::verify_peer);
// XXX Verify semantics of RFC 2818 are what we want. // XXX Verify semantics of RFC 2818 are what we want.
mSocket->set_verify_callback(boost::asio::ssl::rfc2818_verification(strDomain), ec); mSocket->set_verify_callback(boost::bind(&rfc2818_verify, strDomain, _1, _2), ec);
return ec; return ec;
} }