TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 38d1eba3b57d13ece2ee65596306059054789a82^! / .
commit38d1eba3b57d13ece2ee65596306059054789a82[log] [tgz]
authorManuel Pégourié-Gonnard <mpg@elzevir.fr>Fri Aug 23 10:44:29 2013 +0200
committerPaul Bakker <p.j.bakker@polarssl.org>Mon Aug 26 14:26:02 2013 +0200
tree7d6796d291852a9f23e3d202c626c2615ee42cce
parent43fdd617e1f94eeb38053f8e5667944fd4c6165e [diff]
Move verify_result from ssl_context to session

diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index d5a2fc0..bf6b10c 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h

@@ -355,6 +355,7 @@
 #if defined(POLARSSL_X509_PARSE_C)
     x509_cert *peer_cert;       /*!< peer X.509 cert chain */
 #endif /* POLARSSL_X509_PARSE_C */
+    int verify_result;          /*!<  verification result     */
 
 #if defined(POLARSSL_SSL_SESSION_TICKETS)
     unsigned char *ticket;      /*!< RFC 5077 session ticket */

diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index f5d3e48..7c7da4b 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c

@@ -83,6 +83,8 @@
 
         memcpy( session->master, entry->session.master, 48 );
 
+        session->verify_result = entry->session.verify_result;
+
 #if defined(POLARSSL_X509_PARSE_C)
         /*
          * Restore peer certificate (without rest of the original chain)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 9c1e53a..625cafd 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -2113,7 +2113,7 @@
     if( ssl->endpoint == SSL_IS_SERVER &&
         ssl->authmode == SSL_VERIFY_NONE )
     {
-        ssl->verify_result = BADCERT_SKIP_VERIFY;
+        ssl->session_negotiate->verify_result = BADCERT_SKIP_VERIFY;
         SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
         ssl->state++;
         return( 0 );
@@ -2140,7 +2140,7 @@
         {
             SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
 
-            ssl->verify_result = BADCERT_MISSING;
+            ssl->session_negotiate->verify_result = BADCERT_MISSING;
             if( ssl->authmode == SSL_VERIFY_OPTIONAL )
                 return( 0 );
             else
@@ -2158,7 +2158,7 @@
         {
             SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
 
-            ssl->verify_result = BADCERT_MISSING;
+            ssl->session_negotiate->verify_result = BADCERT_MISSING;
             if( ssl->authmode == SSL_VERIFY_REQUIRED )
                 return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
             else
@@ -2241,8 +2241,8 @@
         }
 
         ret = x509parse_verify( ssl->session_negotiate->peer_cert,
-                                ssl->ca_chain, ssl->ca_crl,
-                                ssl->peer_cn,  &ssl->verify_result,
+                                ssl->ca_chain, ssl->ca_crl, ssl->peer_cn,
+                               &ssl->session_negotiate->verify_result,
                                 ssl->f_vrfy, ssl->p_vrfy );
 
         if( ret != 0 )
@@ -3325,7 +3325,7 @@
 
 int ssl_get_verify_result( const ssl_context *ssl )
 {
-    return( ssl->verify_result );
+    return( ssl->session->verify_result );
 }
 
 const char *ssl_get_ciphersuite( const ssl_context *ssl )

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 7dd11b9..dd7fc46 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c

@@ -859,6 +859,9 @@
     {
         --opt.reconnect;
 
+        printf( "  ! Press a key to reconnect\n" );
+        (void) getchar();
+
         printf( "  . Reconnecting with saved session..." );
         fflush( stdout );