aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorandroid-build-team Robot <android-build-team-robot@google.com>2018-12-02 04:12:20 +0000
committerandroid-build-team Robot <android-build-team-robot@google.com>2018-12-02 04:12:20 +0000
commit549cb68172ab0fe6b43e223da580037583dbafe0 (patch)
treee625c128038ef3c5f95944cb2da69dd8d4815ef6
parent79d5a64e551e8bf1886ee0acd8ac8f0a44d39d1f (diff)
parent28dbb5c7d5f6fc7e94356605cc3520b066898c1d (diff)
downloadlibcups-549cb68172ab0fe6b43e223da580037583dbafe0.tar.gz
Snap for 5158715 from 28dbb5c7d5f6fc7e94356605cc3520b066898c1d to qt-release
Change-Id: I5ae348cd58a9745c78b8c1fd9e8ebcd0b3dc563a
Diffstat
-rw-r--r--cups/tls-boringssl.c29
1 files changed, 29 insertions, 0 deletions
diff --git a/cups/tls-boringssl.c b/cups/tls-boringssl.c
index a8b7de54..d8606467 100644
--- a/cups/tls-boringssl.c
+++ b/cups/tls-boringssl.c
@@ -418,6 +418,35 @@ _httpTLSStart(http_t *http) /* I - Connection to server */
return (-1);
}
+ _cups_globals_t *cg = _cupsGlobals();
+ if (cg->server_cert_cb)
+ {
+ int error = 0;
+ X509 *peer_certificate = SSL_get_peer_certificate(http->tls);
+ if (peer_certificate)
+ {
+ ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(peer_certificate);
+ cups_array_t *credentials = cupsArrayNew(NULL, NULL);
+
+ if (credentials != NULL)
+ {
+ httpAddCredential(credentials, key->data, key->length);
+ error = cg->server_cert_cb(http, http->tls, credentials, cg->server_cert_data);
+ httpFreeCredentials(credentials);
+ }
+ X509_free(peer_certificate);
+ }
+
+ if (error != 0)
+ {
+ http->error = errno = EINVAL;
+ http->status = HTTP_STATUS_ERROR;
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Client rejected the server certificate."), 1);
+ }
+
+ return (error);
+ }
+
return (0);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-16 23:10:01 +0000