diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2018-12-02 04:12:20 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2018-12-02 04:12:20 +0000 |
commit | 549cb68172ab0fe6b43e223da580037583dbafe0 (patch) | |
tree | e625c128038ef3c5f95944cb2da69dd8d4815ef6 | |
parent | 79d5a64e551e8bf1886ee0acd8ac8f0a44d39d1f (diff) | |
parent | 28dbb5c7d5f6fc7e94356605cc3520b066898c1d (diff) | |
download | libcups-549cb68172ab0fe6b43e223da580037583dbafe0.tar.gz |
Snap for 5158715 from 28dbb5c7d5f6fc7e94356605cc3520b066898c1d to qt-release
Change-Id: I5ae348cd58a9745c78b8c1fd9e8ebcd0b3dc563a
-rw-r--r-- | cups/tls-boringssl.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/cups/tls-boringssl.c b/cups/tls-boringssl.c index a8b7de54..d8606467 100644 --- a/cups/tls-boringssl.c +++ b/cups/tls-boringssl.c @@ -418,6 +418,35 @@ _httpTLSStart(http_t *http) /* I - Connection to server */ return (-1); } + _cups_globals_t *cg = _cupsGlobals(); + if (cg->server_cert_cb) + { + int error = 0; + X509 *peer_certificate = SSL_get_peer_certificate(http->tls); + if (peer_certificate) + { + ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(peer_certificate); + cups_array_t *credentials = cupsArrayNew(NULL, NULL); + + if (credentials != NULL) + { + httpAddCredential(credentials, key->data, key->length); + error = cg->server_cert_cb(http, http->tls, credentials, cg->server_cert_data); + httpFreeCredentials(credentials); + } + X509_free(peer_certificate); + } + + if (error != 0) + { + http->error = errno = EINVAL; + http->status = HTTP_STATUS_ERROR; + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Client rejected the server certificate."), 1); + } + + return (error); + } + return (0); } |