Bind SSL_get_verify_result #75
Labels
Comments
|
Not sure if I should have this return the numeric error and/or the stringified version (get with |
|
Possible patch (just need to figure out return value convention): diff --git a/src/openssl.c b/src/openssl.c
index f32dd6a..1c26b5c 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -7685,6 +7685,15 @@ static int ssl_clearOptions(lua_State *L) {
} /* ssl_clearOptions() */
+static int ssl_getVerifyResult(lua_State *L) {
+ SSL *ssl = checksimple(L, 1, SSL_CLASS);
+ long res = SSL_get_verify_result(ssl);
+ lua_pushinteger(L, res);
+ lua_pushstring(L, X509_verify_cert_error_string(res));
+ return 2;
+} /* ssl_getVerifyResult() */
+
+
static int ssl_getPeerCertificate(lua_State *L) {
SSL *ssl = checksimple(L, 1, SSL_CLASS);
X509 **x509 = prepsimple(L, X509_CERT_CLASS);
@@ -7872,6 +7881,7 @@ static const auxL_Reg ssl_methods[] = {
{ "setOptions", &ssl_setOptions },
{ "getOptions", &ssl_getOptions },
{ "clearOptions", &ssl_clearOptions },
+ { "getVerifyResult", &ssl_getVerifyResult },
{ "getPeerCertificate", &ssl_getPeerCertificate },
{ "getPeerChain", &ssl_getPeerChain },
{ "getCipherInfo", &ssl_getCipherInfo },Should also expose the |
wahern
added a commit
that referenced
this issue
Dec 10, 2016
|
Thanks for commiting 670a112. Do we want to expose the |
|
Yes. I just wasn't sure precisely which module(s) to register them with, and because there wasn't a patch to force my hand I moved on to merging other stuff. |
|
Closing this as the main goal is done. created #101 to track missing constants |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
SSL_get_verify_resultis required to find out why a TLS negotiation failed.Unlike what the man page suggests, you don't need to have called
SSL_get_peer_certificatefor this to work.The text was updated successfully, but these errors were encountered: