Add check for path validation result in Credentials_Manager. GH #324

author: Jack Lloyd <[email protected]> 2015-11-04 14:31:59 -0500
committer: Jack Lloyd <[email protected]> 2015-11-04 14:31:59 -0500
commit: 7049b8e541b032e42ab0b4007a344bd14918bdcc (patch)
tree: 45d30ee973d2b88c56b30fcd0c4fb4a09ad345b5 /src/lib/tls/credentials_manager.cpp
parent: d475735cbe21d9d0dd3f39fb936cdaac8ef56e30 (diff)
1 files changed, 8 insertions, 5 deletions
diff --git a/src/lib/tls/credentials_manager.cpp b/src/lib/tls/credentials_manager.cpp
index 43ba7650a..3762dc149 100644
--- a/src/lib/tls/credentials_manager.cpp
+++ b/src/lib/tls/credentials_manager.cpp
@@ -129,11 +129,14 @@ void Credentials_Manager::verify_certificate_chain(
 
    Path_Validation_Restrictions restrictions;
 
-   auto result = x509_path_validate(cert_chain,
-                                    restrictions,
-                                    trusted_CAs,
-                                    purported_hostname,
-                                    choose_leaf_usage(type));
+   Path_Validation_Result result = x509_path_validate(cert_chain,
+                                                      restrictions,
+                                                      trusted_CAs,
+                                                      purported_hostname,
+                                                      choose_leaf_usage(type));
+
+   if(!result.successful_validation())
+      throw std::runtime_error("Certificate validation failure: " + result.result_string());
 
    if(!cert_in_some_store(trusted_CAs, result.trust_root()))
       throw std::runtime_error("Certificate chain roots in unknown/untrusted CA");
author	Jack Lloyd <[email protected]>	2015-11-04 14:31:59 -0500
committer	Jack Lloyd <[email protected]>	2015-11-04 14:31:59 -0500
commit	7049b8e541b032e42ab0b4007a344bd14918bdcc (patch)
tree	45d30ee973d2b88c56b30fcd0c4fb4a09ad345b5 /src/lib/tls/credentials_manager.cpp
parent	d475735cbe21d9d0dd3f39fb936cdaac8ef56e30 (diff)