Actually check CA signatures in Credentials_Manager. This area needs a

lot more work before this can be deployed.
author: lloyd <[email protected]> 2012-02-01 17:55:03 +0000
committer: lloyd <[email protected]> 2012-02-01 17:55:03 +0000
commit: 863a5420e3ad5efcfc7a175eed0d1a0b641c83c0 (patch)
tree: ad82580eca85f784b2965ec61a1d1bb25fac1695 /src/tls
parent: e2e9105071f2d0a1360603f06c2acf68865ff072 (diff)
2 files changed, 3 insertions, 3 deletions
diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp
index 2bcdf7457..8b5ea9347 100644
--- a/src/tls/tls_client.cpp
+++ b/src/tls/tls_client.cpp
@@ -266,8 +266,8 @@ void Client::process_handshake_msg(Handshake_Type type,
 
       try
          {
-         creds.verify_certificate_chain(peer_certs,
-                                        state->client_hello->sni_hostname());
+         const std::string hostname = state->client_hello->sni_hostname();
+         creds.verify_certificate_chain("tls-client", hostname, peer_certs);
          }
       catch(std::exception& e)
          {
diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp
index d186ddac4..a7857edf3 100644
--- a/src/tls/tls_server.cpp
+++ b/src/tls/tls_server.cpp
@@ -384,7 +384,7 @@ void Server::process_handshake_msg(Handshake_Type type,
 
       try
          {
-         creds.verify_certificate_chain(client_certs);
+         creds.verify_certificate_chain("tls-server", "", client_certs);
          }
       catch(std::exception& e)
          {
author	lloyd <[email protected]>	2012-02-01 17:55:03 +0000
committer	lloyd <[email protected]>	2012-02-01 17:55:03 +0000
commit	863a5420e3ad5efcfc7a175eed0d1a0b641c83c0 (patch)
tree	ad82580eca85f784b2965ec61a1d1bb25fac1695 /src/tls
parent	e2e9105071f2d0a1360603f06c2acf68865ff072 (diff)