@@ -306,7 +306,7 @@ void SecureStream::Initialize(Handle<Object> target) {
306306 NODE_SET_PROTOTYPE_METHOD (t, " encPending"
307307 NODE_SET_PROTOTYPE_METHOD (t, " getPeerCertificate"
308308 NODE_SET_PROTOTYPE_METHOD (t, " isInitFinished"
309- NODE_SET_PROTOTYPE_METHOD (t, " verifyPeer " VerifyPeer );
309+ NODE_SET_PROTOTYPE_METHOD (t, " verifyPeerError " VerifyPeerError );
310310 NODE_SET_PROTOTYPE_METHOD (t, " getCurrentCipher"
311311 NODE_SET_PROTOTYPE_METHOD (t, " start"
312312 NODE_SET_PROTOTYPE_METHOD (t, " shutdown"
@@ -356,8 +356,8 @@ static int VerifyCallback(int preverify_ok, X509_STORE_CTX *ctx) {
356356 //
357357 // Since we cannot perform I/O quickly enough in this callback, we ignore
358358 // all preverify_ok errors and let the handshake continue. It is
359- // imparative that the user use SecureStream::VerifyPeer after the 'secure'
360- // callback has been made.
359+ // imparative that the user use SecureStream::VerifyPeerError after the
360+ // 'secure' callback has been made.
361361 return 1 ;
362362}
363363
@@ -715,32 +715,143 @@ Handle<Value> SecureStream::IsInitFinished(const Arguments& args) {
715715}
716716
717717
718- Handle<Value> SecureStream::VerifyPeer (const Arguments& args) {
718+ Handle<Value> SecureStream::VerifyPeerError (const Arguments& args) {
719719 HandleScope scope;
720720
721721 SecureStream *ss = ObjectWrap::Unwrap<SecureStream>(args.Holder ());
722722
723723 if (ss->ssl_ == NULL ) return False ();
724724 if (!ss->should_verify_ ) return False ();
725+
726+ #if 0
727+ // Why?
725728 X509* peer_cert = SSL_get_peer_certificate(ss->ssl_);
726- if (peer_cert== NULL ) return False ();
729+ if (peer_cert == NULL) return False();
727730 X509_free(peer_cert);
731+ #endif
728732
729733 long x509_verify_error = SSL_get_verify_result (ss->ssl_ );
730734
731- // Can also check for:
732- // X509_V_ERR_CERT_HAS_EXPIRED
733- // X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
734- // X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
735- // X509_V_ERR_INVALID_CA
736- // X509_V_ERR_PATH_LENGTH_EXCEEDED
737- // X509_V_ERR_INVALID_PURPOSE
738- // X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
735+ Local<String> s;
739736
740- // printf("%s\n", X509_verify_cert_error_string(x509_verify_error));
737+ switch (x509_verify_error) {
738+ case X509_V_OK:
739+ return Null ();
741740
742- if (!x509_verify_error) return True ();
743- return False ();
741+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
742+ s = String::New (" UNABLE_TO_GET_ISSUER_CERT"
743+ break ;
744+
745+ case X509_V_ERR_UNABLE_TO_GET_CRL:
746+ s = String::New (" UNABLE_TO_GET_CRL"
747+ break ;
748+
749+ case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
750+ s = String::New (" UNABLE_TO_DECRYPT_CERT_SIGNATURE"
751+ break ;
752+
753+ case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
754+ s = String::New (" UNABLE_TO_DECRYPT_CRL_SIGNATURE"
755+ break ;
756+
757+ case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
758+ s = String::New (" UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY"
759+ break ;
760+
761+ case X509_V_ERR_CERT_SIGNATURE_FAILURE:
762+ s = String::New (" CERT_SIGNATURE_FAILURE"
763+ break ;
764+
765+ case X509_V_ERR_CRL_SIGNATURE_FAILURE:
766+ s = String::New (" CRL_SIGNATURE_FAILURE"
767+ break ;
768+
769+ case X509_V_ERR_CERT_NOT_YET_VALID:
770+ s = String::New (" CERT_NOT_YET_VALID"
771+ break ;
772+
773+ case X509_V_ERR_CERT_HAS_EXPIRED:
774+ s = String::New (" CERT_HAS_EXPIRED"
775+ break ;
776+
777+ case X509_V_ERR_CRL_NOT_YET_VALID:
778+ s = String::New (" CRL_NOT_YET_VALID"
779+ break ;
780+
781+ case X509_V_ERR_CRL_HAS_EXPIRED:
782+ s = String::New (" CRL_HAS_EXPIRED"
783+ break ;
784+
785+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
786+ s = String::New (" ERROR_IN_CERT_NOT_BEFORE_FIELD"
787+ break ;
788+
789+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
790+ s = String::New (" ERROR_IN_CERT_NOT_AFTER_FIELD"
791+ break ;
792+
793+ case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
794+ s = String::New (" ERROR_IN_CRL_LAST_UPDATE_FIELD"
795+ break ;
796+
797+ case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
798+ s = String::New (" ERROR_IN_CRL_NEXT_UPDATE_FIELD"
799+ break ;
800+
801+ case X509_V_ERR_OUT_OF_MEM:
802+ s = String::New (" OUT_OF_MEM"
803+ break ;
804+
805+ case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
806+ s = String::New (" DEPTH_ZERO_SELF_SIGNED_CERT"
807+ break ;
808+
809+ case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
810+ s = String::New (" SELF_SIGNED_CERT_IN_CHAIN"
811+ break ;
812+
813+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
814+ s = String::New (" UNABLE_TO_GET_ISSUER_CERT_LOCALLY"
815+ break ;
816+
817+ case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
818+ s = String::New (" UNABLE_TO_VERIFY_LEAF_SIGNATURE"
819+ break ;
820+
821+ case X509_V_ERR_CERT_CHAIN_TOO_LONG:
822+ s = String::New (" CERT_CHAIN_TOO_LONG"
823+ break ;
824+
825+ case X509_V_ERR_CERT_REVOKED:
826+ s = String::New (" CERT_REVOKED"
827+ break ;
828+
829+ case X509_V_ERR_INVALID_CA:
830+ s = String::New (" INVALID_CA"
831+ break ;
832+
833+ case X509_V_ERR_PATH_LENGTH_EXCEEDED:
834+ s = String::New (" PATH_LENGTH_EXCEEDED"
835+ break ;
836+
837+ case X509_V_ERR_INVALID_PURPOSE:
838+ s = String::New (" INVALID_PURPOSE"
839+ break ;
840+
841+ case X509_V_ERR_CERT_UNTRUSTED:
842+ s = String::New (" CERT_UNTRUSTED"
843+ break ;
844+
845+ case X509_V_ERR_CERT_REJECTED:
846+ s = String::New (" CERT_REJECTED"
847+ break ;
848+
849+ default :
850+ s = String::New (X509_verify_cert_error_string (x509_verify_error));
851+ break ;
852+ }
853+
854+ return scope.Close (s);
744855}
745856
746857
0 commit comments