*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
result = gnutls_certificate_verify_peers2(session, &status);
/* Verification failed (!= invalid certificate but worse), no need for any
* more checks. */
result = gnutls_certificate_verify_peers2(session, &status);
/* Verification failed (!= invalid certificate but worse), no need for any
* more checks. */
LOG(LOG_WARNING,
"verify_tls_connection(): gnutls_certificate_verify_peers2() failed: %s",
gnutls_strerror(result));
LOG(LOG_WARNING,
"verify_tls_connection(): gnutls_certificate_verify_peers2() failed: %s",
gnutls_strerror(result));
/* We only handle X509 certificates for now. Let validation fail to
* prevent an attacker from changing the certificate type to prevent
* detection. */
/* We only handle X509 certificates for now. Let validation fail to
* prevent an attacker from changing the certificate type to prevent
* detection. */
LOG(LOG_WARNING,
"verify_tls_connection(): gnutls_x509_crt_init() failed: %s",
gnutls_strerror(result));
LOG(LOG_WARNING,
"verify_tls_connection(): gnutls_x509_crt_init() failed: %s",
gnutls_strerror(result));
- if (0 > (result = gnutls_x509_crt_import(cert, &cert_list[0],
- GNUTLS_X509_FMT_DER))) {
+ result = gnutls_x509_crt_import(cert, &cert_list[0], GNUTLS_X509_FMT_DER);
+ if (result < 0) {
LOG(LOG_WARNING,
"verify_tls_connection(): gnutls_x509_crt_import() failed: %s",
gnutls_strerror(result));
LOG(LOG_WARNING,
"verify_tls_connection(): gnutls_x509_crt_import() failed: %s",
gnutls_strerror(result));
size = sizeof(server_cert);
result = gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_PEM,
server_cert, &size);
size = sizeof(server_cert);
result = gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_PEM,
server_cert, &size);
LOG(LOG_WARNING,
"verify_tls_connection(): gnutls_x509_crt_export() failed: %s",
gnutls_strerror(result));
LOG(LOG_WARNING,
"verify_tls_connection(): gnutls_x509_crt_export() failed: %s",
gnutls_strerror(result));
- if (0 != server_certificate_file(&file, hostname, path, sizeof(path))) {
+ if (server_certificate_file(&file, hostname, path, sizeof(path)) != 0) {
/* Check that the proxy certificate file exists and is readable for this
* domain. This ensures we send an "invalid" certificate even if the proxy
* certificate doesn't exist. */
/* Check that the proxy certificate file exists and is readable for this
* domain. This ensures we send an "invalid" certificate even if the proxy
* certificate doesn't exist. */
int server_certificate_file(FILE **file, const char *hostname,
char *path, size_t size) {
int server_certificate_file(FILE **file, const char *hostname,
char *path, size_t size) {
- if (0 != get_certificate_path(STORED_SERVER_CERT_FORMAT,
- hostname, path, size)) {
+ if (get_certificate_path(STORED_SERVER_CERT_FORMAT,
+ hostname, path, size) != 0) {
/* Open the stored certificate file. */
*file = fopen(path, "rb");
/* Open the stored certificate file. */
*file = fopen(path, "rb");
if (global_passthrough_unknown) {
LOG(LOG_DEBUG,
"server_certificate_file(): failed to open '%s': %s",
if (global_passthrough_unknown) {
LOG(LOG_DEBUG,
"server_certificate_file(): failed to open '%s': %s",