From: David Woodhouse <David.Woodhouse@intel.com>
Date: Tue, 30 Sep 2008 07:15:15 +0000 (+0100)
Subject: fix up server verification a bit
X-Git-Tag: v0.90~52
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=bb4f1d7b1dff570f557c5f0c43de309bf9204b5d;p=platform%2Fupstream%2Fopenconnect.git

fix up server verification a bit
---

diff --git a/ssl.c b/ssl.c
index 752c4fb..499f899 100644
--- a/ssl.c
+++ b/ssl.c
@@ -245,9 +245,10 @@ static int open_https(struct anyconnect_info *vpninfo)
 	if (vpninfo->cert)
 		load_certificate(vpninfo, https_ctx);
 
-	if (vpninfo->cafile)
+	if (vpninfo->cafile) {
 		SSL_CTX_load_verify_locations(https_ctx, vpninfo->cafile, NULL);
-				      
+		SSL_CTX_set_default_verify_paths(https_ctx);
+	}
 	https_ssl = SSL_new(https_ctx);
 
 	https_bio = BIO_new_socket(ssl_sock, BIO_NOCLOSE);
@@ -267,7 +268,8 @@ static int open_https(struct anyconnect_info *vpninfo)
 
 		/* FIXME: Show cert details, allow user to accept (and store?) */
 		if (vfy != X509_V_OK) {
-			fprintf(stderr, "Server certificate verify failed: %d\n", vfy);
+			fprintf(stderr, "Server certificate verify failed: %s\n",
+				X509_verify_cert_error_string(vfy));
 			SSL_free(https_ssl);
 			SSL_CTX_free(https_ctx);
 			close(ssl_sock);