Commit e5f1a0cb authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Minor tweak to cert chain checking while we work out kinks.

parent e9722fea
......@@ -551,30 +551,30 @@ if (!defined($user_certificate)) {
# us the server cert, which is useless. So we have to recompute the
# chain to find the CA.
#
if (0) {
if ($user_certificate->VerifySSLChain(@chaincerts)) {
print STDERR "Could not verify user certificate chain:\n";
print STDERR Dumper([$user_certificate, @chaincerts]);
# AddLogfileMetaData("cert_error",
# "Could not verify user certificate chain");
AddLogfileMetaData("cert_error",
"Could not verify user certificate chain");
if (0) {
XMLError(XMLRPC_APPLICATION_ERROR(),
"Could not verify user certificate chain");
}
}
@chaincerts = (@chaincerts, $user_certificate->rootcert());
my $errorstr;
if ($user_certificate->VerifyGeniChain(\$errorstr, @chaincerts)) {
print STDERR "Failed to verify Geni chain (user cert): $errorstr\n";
print STDERR Dumper([$user_certificate, @chaincerts]);
AddLogfileMetaData("cert_error",
"Failed to verify Geni chain (user cert): $errorstr");
if (0) {
XMLError(XMLRPC_APPLICATION_ERROR(),
"Could not verify user URN namespace chain: $errorstr");
else {
@chaincerts = (@chaincerts, $user_certificate->rootcert());
my $errorstr;
if ($user_certificate->VerifyGeniChain(\$errorstr, @chaincerts)) {
print STDERR "Failed to verify Geni chain (user cert): $errorstr\n";
print STDERR Dumper([$user_certificate, @chaincerts]);
AddLogfileMetaData("cert_error",
"Failed to verify Geni chain (user cert): $errorstr");
if (0) {
XMLError(XMLRPC_APPLICATION_ERROR(),
"Could not verify user URN namespace chain: $errorstr");
}
}
}
}
my $result;
push(@metadata, ["URN", $GENIURN]);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment