Invoke certificate callback upon https connection
am: 4be0be5185
Change-Id: I7b518b692d36935b3c3fe44353ed80a0f582eccc
diff --git a/cups/tls-boringssl.c b/cups/tls-boringssl.c
index a8b7de5..d860646 100644
--- a/cups/tls-boringssl.c
+++ b/cups/tls-boringssl.c
@@ -418,6 +418,35 @@
return (-1);
}
+ _cups_globals_t *cg = _cupsGlobals();
+ if (cg->server_cert_cb)
+ {
+ int error = 0;
+ X509 *peer_certificate = SSL_get_peer_certificate(http->tls);
+ if (peer_certificate)
+ {
+ ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(peer_certificate);
+ cups_array_t *credentials = cupsArrayNew(NULL, NULL);
+
+ if (credentials != NULL)
+ {
+ httpAddCredential(credentials, key->data, key->length);
+ error = cg->server_cert_cb(http, http->tls, credentials, cg->server_cert_data);
+ httpFreeCredentials(credentials);
+ }
+ X509_free(peer_certificate);
+ }
+
+ if (error != 0)
+ {
+ http->error = errno = EINVAL;
+ http->status = HTTP_STATUS_ERROR;
+ _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Client rejected the server certificate."), 1);
+ }
+
+ return (error);
+ }
+
return (0);
}