Invoke certificate callback upon https connection am: 4be0be5185 Change-Id: I7b518b692d36935b3c3fe44353ed80a0f582eccc

commit: 770b769192628e1b67e10d894b8519c23301216f [log] [tgz]
author: Glade Diviney <mopriadevteam@gmail.com> Thu Nov 29 14:23:15 2018 -0800
committer: android-build-merger <android-build-merger@google.com> Thu Nov 29 14:23:15 2018 -0800
tree: e625c128038ef3c5f95944cb2da69dd8d4815ef6
parent: 786d28e92e1e66a8bd474b6d0bc50e1a346e44aa [diff]
parent: 4be0be518501cfbff11b1e84d21efac8c533ebf6 [diff]
diff --git a/cups/tls-boringssl.c b/cups/tls-boringssl.c
index a8b7de5..d860646 100644
--- a/cups/tls-boringssl.c
+++ b/cups/tls-boringssl.c

@@ -418,6 +418,35 @@
     return (-1);
   }
 
+  _cups_globals_t *cg = _cupsGlobals();
+  if (cg->server_cert_cb)
+  {
+    int error = 0;
+    X509 *peer_certificate = SSL_get_peer_certificate(http->tls);
+    if (peer_certificate)
+    {
+      ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(peer_certificate);
+      cups_array_t *credentials = cupsArrayNew(NULL, NULL);
+
+      if (credentials != NULL)
+      {
+        httpAddCredential(credentials, key->data, key->length);
+        error = cg->server_cert_cb(http, http->tls, credentials, cg->server_cert_data);
+        httpFreeCredentials(credentials);
+      }
+      X509_free(peer_certificate);
+    }
+
+    if (error != 0)
+    {
+      http->error  = errno = EINVAL;
+      http->status = HTTP_STATUS_ERROR;
+      _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Client rejected the server certificate."), 1);
+    }
+
+    return (error);
+  }
+
   return (0);
 }
commit	770b769192628e1b67e10d894b8519c23301216f	[log] [tgz]
author	Glade Diviney <mopriadevteam@gmail.com>	Thu Nov 29 14:23:15 2018 -0800
committer	android-build-merger <android-build-merger@google.com>	Thu Nov 29 14:23:15 2018 -0800
tree	e625c128038ef3c5f95944cb2da69dd8d4815ef6
parent	786d28e92e1e66a8bd474b6d0bc50e1a346e44aa [diff]
parent	4be0be518501cfbff11b1e84d21efac8c533ebf6 [diff]