Move validation callback to Python.

svn path=/branches/tk705/; revision=6210

1 files changed, 7 insertions, 84 deletions

diff --git a/ext/POW.c b/ext/POW.c
index a355ed92..3ef06dfb 100644
--- a/ext/POW.c
+++ b/ext/POW.c
@@ -1177,82 +1177,6 @@ _record_validation_status(PyObject *status, const char *code)
   return result == 0;
 }
 
-/*
- * Validation callback code for use with x509_verify_cert().
- *
- * There's no direct way to handle exceptions here, so we're depending
- * on x509_store_object_verify() calling PyErr_Occurred() to check
- * (which it has to do anyway to handle exceptions generated by Python
- * callback handlers.
- */
-
-#warning Probably most of this callback handler should become Python code
-
-static int
-validation_status_x509_verify_cert_cb(int ok, X509_STORE_CTX *ctx, PyObject *status)
-{
-  switch (ctx->error) {
-  case X509_V_OK:
-    return ok;
-
-  case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
-    /*
-     * Informational events, not really errors.  ctx->check_issued()
-     * is called in many places where failure to find an issuer is not
-     * a failure for the calling function.  Just leave these alone.
-     */
-#warning Could be done in Python
-    return ok;
-
-  case X509_V_ERR_CRL_HAS_EXPIRED:
-    /*
-     * This isn't really an error, because CRLs don't really
-     * "expire".
-     */
-
-#warning Could be done in Python
-    return 1;
-
-  case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-    /*
-     * This is another error that's only an error in the strange world
-     * of OpenSSL, but a more serious one.  By default, OpenSSL
-     * expects all trust anchors to be self-signed.  This is not a
-     * PKIX requirement, it's just an OpenSSL thing, but one violates
-     * it at one's peril, because the only way to convince OpenSSL to
-     * allow a non-self-signed trust anchor is to intercept this
-     * "error" in the verify callback handler.
-     *
-     * So this program supports non-self-signed trust anchors, but be
-     * warned that enabling this feature may cause this program's
-     * output not to work with other OpenSSL-based applications.
-     */
-#warning Could be done in Python
-#if 0
-    if (allow_non_self_signed_trust_anchor)
-      ok = 1;
-#endif
-    record_validation_status(status, TRUST_ANCHOR_NOT_SELF_SIGNED);
-    return ok;
-
-  /*
-   * Handle all other OpenSSL verify errors by stuffing an integer
-   * into the status set.
-   */
-#warning Could be done in Python
-  default:
-    if (status != Py_None) {
-      PyObject *value = PyInt_FromLong(ctx->error);
-      PySet_Add(status, value);
-      Py_XDECREF(value);
-    }
-    return ok;
-  }
-
- error:
-  return ok;
-}
-
 
 
 /*
@@ -1425,7 +1349,7 @@ static int check_x509(X509 *x,
     ok = sk_ACCESS_DESCRIPTION_num(aia) > 0;
     for (i = 0; ok && i < sk_ACCESS_DESCRIPTION_num(aia); i++) {
       ACCESS_DESCRIPTION *a = sk_ACCESS_DESCRIPTION_value(aia, i);
-      ok = (a != NULL && a->location->type == GEN_URI ||
+      ok = (a != NULL && a->location->type == GEN_URI &&
             OBJ_obj2nid(a->method) == NID_ad_ca_issuers);
     }
     if (!ok)
@@ -4958,13 +4882,6 @@ x509_store_ctx_object_verify_cb(int ok, X509_STORE_CTX *ctx)
   if (self == NULL)
     return ok;
 
-  /*
-   * This is where we'd extract flags (allow_*, etc) to pass to the callback handler.
-   */
-
-  if (self->status != NULL && self->status != Py_None)
-    ok = validation_status_x509_verify_cert_cb(ok, ctx, self->status);
-
   if (!PyObject_HasAttrString((PyObject *) self, method_name))
     return ok;
 
@@ -7834,6 +7751,9 @@ manifest_object_verify(manifest_object *self, PyObject *args, PyObject *kwds)
     lose_openssl_error("Couldn't decode manifest");
   }
 
+  if (status != Py_None && !check_cms(self->cms.cms, status))
+    goto error;
+
   if (status != Py_None && !check_manifest(self->cms.cms, self->manifest, status))
     goto error;
 
@@ -8515,6 +8435,9 @@ roa_object_verify(roa_object *self, PyObject *args, PyObject *kwds)
     lose_openssl_error("Couldn't decode ROA");
   }
 
+  if (status != Py_None && !check_cms(self->cms.cms, status))
+    goto error;
+
   if (status != Py_None && !check_roa(self->cms.cms, self->roa, status))
     goto error;