TheCloud/panda3d
1
0
Fork 0
mirror of https://github.com/panda3d/panda3d.git synced 2025-10-03 10:22:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix read_certificate problem after failed proxy attempt

Browse Source
This commit is contained in:
David Rose 2002-10-26 04:47:24 +00:00
parent e11f713860
commit 54e997dbe0
2 changed files with 33 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
panda/src/downloader/httpChannel.cxx
View File

@ -793,11 +793,10 @@ run_proxy_reading_header() {
if (get_status_code() == 407 && last_status != 407 && !_proxy.empty()) { if (get_status_code() == 407 && last_status != 407 && !_proxy.empty()) {
// 407: not authorized to proxy. Try to get the authorization. // 407: not authorized to proxy. Try to get the authorization.
string authenticate_request = get_header_value("Proxy-Authenticate"); string authenticate_request = get_header_value("Proxy-Authenticate");
_proxy_auth = _proxy_auth = _client->generate_auth(_proxy, true, authenticate_request);
_client->generate_auth(_proxy, true, authenticate_request);
if (_proxy_auth != (HTTPAuthorization *)NULL) { if (_proxy_auth != (HTTPAuthorization *)NULL) {
_proxy_realm = _proxy_auth->get_realm(); _proxy_realm = _proxy_auth->get_realm();
_proxy_username = _client->select_username(_proxy, false, _proxy_realm); _proxy_username = _client->select_username(_proxy, true, _proxy_realm);
if (!_proxy_username.empty()) { if (!_proxy_username.empty()) {
make_proxy_request_text(); make_proxy_request_text();

32
panda/src/downloader/httpClient.cxx
View File

@ -717,28 +717,58 @@ load_verify_locations(SSL_CTX *ctx, const Filename &ca_file) {
// just read, and call the low-level routines to read the // just read, and call the low-level routines to read the
// certificates from the BIO. // certificates from the BIO.
BIO *mbio = BIO_new_mem_buf((void *)data.data(), data.length()); BIO *mbio = BIO_new_mem_buf((void *)data.data(), data.length());
// We have to be sure and clear the OpenSSL error state before we
// call this function, or it will get confused.
ERR_clear_error();
inf = PEM_X509_INFO_read_bio(mbio, NULL, NULL, NULL); inf = PEM_X509_INFO_read_bio(mbio, NULL, NULL, NULL);
BIO_free(mbio); BIO_free(mbio);
if (!inf) { if (!inf) {
// Could not scan certificates. // Could not scan certificates.
downloader_cat.info()
<< "PEM_X509_INFO_read_bio() returned NULL.\n";
#ifdef REPORT_SSL_ERRORS
ERR_print_errors_fp(stderr);
#endif
return 0; return 0;
} }
if (downloader_cat.is_spam()) {
downloader_cat.spam()
<< "PEM_X509_INFO_read_bio() found " << sk_X509_INFO_num(inf)
<< " entries.\n";
}
// Now add the certificates to the context. // Now add the certificates to the context.
X509_STORE *store = ctx->cert_store; X509_STORE *store = ctx->cert_store;
int count = 0; int count = 0;
for (int i = 0; i < sk_X509_INFO_num(inf); i++) { int num_entries = sk_X509_INFO_num(inf);
for (int i = 0; i < num_entries; i++) {
X509_INFO *itmp = sk_X509_INFO_value(inf, i); X509_INFO *itmp = sk_X509_INFO_value(inf, i);
if (itmp->x509) { if (itmp->x509) {
X509_STORE_add_cert(store, itmp->x509); X509_STORE_add_cert(store, itmp->x509);
count++; count++;
if (downloader_cat.is_spam()) {
downloader_cat.spam()
<< "Entry " << i << " is x509\n";
}
} else if (itmp->crl) { } else if (itmp->crl) {
X509_STORE_add_crl(store, itmp->crl); X509_STORE_add_crl(store, itmp->crl);
count++; count++;
if (downloader_cat.is_spam()) {
downloader_cat.spam()
<< "Entry " << i << " is crl\n";
}
} else {
if (downloader_cat.is_spam()) {
downloader_cat.spam()
<< "Entry " << i << " is unknown type\n";
}
} }
} }
sk_X509_INFO_pop_free(inf, X509_INFO_free); sk_X509_INFO_pop_free(inf, X509_INFO_free);