Guest User

Cafe IOSU 5.5.5 update NSEC changes

a guest
Mar 1st, 2021
496
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //<3 quarky
  2.  
  3. //OLD function
  4. int SSL_verify_cb(int preverify_ok, X509_STORE_CTX *ctx) {
  5.     if (preverify_ok) return preverify_ok;
  6.    
  7.     int error = X509_STORE_CTX_get_error(ctx);
  8.     if (error == X509_V_ERR_CRL_NOT_YET_VALID ||
  9.         error == X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD ||
  10.         error == X509_V_ERR_CRL_HAS_EXPIRED ||
  11.         error == X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD) {
  12.        
  13.         SSL* ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
  14.         if (!ssl) return 0;
  15.        
  16.         return !!(ssl->verify_mode & 8);
  17.     }
  18.    
  19.     return 0;
  20. }
  21.  
  22. //NEW function - 2021-03-02
  23. int SSL_verify_cb(int preverify_ok, X509_STORE_CTX *ctx) {
  24.     if (preverify_ok) return preverify_ok;
  25.    
  26.     int error = X509_STORE_CTX_get_error(ctx);
  27.     if (error == X509_V_ERR_CRL_NOT_YET_VALID ||
  28.         error == X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD ||
  29.         error == X509_V_ERR_CRL_HAS_EXPIRED ||
  30.         error == X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD) {
  31.        
  32.         SSL* ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
  33.         if (!ssl) return 0;
  34.        
  35.         return !!(ssl->verify_mode & 8);
  36.     }
  37.     if (error == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) {
  38.         if (!ctx->chain) return 0;
  39.        
  40.         int chain_size = sk_num(ctx->chain);
  41.         if (chain_size < 1) return 0;
  42.         for (int i = 1; i < chain_size; i++) {
  43.             X509* subject = sk_value(ctx->chain, i);
  44.             X509_NAME* issuer_name = X509_get_issuer_name(subject);
  45.             if (!issuer_name) return 0;
  46.            
  47.             STACK_OF(X509)* certs = X509_STORE_get1_certs(ctx, issuer_name);
  48.            
  49.             int certs_size = sk_num(certs);
  50.             for (int j = 0; j < certs_size; j++) {
  51.                 X509* issuer = sk_value(certs, j);
  52.                 if (!issuer) continue;
  53.                
  54.                 if (X509_check_issued(issuer, subject) == X509_V_OK) {
  55.                     ctx->field_0x88 = 1;
  56.                     ctx->error = 0;
  57.                     break;
  58.                 }
  59.             }
  60.            
  61.             if (certs) sk_pop_free(certs, FUN_e102f718);
  62.            
  63.             if (ctx->field_0x88 == 1) return 1;
  64.         }
  65.        
  66.         return 0;
  67.     }
  68.     if (error == X509_V_ERR_CERT_UNTRUSTED && ctx->field_0x88 == 1) {
  69.         ctx->error = 0;
  70.         ctx->field_0x88 = 0;
  71.         return 1;
  72.     }
  73. }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×