MG Mud User | 88f1247 | 2016-06-24 23:31:02 +0200 | [diff] [blame^] | 1 | PRELIMINARY |
| 2 | SYNOPSIS |
| 3 | mixed *tls_check_certificate(object obj); |
| 4 | mixed *tls_check_certificate(object obj, int extra); |
| 5 | |
| 6 | DESCRIPTION |
| 7 | tls_check_certificate() checks the certificate of the secured |
| 8 | connection bound to <obj> (default is the current object). If |
| 9 | <obj> is not interactive, or if TLS is not available, an error |
| 10 | is thrown. |
| 11 | |
| 12 | If <obj> doesn't have a secure connection up and running, an |
| 13 | error is thrown. |
| 14 | Otherwise, the result is an array with these values: |
| 15 | |
| 16 | int [0] : Result code of SSL_get_verify_result (see man 1 verify |
| 17 | subsection DIAGNOSTICS for possible values) |
| 18 | array [1] : array with 3*n entries of extra x509 data. |
| 19 | structure is: |
| 20 | 3*i : numerical form of object name, |
| 21 | e.g. "2.5.4.3" |
| 22 | 3*i + 1: long or short name if available, |
| 23 | e.g. "commonName" |
| 24 | 3*i + 2: value |
| 25 | array [2] : if extra is set: |
| 26 | array with 3*n entries of x509 extension data |
| 27 | data structure is: |
| 28 | 3*i : numerical form of extension name |
| 29 | 3*i + 1: long or short name of extension |
| 30 | name if available |
| 31 | 3*i + 2: array of strings with the data |
| 32 | structure of [1] |
| 33 | |
| 34 | Note: a x509 certificate can have more than one object with |
| 35 | the same name |
| 36 | |
| 37 | BUGS |
| 38 | Not supported when using GnuTLS. |
| 39 | |
| 40 | HISTORY |
| 41 | Introduced in LDMud 3.3.672/3.2.11. |
| 42 | LDMud 3.3.711/3.2.12 modified the behaviour to return the |
| 43 | low-level API result value, and to throw an error if the connection |
| 44 | is not secure. |
| 45 | |
| 46 | SEE ALSO |
| 47 | tls_init_connection(E), tls_deinit_connection(E), tls_error(E), |
| 48 | tls_query_connection_state(E), tls_query_connection_info(E), |
| 49 | tls_available(E), tls_refresh_certs(E), mudlib/psyc-tls.c |