[w3m-dev 02753]

From: Hironori Sakamoto <hsaka@mth.biglobe.ne.jp>

ChangeLog

@@ -1,3 +1,9 @@
+2001-12-27  Hironori Sakamoto <hsaka@mth.biglobe.ne.jp>
+
+	* [w3m-dev 02753]
+	* url (ssl_verify_error_string): deleted
+	* url.c (openSSLHandle): use X509_verify_cert_error_string()
+
 2001-12-27  Fumitoshi UKAI  <ukai@debian.or.jp>
 
 	* [w3m-dev 02750] RFC2818 server identity check
@@ -1686,4 +1692,4 @@
 	* release-0-2-1
 	* import w3m-0.2.1
 
-$Id: ChangeLog,v 1.185 2001/12/26 18:46:33 ukai Exp $
+$Id: ChangeLog,v 1.186 2001/12/27 02:28:17 ukai Exp $

url.c

@@ -1,4 +1,4 @@
-/* $Id: url.c,v 1.25 2001/12/26 18:46:33 ukai Exp $ */
+/* $Id: url.c,v 1.26 2001/12/27 02:28:17 ukai Exp $ */
 #include "fm.h"
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -272,81 +272,6 @@ init_PRNG()
 }
 #endif				/* SSLEAY_VERSION_NUMBER >= 0x00905100 */
 
-
-#ifdef USE_SSL_VERIFY
-static const char *
-ssl_verify_error_string(unsigned long verr)
-{
-    /* see verify(1ssl) - we can't use ERR_error_string()? */
-    switch (verr) {
-    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-	return "Unable to get issuer cert";
-    case X509_V_ERR_UNABLE_TO_GET_CRL:
-	return "Unable to get CRL";
-    case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
-	return "Unable to decrypt cert signature";
-    case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
-	return "Unable to decrypt CRL signature";
-    case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
-	return "Unable to decode issuer public key";
-    case X509_V_ERR_CERT_SIGNATURE_FAILURE:
-	return "Certificate signature failture";
-    case X509_V_ERR_CRL_SIGNATURE_FAILURE:
-	return "CRL signature failture";
-    case X509_V_ERR_CERT_NOT_YET_VALID:
-	return "Certificate not yet valid";
-    case X509_V_ERR_CERT_HAS_EXPIRED:
-	return "Certificate has expired";
-    case X509_V_ERR_CRL_NOT_YET_VALID:
-	return "CRL not yet valid";
-    case X509_V_ERR_CRL_HAS_EXPIRED:
-	return "CRL has expired";
-    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-	return "Error in certificate Not Before: field";
-    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-	return "Error in certificate Not After: field";
-    case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
-	return "Error in CRL Last Update: field";
-    case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
-	return "Error in CRL Next Update: field";
-    case X509_V_ERR_OUT_OF_MEM:
-	return "Out of memory";
-    case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-	return "Depth zero self signed certificate";
-    case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
-	return "Self signed certificate in chain";
-    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-	return "Unable to get issuer certificate locally";
-    case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
-	return "Unable to verify leaf signature";
-    case X509_V_ERR_CERT_CHAIN_TOO_LONG:
-	return "Certificate chain too long";
-    case X509_V_ERR_CERT_REVOKED:
-	return "Certificate revoked";
-    case X509_V_ERR_INVALID_CA:
-	return "Invalid CA";
-    case X509_V_ERR_PATH_LENGTH_EXCEEDED:
-	return "Path length exceeded";
-    case X509_V_ERR_INVALID_PURPOSE:
-	return "Invalid purpose";
-    case X509_V_ERR_CERT_UNTRUSTED:
-	return "Certificate untrusted";
-    case X509_V_ERR_CERT_REJECTED:
-	return "Certificate rejected";
-    case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
-	return "Subject Issuer mismatch";
-    case X509_V_ERR_AKID_SKID_MISMATCH:
-	return "akid skid mismatch";
-    case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
-	return "akid issuer serial mismatch";
-    case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
-	return "Keyusage no certsign";
-    default:
-	return "unknown verification error";
-    }
-}
-#endif
-
 static SSL *
 openSSLHandle(int sock, char *hostname)
 {
@@ -470,10 +395,10 @@ openSSLHandle(int sock, char *hostname)
 	    }
 	}
 	else {
-	    unsigned long verr;
+	    long verr;
 	    X509_free(x);
 	    if ((verr = SSL_get_verify_result(handle)) != X509_V_OK) {
-		const char *em = ssl_verify_error_string(verr);
+		const char *em = X509_verify_cert_error_string(verr);
 		if (accept_this_site
 		    && strcasecmp(accept_this_site->ptr, hostname) == 0)
 		    ans = "y";