+
+ void VerifyCertificate(issl_session* session, Extensible* user)
+ {
+ X509* cert;
+ ssl_cert* certinfo = new ssl_cert;
+ unsigned int n;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ const EVP_MD *digest = EVP_md5();
+
+ user->Extend("ssl_cert",certinfo);
+
+ cert = SSL_get_peer_certificate((SSL*)session->sess);
+
+ if (!cert)
+ {
+ certinfo->data.insert(std::make_pair("error","Could not get peer certificate: "+std::string(get_error())));
+ return;
+ }
+
+ certinfo->data.insert(std::make_pair("invalid", SSL_get_verify_result(session->sess) != X509_V_OK ? ConvToStr(1) : ConvToStr(0)));
+
+ if (SelfSigned)
+ {
+ certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(0)));
+ certinfo->data.insert(std::make_pair("trusted",ConvToStr(1)));
+ }
+ else
+ {
+ certinfo->data.insert(std::make_pair("unknownsigner",ConvToStr(1)));
+ certinfo->data.insert(std::make_pair("trusted",ConvToStr(0)));
+ }
+
+ certinfo->data.insert(std::make_pair("dn",std::string(X509_NAME_oneline(X509_get_subject_name(cert),0,0))));
+ certinfo->data.insert(std::make_pair("issuer",std::string(X509_NAME_oneline(X509_get_issuer_name(cert),0,0))));
+
+ if (!X509_digest(cert, digest, md, &n))
+ {
+ certinfo->data.insert(std::make_pair("error","Out of memory generating fingerprint"));
+ }
+ else
+ {
+ certinfo->data.insert(std::make_pair("fingerprint",irc::hex(md, n)));
+ }
+
+ if ((ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(cert), time(NULL)) == -1) || (ASN1_UTCTIME_cmp_time_t(X509_get_notBefore(cert), time(NULL)) == 0))
+ {
+ certinfo->data.insert(std::make_pair("error","Not activated, or expired certificate"));
+ }
+
+ X509_free(cert);
+ }