[glib-networking/mcatanzaro/base-rebase: 36/38] Allow to get the openssl connection out of the ssl object

[Michael Catanzaro <mcatanzaro src gnome org>]

commit 9025e1a535c97909425c7d358848069b065e04a9
Author: Ignacio Casal Quinteiro <qignacio amazon com>
Date:   Thu May 9 17:48:48 2019 +0200

    Allow to get the openssl connection out of the ssl object

 tls/openssl/gtlsconnection-openssl.c | 24 +++++++++++++++++++++++-
 tls/openssl/gtlsconnection-openssl.h |  2 ++
 2 files changed, 25 insertions(+), 1 deletion(-)
---
diff --git a/tls/openssl/gtlsconnection-openssl.c b/tls/openssl/gtlsconnection-openssl.c
index eda4b0d..75f028f 100644
--- a/tls/openssl/gtlsconnection-openssl.c
+++ b/tls/openssl/gtlsconnection-openssl.c
@@ -281,6 +281,13 @@ static int
 handshake_thread_verify_certificate_cb (int             preverify_ok,
                                         X509_STORE_CTX *x509_ctx)
 {
+  GTlsConnectionOpenssl *openssl;
+  SSL *ssl;
+
+  ssl = X509_STORE_CTX_get_ex_data (x509_ctx, SSL_get_ex_data_X509_STORE_CTX_idx ());
+  openssl = g_tls_connection_openssl_get_connection_from_ssl (ssl);
+  g_return_val_if_fail (G_IS_TLS_CONNECTION_OPENSSL (openssl), 0);
+
   // FIXME: Get the GTlsConnectionOpenssl out of the X509_STORE_CTX using
   //        x509_STORE_CTX_get_ex_data... somehow. We probably have to pass
   //        the GTlsConnectionOpenssl to the GTlsFileDatabaseOpenssl...
@@ -288,7 +295,7 @@ handshake_thread_verify_certificate_cb (int             preverify_ok,
   // return !g_tls_connection_base_handshake_thread_verify_certificate (
   /* Return 1 for the handshake to continue, 0 to terminate.
    * Complete opposite of what GnuTLS does. */
-  return 0;
+  return g_tls_connection_base_handshake_thread_verify_certificate (G_TLS_CONNECTION_BASE (openssl));
 }
 
 static GTlsConnectionBaseStatus
@@ -465,6 +472,8 @@ g_tls_connection_openssl_class_init (GTlsConnectionOpensslClass *klass)
   base_class->close_fn                   = g_tls_connection_openssl_close;
 }
 
+static int data_index = -1;
+
 static gboolean
 g_tls_connection_openssl_initable_init (GInitable     *initable,
                                         GCancellable  *cancellable,
@@ -486,6 +495,11 @@ g_tls_connection_openssl_initable_init (GInitable     *initable,
   ssl = g_tls_connection_openssl_get_ssl (openssl);
   g_assert (ssl != NULL);
 
+  if (data_index == -1) {
+      data_index = SSL_get_ex_new_index (0, (void *)"gtlsconnection", NULL, NULL, NULL);
+  }
+  SSL_set_ex_data (ssl, data_index, openssl);
+
   SSL_set_verify (ssl, SSL_VERIFY_PEER, handshake_thread_verify_certificate_cb);
 
   priv->bio = g_tls_bio_new (base_io_stream);
@@ -513,3 +527,11 @@ g_tls_connection_openssl_get_ssl (GTlsConnectionOpenssl *openssl)
 
   return G_TLS_CONNECTION_OPENSSL_GET_CLASS (openssl)->get_ssl (openssl);
 }
+
+GTlsConnectionOpenssl *
+g_tls_connection_openssl_get_connection_from_ssl (SSL *ssl)
+{
+  g_return_val_if_fail (ssl != NULL, NULL);
+
+  return SSL_get_ex_data (ssl, data_index);
+}
diff --git a/tls/openssl/gtlsconnection-openssl.h b/tls/openssl/gtlsconnection-openssl.h
index d332b40..be6b9ec 100644
--- a/tls/openssl/gtlsconnection-openssl.h
+++ b/tls/openssl/gtlsconnection-openssl.h
@@ -46,6 +46,8 @@ struct _GTlsConnectionOpensslClass
 
 SSL *g_tls_connection_openssl_get_ssl (GTlsConnectionOpenssl *connection);
 
+GTlsConnectionOpenssl *g_tls_connection_openssl_get_connection_from_ssl (SSL *ssl);
+
 G_END_DECLS
 
 #endif /* __G_TLS_CONNECTION_OPENSSL_H___ */