Corrected key extraction and comparison.

git-svn-id: https://svn.middleware.georgetown.edu/cpp-xmltooling/trunk@258 de75baf8-a10c-0410-a50a-987c0e22f00f

diff --git a/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp b/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp
index 703e285..08a30bd 100644 (file)
--- a/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp
+++ b/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp
@@ -231,23 +231,31 @@ bool ExplicitKeyTrustEngine::validate(
                 case XSECCryptoKey::KEY_RSA_PUBLIC:
                 {
                     RSA* rsa = static_cast<OpenSSLCryptoKeyRSA*>(key.get())->getOpenSSLRSA();
-                    EVP_PKEY* evp = certEE->cert_info->key->pkey;
+                    EVP_PKEY* evp = X509_PUBKEY_get(X509_get_X509_PUBKEY(certEE));
                     if (rsa && evp && evp->type == EVP_PKEY_RSA &&
-                            BN_cmp(rsa->n,evp->pkey.rsa->n) == 0 && BN_cmp(rsa->e,evp->pkey.rsa->e) != 0) {
+                            BN_cmp(rsa->n,evp->pkey.rsa->n) == 0 && BN_cmp(rsa->e,evp->pkey.rsa->e) == 0) {
                         log.debug("end-entity certificate matches peer RSA key information");
+                        if (evp)
+                            EVP_PKEY_free(evp);
                         return true;
                     }
+                    if (evp)
+                        EVP_PKEY_free(evp);
                     break;
                 }
                 
                 case XSECCryptoKey::KEY_DSA_PUBLIC:
                 {
                     DSA* dsa = static_cast<OpenSSLCryptoKeyDSA*>(key.get())->getOpenSSLDSA();
-                    EVP_PKEY* evp = certEE->cert_info->key->pkey;
+                    EVP_PKEY* evp = X509_PUBKEY_get(X509_get_X509_PUBKEY(certEE));
                     if (dsa && evp && evp->type == EVP_PKEY_DSA && BN_cmp(dsa->pub_key,evp->pkey.dsa->pub_key) == 0) {
                         log.debug("end-entity certificate matches peer DSA key information");
+                        if (evp)
+                            EVP_PKEY_free(evp);
                         return true;
                     }
+                    if (evp)
+                        EVP_PKEY_free(evp);
                     break;
                 }
 

diff --git a/xmltooling/soap/impl/CURLSOAPTransport.cpp b/xmltooling/soap/impl/CURLSOAPTransport.cpp
index 9741d4b..83d3da9 100644 (file)
--- a/xmltooling/soap/impl/CURLSOAPTransport.cpp
+++ b/xmltooling/soap/impl/CURLSOAPTransport.cpp
@@ -263,6 +263,8 @@ CURL* CURLPool::get(const string& to, const char* endpoint)
     curl_easy_setopt(handle,CURLOPT_NOSIGNAL,1);
     curl_easy_setopt(handle,CURLOPT_FAILONERROR,1);
     curl_easy_setopt(handle,CURLOPT_SSLVERSION,3);
+    // Verification of the peer is via TrustEngine only.
+    curl_easy_setopt(handle,CURLOPT_SSL_VERIFYPEER,0);
     curl_easy_setopt(handle,CURLOPT_SSL_VERIFYHOST,2);
     curl_easy_setopt(handle,CURLOPT_HEADERFUNCTION,&curl_header_hook);
     curl_easy_setopt(handle,CURLOPT_READFUNCTION,&curl_read_hook);
@@ -399,9 +401,6 @@ void CURLSOAPTransport::send(istream& in)
         curl_easy_setopt(m_handle,CURLOPT_SSL_CTX_DATA,NULL);
     }
     
-    // Verification of the peer is via TrustEngine only.
-    curl_easy_setopt(m_handle,CURLOPT_SSL_VERIFYPEER,0);
-
     // Make the call.
     log.debug("sending SOAP message to %s", m_endpoint.c_str());
     if (curl_easy_perform(m_handle) != CURLE_OK) {