neon SSL use with Twisted

[Tom C]

On 1/7/2010 11:51 AM, Helge Heß wrote:
> On 07.01.2010, at 20:46, Tom C wrote:
>
>> I have a good idea why this is happening.  Give a couple of hours and I'll send a patch.
>>

Before testing the patch, insert neon_debug_mask = 258 intro your 
cadaverrc file, run the command, capturing the output.

The included patch provides an approximation to the 0.28.x ssl behavior. 
  Give this a try.

Whatever the outcome, please capture the output and send it.

Thanks.

~ Tom

Index: src/ne_openssl.c
===================================================================
--- src/ne_openssl.c    (revision 1776)
+++ src/ne_openssl.c    (working copy)
@@ -383,7 +383,10 @@
       case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
       case X509_V_ERR_CERT_UNTRUSTED:
       case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
-        failures |= NE_SSL_UNTRUSTED;
+    case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+    case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+    case X509_V_ERR_INVALID_CA:
+        failures |= depth > 0 ? NE_SSL_BADCHAIN : NE_SSL_UNTRUSTED;
           break;
       case X509_V_ERR_CERT_NOT_YET_VALID:
           failures |= depth > 0 ? NE_SSL_BADCHAIN : NE_SSL_NOTYETVALID;
@@ -399,7 +402,7 @@
           sess->ssl_context->failures |= NE_SSL_UNHANDLED;
           NE_DEBUG(NE_DBG_SSL, "ssl: Unhandled verification error %d -> 
%s\n",
                    err, X509_verify_cert_error_string(err));
-        return 0;
+        return 1;
       }

       sess->ssl_context->failures |= failures;
@@ -455,7 +458,8 @@
           ne_set_error(sess, _("Certificate verification error: %s"),
                       X509_verify_cert_error_string(result));

-        return NE_ERROR;
+        /* FALL THROUGH */
+    /* return NE_ERROR; */
       }

       /* Check certificate was issued to this server; pass URI of