feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

do not load example CA if not verifying peer

Browse Source
This commit is contained in:
Jacob Barthelmeh
2021-11-30 10:44:05 -07:00
parent d32f26de64
commit 0340b49ff9
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
examples/client/client.c
View File

@ -3015,7 +3015,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef TEST_BEFORE_DATE
verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY;
#endif
if (wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0, verify_flags)
if (doPeerCheck != 0 &&
wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0, verify_flags)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't load ca file, Please run from wolfSSL home dir");
@ -3027,13 +3028,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
#ifdef HAVE_ECC
/* load ecc verify too, echoserver uses it by default w/ ecc */
#ifdef NO_FILESYSTEM
if (wolfSSL_CTX_load_verify_buffer(ctx, ca_ecc_cert_der_256,
if (doPeerCheck != 0 &&
wolfSSL_CTX_load_verify_buffer(ctx, ca_ecc_cert_der_256,
sizeof_ca_ecc_cert_der_256, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't load ecc ca buffer");
}
#elif !defined(TEST_LOAD_BUFFER)
if (wolfSSL_CTX_load_verify_locations_ex(ctx, eccCertFile, 0, verify_flags)
if (doPeerCheck != 0 &&
wolfSSL_CTX_load_verify_locations_ex(ctx, eccCertFile, 0, verify_flags)
!= WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx); ctx = NULL;
err_sys("can't load ecc ca file, Please run from wolfSSL home dir");