feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

check basic contsraint CA flag before adding as signer even if explicit add

Browse Source
This commit is contained in:
toddouska
2011-11-02 14:57:14 -07:00
parent 8ddd2185c2
commit 11d15f32b9
5 changed files with 90 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/ssl.c
View File

@@ -367,8 +367,8 @@ int CyaSSL_pending(CYASSL* ssl)
static CyaSSL_Mutex ca_mutex; /* CA signers mutex */
/* does CA already exist on list */
int IsCA(CYASSL_CTX* ctx, byte* hash)
/* does CA already exist on signer list */
int AlreadySigner(CYASSL_CTX* ctx, byte* hash)
{
Signer* signers;
int ret = 0;
@@ -421,7 +421,11 @@ int AddCA(CYASSL_CTX* ctx, buffer der)
ret = ParseCert(&cert, CA_TYPE, ctx->verifyPeer, 0);
CYASSL_MSG(" Parsed new CA");
if (ret == 0 && IsCA(ctx, cert.subjectHash)) {
if (ret == 0 && cert.isCA == 0) {
CYASSL_MSG(" Can't add as CA if not actually one");
ret = -1;
}
else if (ret == 0 && AlreadySigner(ctx, cert.subjectHash)) {
CYASSL_MSG(" Already have this CA, not adding again");
(void)ret;
}