feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

added more context

Browse Source
This commit is contained in:
Hideki Miyazaki
2021-06-18 11:10:13 +09:00
parent ddf2a0227f
commit 23fc810b3c
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/internal.c
View File

@@ -12397,7 +12397,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
} }
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
/* limit compliant with OpenSSL verify Depth + 1 */ /* limit compliant with OpenSSL verify Depth + 1
* OpenSSL tries to expand the chain one longer than limit until
* reaching an ultimately trusted issuer. Becoming failure if
* we hit the limit, with X509_V_ERR_CERT_CHAIN_TOO_LONG
*/
if (args->untrustedDepth > (ssl->options.verifyDepth + 1)) { if (args->untrustedDepth > (ssl->options.verifyDepth + 1)) {
ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG; ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG;
ret = MAX_CHAIN_ERROR; ret = MAX_CHAIN_ERROR;