forked from wolfSSL/wolfssl
JacobBarthelmeh
GitHub
4
src/io.c
4
src/io.c
@@ -1015,7 +1015,7 @@ static int process_http_response(int sfd, byte** respBuf,
|
||||
XMEMCPY(recvBuf, start, len);
|
||||
|
||||
/* receive the OCSP response data */
|
||||
do {
|
||||
while (len < recvBufSz) {
|
||||
result = (int)recv(sfd, (char*)recvBuf+len, recvBufSz-len, 0);
|
||||
if (result > 0)
|
||||
len += result;
|
||||
@@ -1023,7 +1023,7 @@ static int process_http_response(int sfd, byte** respBuf,
|
||||
WOLFSSL_MSG("process_http_response recv ocsp from peer failed");
|
||||
return -1;
|
||||
}
|
||||
} while (len != recvBufSz);
|
||||
}
|
||||
|
||||
*respBuf = recvBuf;
|
||||
return recvBufSz;
|
||||
|
||||
@@ -4570,7 +4570,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
|
||||
|
||||
InitDecodedCert(cert, der, sz, NULL);
|
||||
|
||||
if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, cm)) != 0) {
|
||||
if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm)) != 0) {
|
||||
WOLFSSL_MSG("ParseCert failed");
|
||||
}
|
||||
else if ((ret = CheckCertOCSP(cm->ocsp, cert, NULL)) != 0) {
|
||||
@@ -5046,7 +5046,7 @@ int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
|
||||
|
||||
InitDecodedCert(cert, der, sz, NULL);
|
||||
|
||||
if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, cm)) != 0) {
|
||||
if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_CRL, cm)) != 0) {
|
||||
WOLFSSL_MSG("ParseCert failed");
|
||||
}
|
||||
else if ((ret = CheckCertCRL(cm->crl, cert)) != 0) {
|
||||
|
||||
@@ -5074,7 +5074,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
|
||||
}
|
||||
#endif
|
||||
|
||||
if (verify && type != CA_TYPE && type != TRUSTED_PEER_TYPE) {
|
||||
if (verify != NO_VERIFY && type != CA_TYPE && type != TRUSTED_PEER_TYPE) {
|
||||
Signer* ca = NULL;
|
||||
#ifndef NO_SKID
|
||||
if (cert->extAuthKeyIdSet)
|
||||
@@ -5099,23 +5099,26 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
#endif /* HAVE_OCSP */
|
||||
/* try to confirm/verify signature */
|
||||
if (!ConfirmSignature(cert->source + cert->certBegin,
|
||||
cert->sigIndex - cert->certBegin,
|
||||
ca->publicKey, ca->pubKeySize, ca->keyOID,
|
||||
cert->signature, cert->sigLength, cert->signatureOID,
|
||||
cert->heap)) {
|
||||
WOLFSSL_MSG("Confirm signature failed");
|
||||
return ASN_SIG_CONFIRM_E;
|
||||
|
||||
if (verify == VERIFY) {
|
||||
/* try to confirm/verify signature */
|
||||
if (!ConfirmSignature(cert->source + cert->certBegin,
|
||||
cert->sigIndex - cert->certBegin,
|
||||
ca->publicKey, ca->pubKeySize, ca->keyOID,
|
||||
cert->signature, cert->sigLength, cert->signatureOID,
|
||||
cert->heap)) {
|
||||
WOLFSSL_MSG("Confirm signature failed");
|
||||
return ASN_SIG_CONFIRM_E;
|
||||
}
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
/* check that this cert's name is permitted by the signer's
|
||||
* name constraints */
|
||||
if (!ConfirmNameConstraints(ca, cert)) {
|
||||
WOLFSSL_MSG("Confirm name constraint failed");
|
||||
return ASN_NAME_INVALID_E;
|
||||
}
|
||||
#endif /* IGNORE_NAME_CONSTRAINTS */
|
||||
}
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
/* check that this cert's name is permitted by the signer's
|
||||
* name constraints */
|
||||
if (!ConfirmNameConstraints(ca, cert)) {
|
||||
WOLFSSL_MSG("Confirm name constraint failed");
|
||||
return ASN_NAME_INVALID_E;
|
||||
}
|
||||
#endif /* IGNORE_NAME_CONSTRAINTS */
|
||||
}
|
||||
else {
|
||||
/* no signer */
|
||||
|
||||
@@ -312,8 +312,10 @@ enum ExtKeyUsage_Sum { /* From RFC 5280 */
|
||||
|
||||
|
||||
enum VerifyType {
|
||||
NO_VERIFY = 0,
|
||||
VERIFY = 1
|
||||
NO_VERIFY = 0,
|
||||
VERIFY = 1,
|
||||
VERIFY_CRL = 2,
|
||||
VERIFY_OCSP = 3
|
||||
};
|
||||
|
||||
#ifdef WOLFSSL_CERT_EXT
|
||||
|
||||
Reference in New Issue
Block a user