feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Small changes per review comments

Browse Source
This commit is contained in:
Colton Willey
2024-10-22 10:59:35 -07:00
committed by Daniel Pouzzner
parent 3fc3a84a6b
commit 4c63668295
3 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/x509_str.c
View File

@ -43,6 +43,7 @@ static int X509StoreAddCa(WOLFSSL_X509_STORE* store,
WOLFSSL_X509* x509, int type); WOLFSSL_X509* x509, int type);
#endif #endif
/* Based on OpenSSL default max depth */
#ifndef WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH #ifndef WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH
#define WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH 100 #define WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH 100
#endif #endif
@ -264,9 +265,9 @@ static int X509StoreVerifyCert(WOLFSSL_X509_STORE_CTX* ctx)
if (ret != WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) && if (ret != WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) &&
ret != WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) { ret != WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) {
/* wolfSSL_CertManagerVerifyBuffer only returns ASN_AFTER_DATE_E or /* wolfSSL_CertManagerVerifyBuffer only returns ASN_AFTER_DATE_E or
ASN_BEFORE_DATE_E if there are no additional errors found in the * ASN_BEFORE_DATE_E if there are no additional errors found in the
cert. Therefore, check if the cert is expired or not yet valid * cert. Therefore, check if the cert is expired or not yet valid
in order to return the correct expected error. */ * in order to return the correct expected error. */
byte *afterDate = ctx->current_cert->notAfter.data; byte *afterDate = ctx->current_cert->notAfter.data;
byte *beforeDate = ctx->current_cert->notBefore.data; byte *beforeDate = ctx->current_cert->notBefore.data;
@ -333,7 +334,7 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
ret = wolfSSL_sk_X509_push(certs, ret = wolfSSL_sk_X509_push(certs,
wolfSSL_sk_X509_value(ctx->ctxIntermediates, i)); wolfSSL_sk_X509_value(ctx->ctxIntermediates, i));
if (ret <= 0) { if (ret <= 0) {
return WOLFSSL_FAILURE; goto exit;
} }
numInterAdd++; numInterAdd++;

2
tests/api.c
View File

@ -60424,6 +60424,8 @@ static int test_X509_STORE_untrusted(void)
/* Root CA in untrusted chain is OK */ /* Root CA in untrusted chain is OK */
ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 1), ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 1),
TEST_SUCCESS); TEST_SUCCESS);
ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 0),
TEST_SUCCESS);
/* Succeeds because path to loaded CA is available. */ /* Succeeds because path to loaded CA is available. */
ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted4, 1, 0, 1), ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted4, 1, 0, 1),
TEST_SUCCESS); TEST_SUCCESS);

3
wolfssl/ssl.h
View File

@ -3324,7 +3324,8 @@ enum {
WOLFSSL_USER_CA = 1, /* user added as trusted */ WOLFSSL_USER_CA = 1, /* user added as trusted */
WOLFSSL_CHAIN_CA = 2, /* added to cache from trusted chain */ WOLFSSL_CHAIN_CA = 2, /* added to cache from trusted chain */
WOLFSSL_INTER_CA = 3 /* Intermediate CA */ WOLFSSL_INTER_CA = 3 /* Intermediate CA, only for use by
* X509_STORE */
}; };
WOLFSSL_ABI WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl); WOLFSSL_ABI WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl);