feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Signature check compatibility

Browse Source
This commit is contained in:
Takashi Kojo
2017-08-31 06:28:09 +09:00
committed by Jacob Barthelmeh
parent 2fdf98ebd4
commit 6f44969e23
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/internal.c
View File

@@ -8645,6 +8645,16 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#endif /* KEEP_PEER_CERT */ #endif /* KEEP_PEER_CERT */
#ifndef IGNORE_KEY_EXTENSIONS #ifndef IGNORE_KEY_EXTENSIONS
#if defined(OPENSSL_EXTRA)
/* when compatibility layer is turned on and no verify is
* set then ignore the certificate key extension */
if (args->dCert->extKeyUsageSet &&
args->dCert->extKeyUsageCrit == 0 &&
ssl->options.verifyNone) {
WOLFSSL_MSG("Not verifying certificate key usage");
}
else
#endif
if (args->dCert->extKeyUsageSet) { if (args->dCert->extKeyUsageSet) {
if ((ssl->specs.kea == rsa_kea) && if ((ssl->specs.kea == rsa_kea) &&
(ssl->options.side == WOLFSSL_CLIENT_END) && (ssl->options.side == WOLFSSL_CLIENT_END) &&
@@ -8660,6 +8670,16 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
} }
} }
#if defined(OPENSSL_EXTRA)
/* when compatibility layer is turned on and no verify is
* set then ignore the certificate key extension */
if (args->dCert->extExtKeyUsageSet &&
args->dCert->extExtKeyUsageCrit == 0 &&
ssl->options.verifyNone) {
WOLFSSL_MSG("Not verifying certificate ext key usage");
}
else
#endif
if (args->dCert->extExtKeyUsageSet) { if (args->dCert->extExtKeyUsageSet) {
if (ssl->options.side == WOLFSSL_CLIENT_END) { if (ssl->options.side == WOLFSSL_CLIENT_END) {
if ((args->dCert->extExtKeyUsage & if ((args->dCert->extExtKeyUsage &