forked from wolfSSL/wolfssl
add discardSessionCerts flag for verify callback
This commit is contained in:
toddouska
@@ -134,14 +134,13 @@ typedef struct CYASSL_X509_OBJECT {
|
|||||||
} CYASSL_X509_OBJECT;
|
} CYASSL_X509_OBJECT;
|
||||||
|
|
||||||
|
|
||||||
/* in internal.h too, change there !! */
|
|
||||||
typedef struct CYASSL_X509_STORE_CTX {
|
typedef struct CYASSL_X509_STORE_CTX {
|
||||||
int error;
|
|
||||||
int error_depth;
|
|
||||||
CYASSL_X509* current_cert; /* stunnel dereference */
|
CYASSL_X509* current_cert; /* stunnel dereference */
|
||||||
char* domain; /* subject CN domain name */
|
char* domain; /* subject CN domain name */
|
||||||
void* ex_data; /* external data, for fortress build */
|
void* ex_data; /* external data, for fortress build */
|
||||||
/* in internal.h too, change there !! */
|
int error; /* current error */
|
||||||
|
int error_depth; /* cert depth for this error */
|
||||||
|
int discardSessionCerts; /* so verify callback can flag for discard */
|
||||||
} CYASSL_X509_STORE_CTX;
|
} CYASSL_X509_STORE_CTX;
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -3107,6 +3107,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
|||||||
|
|
||||||
store.error = ret;
|
store.error = ret;
|
||||||
store.error_depth = totalCerts;
|
store.error_depth = totalCerts;
|
||||||
|
store.discardSessionCerts = 0;
|
||||||
store.domain = domain;
|
store.domain = domain;
|
||||||
#ifdef KEEP_PEER_CERT
|
#ifdef KEEP_PEER_CERT
|
||||||
store.current_cert = &ssl->peerCert;
|
store.current_cert = &ssl->peerCert;
|
||||||
@@ -3121,6 +3122,12 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
|||||||
CYASSL_MSG("Verify callback overriding error!");
|
CYASSL_MSG("Verify callback overriding error!");
|
||||||
ret = 0;
|
ret = 0;
|
||||||
}
|
}
|
||||||
|
#ifdef SESSION_CERTS
|
||||||
|
if (store.discardSessionCerts) {
|
||||||
|
CYASSL_MSG("Verify callback requested discard sess certs");
|
||||||
|
ssl->session.chain.count = 0;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
SendAlert(ssl, alert_fatal, why); /* try to send */
|
SendAlert(ssl, alert_fatal, why); /* try to send */
|
||||||
@@ -3137,6 +3144,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
|||||||
|
|
||||||
store.error = ret;
|
store.error = ret;
|
||||||
store.error_depth = totalCerts;
|
store.error_depth = totalCerts;
|
||||||
|
store.discardSessionCerts = 0;
|
||||||
store.domain = domain;
|
store.domain = domain;
|
||||||
store.current_cert = &ssl->peerCert;
|
store.current_cert = &ssl->peerCert;
|
||||||
store.ex_data = ssl;
|
store.ex_data = ssl;
|
||||||
@@ -3148,6 +3156,12 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
|||||||
SendAlert(ssl, alert_fatal, bad_certificate);
|
SendAlert(ssl, alert_fatal, bad_certificate);
|
||||||
ssl->options.isClosed = 1;
|
ssl->options.isClosed = 1;
|
||||||
}
|
}
|
||||||
|
#ifdef SESSION_CERTS
|
||||||
|
if (store.discardSessionCerts) {
|
||||||
|
CYASSL_MSG("Verify callback requested discard sess certs");
|
||||||
|
ssl->session.chain.count = 0;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Reference in New Issue
Block a user