feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

fix crl problem error out if verify peer disabled

Browse Source
This commit is contained in:
toddouska
2014-07-03 12:13:41 -07:00
parent 2d63c559cc
commit 8a3b3b03d2
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/internal.c
View File

@@ -4161,8 +4161,6 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx,
if (anyError != 0 && ret == 0) if (anyError != 0 && ret == 0)
ret = anyError; ret = anyError;
if (ret == 0 && ssl->options.side == CYASSL_CLIENT_END)
ssl->options.serverState = SERVER_CERT_COMPLETE;
if (ret != 0) { if (ret != 0) {
if (!ssl->options.verifyNone) { if (!ssl->options.verifyNone) {
@@ -4238,6 +4236,15 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx,
} }
#endif #endif
if (ssl->options.verifyNone &&
(ret == CRL_MISSING || ret == CRL_CERT_REVOKED)) {
CYASSL_MSG("Ignoring CRL problem based on verify setting");
ret = ssl->error = 0;
}
if (ret == 0 && ssl->options.side == CYASSL_CLIENT_END)
ssl->options.serverState = SERVER_CERT_COMPLETE;
return ret; return ret;
} }