feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Clarify logic for skipping call to AddCA.

Browse Source
This commit is contained in:
David Garske
2019-12-17 14:50:36 -08:00
parent 9b437384de
commit b126802c36
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/internal.c
View File

@ -10161,6 +10161,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
&& !args->haveTrustPeer && !args->haveTrustPeer
#endif /* WOLFSSL_TRUST_PEER_CERT */ #endif /* WOLFSSL_TRUST_PEER_CERT */
) { ) {
int skipAddCA = 0;
/* select last certificate */ /* select last certificate */
args->certIdx = args->count - 1; args->certIdx = args->count - 1;
@ -10268,12 +10270,15 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ret = 0; /* clear error and continue */ ret = 0; /* clear error and continue */
} }
/* do not add to certificate manager */
skipAddCA = 1;
} }
else /* do not add to certificate manager */
#endif /* WOLFSSL_ALT_CERT_CHAINS */ #endif /* WOLFSSL_ALT_CERT_CHAINS */
/* If valid CA then add to Certificate Manager */ /* If valid CA then add to Certificate Manager */
if (ret == 0 && args->dCert->isCA && !ssl->options.verifyNone) { if (ret == 0 && args->dCert->isCA &&
!ssl->options.verifyNone && !skipAddCA) {
buffer* cert = &args->certs[args->certIdx]; buffer* cert = &args->certs[args->certIdx];
/* Is valid CA */ /* Is valid CA */