forked from wolfSSL/wolfssl
build condition for SendAlerts and fix free of x509 store
This commit is contained in:
Jacob Barthelmeh
@ -8439,10 +8439,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
wolfSSL_sk_X509_free(store->chain);
|
wolfSSL_sk_X509_free(store->chain);
|
||||||
store->chain = NULL;
|
store->chain = NULL;
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
|
||||||
XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509);
|
|
||||||
XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE);
|
|
||||||
#endif
|
|
||||||
#ifdef SESSION_CERTS
|
#ifdef SESSION_CERTS
|
||||||
if (store->discardSessionCerts) {
|
if (store->discardSessionCerts) {
|
||||||
WOLFSSL_MSG("Verify callback requested discard sess certs");
|
WOLFSSL_MSG("Verify callback requested discard sess certs");
|
||||||
@ -8452,6 +8448,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
#endif /* SESSION_CERTS */
|
#endif /* SESSION_CERTS */
|
||||||
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
|
XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509);
|
||||||
|
XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
SendAlert(ssl, alert_fatal, why); /* try to send */
|
SendAlert(ssl, alert_fatal, why); /* try to send */
|
||||||
@ -8525,10 +8525,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
wolfSSL_sk_X509_free(store->chain);
|
wolfSSL_sk_X509_free(store->chain);
|
||||||
store->chain = NULL;
|
store->chain = NULL;
|
||||||
#endif
|
#endif
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
|
||||||
XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE);
|
|
||||||
XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509);
|
|
||||||
#endif
|
|
||||||
#ifdef SESSION_CERTS
|
#ifdef SESSION_CERTS
|
||||||
if (store->discardSessionCerts) {
|
if (store->discardSessionCerts) {
|
||||||
WOLFSSL_MSG("Verify callback requested discard sess certs");
|
WOLFSSL_MSG("Verify callback requested discard sess certs");
|
||||||
@ -8538,6 +8534,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
#endif /* SESSION_CERTS */
|
#endif /* SESSION_CERTS */
|
||||||
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
|
XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE);
|
||||||
|
XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* WOLFSSL_ALWAYS_VERIFY_CB */
|
#endif /* WOLFSSL_ALWAYS_VERIFY_CB */
|
||||||
@ -8614,8 +8614,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
}
|
}
|
||||||
else if (ret == ASN_PARSE_E || ret == BUFFER_E) {
|
else if (ret == ASN_PARSE_E || ret == BUFFER_E) {
|
||||||
WOLFSSL_MSG("Got Peer cert ASN PARSE or BUFFER ERROR");
|
WOLFSSL_MSG("Got Peer cert ASN PARSE or BUFFER ERROR");
|
||||||
SendAlert(ssl, alert_fatal, bad_certificate);
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
|
SendAlert(ssl, alert_fatal, bad_certificate);
|
||||||
ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
|
ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
|
||||||
#endif
|
#endif
|
||||||
args->fatal = 1;
|
args->fatal = 1;
|
||||||
@ -8632,10 +8632,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
WOLFSSL_MSG("\tNo callback override available, fatal");
|
WOLFSSL_MSG("\tNo callback override available, fatal");
|
||||||
SendAlert(ssl, alert_fatal, bad_certificate);
|
|
||||||
args->fatal = 1;
|
args->fatal = 1;
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
SendAlert(ssl, alert_fatal, bad_certificate);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||||
if (args->fatal == 0 && ssl->secure_renegotiation
|
if (args->fatal == 0 && ssl->secure_renegotiation
|
||||||
&& ssl->secure_renegotiation->enabled) {
|
&& ssl->secure_renegotiation->enabled) {
|
||||||
@ -8805,8 +8808,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||||||
|
|
||||||
if (args->fatal) {
|
if (args->fatal) {
|
||||||
ssl->error = ret;
|
ssl->error = ret;
|
||||||
SendAlert(ssl, alert_fatal, bad_certificate);
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
|
SendAlert(ssl, alert_fatal, bad_certificate);
|
||||||
ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
|
ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
|
||||||
#endif
|
#endif
|
||||||
goto exit_ppc;
|
goto exit_ppc;
|
||||||
|
|||||||
@ -343,7 +343,7 @@ typedef struct WOLFSSL_X509_STORE_CTX {
|
|||||||
void* ex_data; /* external data, for fortress build */
|
void* ex_data; /* external data, for fortress build */
|
||||||
void* userCtx; /* user ctx */
|
void* userCtx; /* user ctx */
|
||||||
int error; /* current error */
|
int error; /* current error */
|
||||||
int error_depth; /* cert depth for this error */
|
int error_depth; /* index of cert depth for this error */
|
||||||
int discardSessionCerts; /* so verify callback can flag for discard */
|
int discardSessionCerts; /* so verify callback can flag for discard */
|
||||||
int totalCerts; /* number of peer cert buffers */
|
int totalCerts; /* number of peer cert buffers */
|
||||||
WOLFSSL_BUFFER_INFO* certs; /* peer certs */
|
WOLFSSL_BUFFER_INFO* certs; /* peer certs */
|
||||||
|
|||||||
Reference in New Issue
Block a user