feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Send more detail alerts for bad certificates

Browse Source
This commit is contained in:
Sean Parkinson
2020-07-17 10:58:59 +10:00
parent 61d81dd878
commit c45e192581
1 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/internal.c
View File

@ -11062,8 +11062,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
} }
else if (ret == ASN_PARSE_E || ret == BUFFER_E) { else if (ret == ASN_PARSE_E || ret == BUFFER_E) {
WOLFSSL_MSG("Got Peer cert ASN PARSE or BUFFER ERROR"); WOLFSSL_MSG("Got Peer cert ASN PARSE or BUFFER ERROR");
#if defined(WOLFSSL_EXTRA_ALERTS) || defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)
DoCertFatalAlert(ssl, ret);
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
SendAlert(ssl, alert_fatal, bad_certificate);
ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED; ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
#endif #endif
args->fatal = 1; args->fatal = 1;
@ -11078,12 +11081,20 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
"\tCallback override available, will continue"); "\tCallback override available, will continue");
/* check if fatal error */ /* check if fatal error */
args->fatal = (args->verifyErr) ? 1 : 0; args->fatal = (args->verifyErr) ? 1 : 0;
#if defined(WOLFSSL_EXTRA_ALERTS) || \
defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)
if (args->fatal)
DoCertFatalAlert(ssl, ret);
#endif
} }
else { else {
WOLFSSL_MSG("\tNo callback override available, fatal"); WOLFSSL_MSG("\tNo callback override available, fatal");
args->fatal = 1; args->fatal = 1;
#ifdef OPENSSL_EXTRA #if defined(WOLFSSL_EXTRA_ALERTS) || \
SendAlert(ssl, alert_fatal, bad_certificate); defined(OPENSSL_EXTRA) || \
defined(OPENSSL_EXTRA_X509_SMALL)
DoCertFatalAlert(ssl, ret);
#endif #endif
} }
} }