add option to always call verify callback with CYASSL_ALWAYS_VERIFY_CB

2013-10-14 15:04:26 -06:00
parent 0126a39d68
commit dba488ba70
3 changed files with 5 additions and 2 deletions
--- a/configure.ac
+++ b/configure.ac
@ -181,7 +181,7 @@ AC_ARG_ENABLE([fortress],
 if test "$ENABLED_FORTRESS" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD -DCYASSL_SHA512 -DCYASSL_SHA384 -DCYASSL_KEY_GEN"
+    AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DCYASSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD -DCYASSL_SHA512 -DCYASSL_SHA384 -DCYASSL_KEY_GEN"
 fi
--- a/cyassl/test.h
+++ b/cyassl/test.h
@ -863,6 +863,7 @@ static INLINE unsigned int my_psk_server_cb(CYASSL* ssl, const char* identity,
 static INLINE int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
 {
    (void)preverify;
    char buffer[CYASSL_MAX_ERROR_SZ];
 #ifdef OPENSSL_EXTRA
--- a/src/internal.c
+++ b/src/internal.c
@ -3391,7 +3391,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
        }
        ssl->error = ret;
    }
-#ifdef FORTRESS
+#ifdef CYASSL_ALWAYS_VERIFY_CB
    else {
        if (ssl->verifyCallback) {
            int ok;
@ -3402,7 +3402,9 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
            store.discardSessionCerts = 0;
            store.domain = domain;
            store.userCtx = ssl->verifyCbCtx;
 #ifdef KEEP_PEER_CERT
            store.current_cert = &ssl->peerCert;
 #endif
            store.ex_data = ssl;
            ok = ssl->verifyCallback(1, &store);