wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-05-05 00:14:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

addition to api tests and refactor location of trusted peer cert check

Browse Source
This commit is contained in:
Jacob Barthelmeh
2016-02-29 11:02:18 -07:00
parent 7df22ee210
commit 05d2cec7c1
6 changed files with 105 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files
wolfcrypt/src/asn.c
-30
View File
@@ -5015,36 +5015,6 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
#endif /* NO SKID */
WOLFSSL_MSG("About to verify certificate signature");
#ifdef WOLFSSL_TRUST_PEER_CERT
/* check for trusted peer cert */
{
TrustedPeerCert* tp = NULL;
#ifndef NO_SKID
if (cert->extAuthKeyIdSet)
tp = GetTrustedPeer(cm, cert->extAuthKeyId);
#else /* NO_SKID */
tp = GetTrustedPeer(cm, cert->issuerHash);
#endif /* NO SKID */
WOLFSSL_MSG("Checking for trusted peer cert");
if (tp == NULL) {
/* no trusted peer cert */
WOLFSSL_MSG("No matching trusted peer cert checking CAs");
} else if (MatchTrustedPeer(tp, cert)){
WOLFSSL_MSG("Found matching trusted peer cert");
if (badDate != 0)
return badDate;
if (criticalExt != 0)
return criticalExt;
return 0;
} else {
WOLFSSL_MSG("No matching trusted peer cert");
}
}
#endif /* WOLFSSL_TRUST_PEER_CERT */
if (ca) {
#ifdef HAVE_OCSP
/* Need the ca's public key hash for OCSP */