wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 11:44:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

add SendAlert(ssl, alert_fatal, bad_certificate);

Browse Source
This commit is contained in:
Takashi Kojo
2017-07-30 08:56:17 +09:00
committed by Jacob Barthelmeh
parent 401db67bcd
commit 2a4766198a
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/internal.c
View File

@@ -8421,7 +8421,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
if (!ok) { if (!ok) {
WOLFSSL_MSG("Verify callback overriding valid certificate!"); WOLFSSL_MSG("Verify callback overriding valid certificate!");
ret = -1; ret = -1;
SendAlert(ssl, alert_fatal, bad_certificate);
ssl->options.isClosed = 1; ssl->options.isClosed = 1;
} }
#ifndef NO_CERTS #ifndef NO_CERTS
@@ -8526,6 +8525,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
} }
else { else {
WOLFSSL_MSG("\tNo callback override available, fatal"); WOLFSSL_MSG("\tNo callback override available, fatal");
SendAlert(ssl, alert_fatal, bad_certificate);
args->fatal = 1; args->fatal = 1;
} }
} }
@@ -8678,6 +8678,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
if (args->fatal) { if (args->fatal) {
ssl->error = ret; ssl->error = ret;
SendAlert(ssl, alert_fatal, bad_certificate);
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED; ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
#endif #endif
@@ -23593,7 +23594,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
return ret; return ret;
} }
#endif /* WOLFSSL_ASYNC_CRYPT */ #endif /* WOLFSSL_ASYNC_CRYPT */
if (ret != 0){
SendAlert(ssl, alert_fatal, bad_certificate);
}
/* Digest is not allocated, so do this to prevent free */ /* Digest is not allocated, so do this to prevent free */
ssl->buffers.digest.buffer = NULL; ssl->buffers.digest.buffer = NULL;
ssl->buffers.digest.length = 0; ssl->buffers.digest.length = 0;