wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2682 from SparkiDev/akid_name_check

Browse Source 
Check name hash after matching AKID
This commit is contained in:
toddouska
2019-12-18 13:08:19 -08:00
committed by GitHub
parent c054293926 c1218a541b
commit 573d045437
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
wolfcrypt/src/asn.c
View File

@ -8677,12 +8677,17 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
} else {
cert->ca = NULL;
#ifndef NO_SKID
if (cert->extAuthKeyIdSet)
if (cert->extAuthKeyIdSet) {
cert->ca = GetCA(cm, cert->extAuthKeyId);
}
if (cert->ca == NULL && cert->extSubjKeyIdSet \
&& verify != VERIFY_OCSP) {
cert->ca = GetCA(cm, cert->extSubjKeyId);
}
if (cert->ca != NULL && XMEMCMP(cert->issuerHash,
cert->ca->subjectNameHash, KEYID_SIZE) != 0) {
cert->ca = NULL;
}
if (cert->ca == NULL)
cert->ca = GetCAByName(cm, cert->issuerHash);
@ -8777,6 +8782,10 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
&& verify != VERIFY_OCSP) {
cert->ca = GetCA(cm, cert->extSubjKeyId);
}
if (cert->ca != NULL && XMEMCMP(cert->issuerHash,
cert->ca->subjectNameHash, KEYID_SIZE) != 0) {
cert->ca = NULL;
}
if (cert->ca == NULL)
cert->ca = GetCAByName(cm, cert->issuerHash);