Add the peer cert buffer and count to the X509_STORE_CTX used for the verify callback. Fixes #627.

2025-08-03 20:54:41 +02:00 · 2016-11-22 11:45:00 -08:00
parent b61e6e1219
commit 5b76a37234
3 changed files with 17 additions and 7 deletions
--- a/src/internal.c
+++ b/src/internal.c
@@ -6861,6 +6861,7 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
        return MEMORY_E;
    }
 #endif
+    XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE_CTX));

    if (anyError != 0 && ret == 0)
        ret = anyError;
@@ -6879,6 +6880,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                store->discardSessionCerts = 0;
                store->domain = domain;
                store->userCtx = ssl->verifyCbCtx;
+                store->certs = certs;
+                store->totalCerts = totalCerts;
 #ifdef KEEP_PEER_CERT
                store->current_cert = &ssl->peerCert;
 #else
@@ -6916,6 +6919,8 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
            store->discardSessionCerts = 0;
            store->domain = domain;
            store->userCtx = ssl->verifyCbCtx;
+            store->certs = certs;
+            store->totalCerts = totalCerts;
 #ifdef KEEP_PEER_CERT
            store->current_cert = &ssl->peerCert;
 #endif
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -175,6 +175,8 @@ typedef struct WOLFSSL_X509_STORE_CTX {
    int   error;                 /* current error */
    int   error_depth;           /* cert depth for this error */
    int   discardSessionCerts;   /* so verify callback can flag for discard */
+    int   totalCerts;            /* number of peer cert buffers */
+    struct buffer* certs;        /* peer certs */
 } WOLFSSL_X509_STORE_CTX;


--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -1143,17 +1143,20 @@ static INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
                                       wolfSSL_X509_get_issuer_name(peer), 0, 0);
        char* subject = wolfSSL_X509_NAME_oneline(
                                      wolfSSL_X509_get_subject_name(peer), 0, 0);
-        printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer,
+        printf("\tPeer's cert info:\n issuer : %s\n subject: %s\n", issuer,
                                                                  subject);
        XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
        XFREE(issuer,  0, DYNAMIC_TYPE_OPENSSL);
    }
    else
-        printf("peer has no cert!\n");
+        printf("\tPeer has no cert!\n");
+#else
+    printf("\tPeer certs: %d\n", store->totalCerts);
 #endif
-    printf("Subject's domain name is %s\n", store->domain);

-    printf("Allowing to continue anyway (shouldn't do this, EVER!!!)\n");
+    printf("\tSubject's domain name is %s\n", store->domain);
+
+    printf("\tAllowing to continue anyway (shouldn't do this, EVER!!!)\n");
    return 1;
 }