allow peer cert get even on fatal verify

2025-08-01 03:34:39 +02:00 · 2012-04-09 11:56:28 -07:00
parent 3001804c51
commit 607fcb2f3d
2 changed files with 12 additions and 9 deletions
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -1016,6 +1016,8 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
    cert->signature       = 0;
    cert->subjectCN       = 0;
    cert->subjectCNLen    = 0;
+    cert->issuer[0]       = '\0';
+    cert->subject[0]      = '\0';
    cert->source          = source;  /* don't own */
    cert->srcIdx          = 0;
    cert->maxIdx          = inSz;    /* can't go over this index */
--- a/src/internal.c
+++ b/src/internal.c
@@ -1624,21 +1624,15 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
            }
        }

-        if (fatal) {
-            FreeDecodedCert(&dCert);
-            ssl->error = ret;
-            return ret;
-        }
-        ssl->options.havePeerCert = 1;
-        /* set X509 format */
 #ifdef OPENSSL_EXTRA
+        /* set X509 format for peer cert even if fatal */
        XSTRNCPY(ssl->peerCert.issuer.name, dCert.issuer, ASN_NAME_MAX);
        ssl->peerCert.issuer.name[ASN_NAME_MAX - 1] = '\0';
-        ssl->peerCert.issuer.sz = (int)XSTRLEN(dCert.issuer) + 1;
+        ssl->peerCert.issuer.sz = (int)XSTRLEN(ssl->peerCert.issuer.name) + 1;

        XSTRNCPY(ssl->peerCert.subject.name, dCert.subject, ASN_NAME_MAX);
        ssl->peerCert.subject.name[ASN_NAME_MAX - 1] = '\0';
-        ssl->peerCert.subject.sz   = (int)XSTRLEN(dCert.subject) + 1;
+        ssl->peerCert.subject.sz = (int)XSTRLEN(ssl->peerCert.subject.name) + 1;

        XMEMCPY(ssl->peerCert.serial, dCert.serial, EXTERNAL_SERIAL_SIZE);
        ssl->peerCert.serialSz = dCert.serialSz;
@@ -1658,6 +1652,13 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
        ssl->peerCert.derCert.length = myCert.length;
 #endif    

+        if (fatal) {
+            FreeDecodedCert(&dCert);
+            ssl->error = ret;
+            return ret;
+        }
+        ssl->options.havePeerCert = 1;
+
        /* store for callback use */
        if (dCert.subjectCNLen < ASN_NAME_MAX) {
            XMEMCPY(domain, dCert.subjectCN, dCert.subjectCNLen);