wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

allow peer cert get even on fatal verify

Browse Source
This commit is contained in:
toddouska
2012-04-09 11:56:28 -07:00
parent 3001804c51
commit 607fcb2f3d
2 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ctaocrypt/src/asn.c
View File

@@ -1016,6 +1016,8 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap)
cert->signature = 0; cert->signature = 0;
cert->subjectCN = 0; cert->subjectCN = 0;
cert->subjectCNLen = 0; cert->subjectCNLen = 0;
cert->issuer[0] = '\0';
cert->subject[0] = '\0';
cert->source = source; /* don't own */ cert->source = source; /* don't own */
cert->srcIdx = 0; cert->srcIdx = 0;
cert->maxIdx = inSz; /* can't go over this index */ cert->maxIdx = inSz; /* can't go over this index */

19
src/internal.c
View File

@@ -1624,21 +1624,15 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
} }
} }
if (fatal) {
FreeDecodedCert(&dCert);
ssl->error = ret;
return ret;
}
ssl->options.havePeerCert = 1;
/* set X509 format */
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
/* set X509 format for peer cert even if fatal */
XSTRNCPY(ssl->peerCert.issuer.name, dCert.issuer, ASN_NAME_MAX); XSTRNCPY(ssl->peerCert.issuer.name, dCert.issuer, ASN_NAME_MAX);
ssl->peerCert.issuer.name[ASN_NAME_MAX - 1] = '\0'; ssl->peerCert.issuer.name[ASN_NAME_MAX - 1] = '\0';
ssl->peerCert.issuer.sz = (int)XSTRLEN(dCert.issuer) + 1; ssl->peerCert.issuer.sz = (int)XSTRLEN(ssl->peerCert.issuer.name) + 1;
XSTRNCPY(ssl->peerCert.subject.name, dCert.subject, ASN_NAME_MAX); XSTRNCPY(ssl->peerCert.subject.name, dCert.subject, ASN_NAME_MAX);
ssl->peerCert.subject.name[ASN_NAME_MAX - 1] = '\0'; ssl->peerCert.subject.name[ASN_NAME_MAX - 1] = '\0';
ssl->peerCert.subject.sz = (int)XSTRLEN(dCert.subject) + 1; ssl->peerCert.subject.sz = (int)XSTRLEN(ssl->peerCert.subject.name) + 1;
XMEMCPY(ssl->peerCert.serial, dCert.serial, EXTERNAL_SERIAL_SIZE); XMEMCPY(ssl->peerCert.serial, dCert.serial, EXTERNAL_SERIAL_SIZE);
ssl->peerCert.serialSz = dCert.serialSz; ssl->peerCert.serialSz = dCert.serialSz;
@@ -1658,6 +1652,13 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
ssl->peerCert.derCert.length = myCert.length; ssl->peerCert.derCert.length = myCert.length;
#endif #endif
if (fatal) {
FreeDecodedCert(&dCert);
ssl->error = ret;
return ret;
}
ssl->options.havePeerCert = 1;
/* store for callback use */ /* store for callback use */
if (dCert.subjectCNLen < ASN_NAME_MAX) { if (dCert.subjectCNLen < ASN_NAME_MAX) {
XMEMCPY(domain, dCert.subjectCN, dCert.subjectCNLen); XMEMCPY(domain, dCert.subjectCN, dCert.subjectCNLen);