wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 22:42:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

ANCV: support server-side policy creation

Browse Source
This commit is contained in:
Brett
2026-01-14 15:34:58 -07:00
parent 22a9665e6d
commit 65a2b06d89
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/internal.c
View File

@@ -42028,12 +42028,17 @@ static int DoAppleNativeCertValidation(WOLFSSL* ssl,
kCFAllocatorDefault, (const char*)ssl->buffers.domainName.buffer,
kCFStringEncodingUTF8);
}
if (hostname != NULL) {
policy = SecPolicyCreateSSL(true, hostname);
}
else {
policy = SecPolicyCreateSSL(true, NULL);
/* If we're the client, we're validating the server's cert - use server
* policy (true). If we're the server, we're validating the client's cert -
* use client policy (false). Hostname validation only applies to server
* certs. */
{
int isServerCert = (ssl->options.side == WOLFSSL_CLIENT_END);
policy = SecPolicyCreateSSL(isServerCert,
isServerCert ? hostname : NULL);
}
status = SecTrustCreateWithCertificates(certArray, policy, &trust);
if (status != errSecSuccess) {
WOLFSSL_MSG_EX("Error creating trust object, "