wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Signature check compatibility

Browse Source
This commit is contained in:
Takashi Kojo
2017-08-31 06:28:09 +09:00
committed by Jacob Barthelmeh
parent 2fdf98ebd4
commit 6f44969e23
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/internal.c
View File

@@ -8645,6 +8645,16 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
#endif /* KEEP_PEER_CERT */
#ifndef IGNORE_KEY_EXTENSIONS
#if defined(OPENSSL_EXTRA)
/* when compatibility layer is turned on and no verify is
* set then ignore the certificate key extension */
if (args->dCert->extKeyUsageSet &&
args->dCert->extKeyUsageCrit == 0 &&
ssl->options.verifyNone) {
WOLFSSL_MSG("Not verifying certificate key usage");
}
else
#endif
if (args->dCert->extKeyUsageSet) {
if ((ssl->specs.kea == rsa_kea) &&
(ssl->options.side == WOLFSSL_CLIENT_END) &&
@@ -8660,6 +8670,16 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
}
}
#if defined(OPENSSL_EXTRA)
/* when compatibility layer is turned on and no verify is
* set then ignore the certificate key extension */
if (args->dCert->extExtKeyUsageSet &&
args->dCert->extExtKeyUsageCrit == 0 &&
ssl->options.verifyNone) {
WOLFSSL_MSG("Not verifying certificate ext key usage");
}
else
#endif
if (args->dCert->extExtKeyUsageSet) {
if (ssl->options.side == WOLFSSL_CLIENT_END) {
if ((args->dCert->extExtKeyUsage &