wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8115 from miyazakh/ocsp_tls13_client

Browse Source 
Check Intermediate cert OCSP when using tls1.3 for client side
This commit is contained in:
Sean Parkinson
2024-10-31 11:13:01 +10:00
committed by GitHub
parent 4b8c9bbb6d 79a9e0a709
commit 89d2964320
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/internal.c
View File

@ -15232,7 +15232,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
else /* skips OCSP and force CRL check */ else /* skips OCSP and force CRL check */
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) #if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
if (IsAtLeastTLSv1_3(ssl->version)) { if (IsAtLeastTLSv1_3(ssl->version) &&
ssl->options.side == WOLFSSL_CLIENT_END &&
ssl->status_request) {
/* We check CSR in Certificate message sent from
* Server. Server side will check client
* certificates by traditional OCSP if enabled
*/
ret = TLSX_CSR_InitRequest_ex(ssl->extensions, ret = TLSX_CSR_InitRequest_ex(ssl->extensions,
args->dCert, ssl->heap, args->certIdx); args->dCert, ssl->heap, args->certIdx);
} }