wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

SSL: refactor to allow session override or mode

Browse Source
This commit is contained in:
Elms
2021-01-21 16:03:02 -08:00
parent 7112a6dd78
commit 95d83c9856
2 changed files with 39 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/ssl.c
View File

@ -10632,6 +10632,11 @@ void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc)
if (ctx == NULL)
return;
ctx->verifyPeer = 0;
ctx->verifyNone = 0;
ctx->failNoCert = 0;
ctx->failNoCertxPSK = 0;
if (mode & WOLFSSL_VERIFY_PEER) {
ctx->verifyPeer = 1;
ctx->verifyNone = 0; /* in case previously set */
@ -10674,6 +10679,11 @@ void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback vc)
if (ssl == NULL)
return;
ssl->options.verifyPeer = 0;
ssl->options.verifyNone = 0;
ssl->options.failNoCert = 0;
ssl->options.failNoCertxPSK = 0;
if (mode & WOLFSSL_VERIFY_PEER) {
ssl->options.verifyPeer = 1;
ssl->options.verifyNone = 0; /* in case previously set */
@ -45678,11 +45688,25 @@ int wolfSSL_SESSION_print(WOLFSSL_BIO *bp, const WOLFSSL_SESSION *x)
|| defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
int wolfSSL_get_verify_mode(WOLFSSL* ssl) {
if(ssl == NULL) {
return BAD_FUNC_ARG;
}
int mode = 0;
WOLFSSL_ENTER("wolfSSL_get_verify_mode");
return wolfSSL_CTX_get_verify_mode(ssl->ctx);
if(!ssl)
return WOLFSSL_FATAL_ERROR;
if (ssl->options.verifyPeer)
mode |= WOLFSSL_VERIFY_PEER;
else if (ssl->options.verifyNone)
mode |= WOLFSSL_VERIFY_NONE;
if (ssl->options.failNoCert)
mode |= WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT;
if (ssl->options.failNoCertxPSK)
mode |= WOLFSSL_VERIFY_FAIL_EXCEPT_PSK;
WOLFSSL_LEAVE("wolfSSL_get_verify_mode", mode);
return mode;
}
int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx)

11
tests/api.c
View File

@ -32095,6 +32095,11 @@ static void test_wolfSSL_verify_mode(void)
AssertNotNull(ssl = SSL_new(ctx));
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER);
wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0);
AssertIntEQ(SSL_CTX_get_verify_mode(ctx), SSL_VERIFY_PEER);
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE);
SSL_free(ssl);
wolfSSL_CTX_set_verify(ctx,
@ -32103,6 +32108,12 @@ static void test_wolfSSL_verify_mode(void)
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
AssertIntEQ(SSL_get_verify_mode(ssl),
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
wolfSSL_set_verify(ssl, SSL_VERIFY_PEER, 0);
AssertIntEQ(SSL_CTX_get_verify_mode(ctx),
WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER);
SSL_free(ssl);
SSL_CTX_free(ctx);