not push CA, revert error code when being OpensslExtra mode

2025-07-30 02:37:28 +02:00 · 2021-05-27 14:54:32 +09:00
parent cd73cf3d0f
commit 976b6ae97c
2 changed files with 11 additions and 5 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -19048,6 +19048,12 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
 #else

    int error = (int)e;
+#ifdef OPENSSL_EXTRA
+    /* OpenSSL uses positive error codes */
+    if (error > 0) {
+        error = -error;
+    }
+#endif

    /* pass to wolfCrypt */
    if (error < MAX_CODE_E && error > MIN_CODE_E) {
--- a/src/ssl.c
+++ b/src/ssl.c
@ -18791,11 +18791,8 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
        }
        ret = DecodeToX509(x509, ssl->session.chain.certs[i].buffer,
                             ssl->session.chain.certs[i].length);
-        if (ret == 0 && 
-#if defined(WOLFSSL_QT)
-            ssl->options.side == WOLFSSL_CLIENT_END &&
-#endif
-            i == ssl->session.chain.count-1) {
+#if !defined(WOLFSSL_QT)
+        if (ret == 0 && i == ssl->session.chain.count-1) {
            /* On the last element in the chain try to add the CA chain
             * first if we have one for this cert */
            if (pushCAx509Chain(ssl->ctx->cm, x509, sk)
@ -18803,6 +18800,9 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
                ret = WOLFSSL_FATAL_ERROR;
            }
        }
+#else
+        (void)pushCAx509Chain;
+#endif

        if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
            WOLFSSL_MSG("Error decoding cert");