From a19813eab29702cc945bc29c2094b1f4b97f526e Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Fri, 28 Jul 2017 15:36:33 +0900 Subject: [PATCH] CertificateVerify, getting past when the error is overridden by VerifyCallback --- src/internal.c | 12 ++++++++++-- wolfssl/internal.h | 1 + 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/src/internal.c b/src/internal.c index 416254ec7..7c3663481 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7871,6 +7871,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, XMEMSET(args, 0, sizeof(ProcPeerCertArgs)); args->idx = *inOutIdx; args->begin = *inOutIdx; + ssl->certErr_ovrdn = 0; #ifdef WOLFSSL_ASYNC_CRYPT ssl->async.freeArgs = FreeProcPeerCertArgs; #elif defined(WOLFSSL_NONBLOCK_OCSP) @@ -8993,7 +8994,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, } #ifdef WOLFSSL_ALWAYS_VERIFY_CB else { - if (ssl->verifyCallback) { + if (ssl->verifyCallback && !ssl->certErr_ovrdn) { int ok; store->error = ret; @@ -23430,7 +23431,11 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, FALL_THROUGH; case TLS_ASYNC_DO: - { + if(ssl->certErr_ovrdn){ + ssl->options.asyncState = TLS_ASYNC_FINALIZE; + ret = 0; + } + else { #ifndef NO_RSA if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) { WOLFSSL_MSG("Doing RSA peer cert verify"); @@ -23574,6 +23579,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, case TLS_ASYNC_END: { + if(ssl->certErr_ovrdn){ + ret = 0; + } break; } default: diff --git a/wolfssl/internal.h b/wolfssl/internal.h index d24c14904..fba9e761a 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3317,6 +3317,7 @@ struct WOLFSSL { #endif WOLFSSL_ALERT_HISTORY alert_history; int verifyDepth; + int certErr_ovrdn; /* overriden by VerifyCallback */ int error; int rfd; /* read file descriptor */ int wfd; /* write file descriptor */