wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 13:02:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow cert callback to override skipAddCA

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2023-04-21 09:42:57 +02:00
parent c4233e7aec
commit bf2c66a1cb
2 changed files with 120 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/internal.c
View File

@@ -13695,10 +13695,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ssl->peerVerifyRet = 0;
#endif
args->verifyErr = 0;
}
/* do not add to certificate manager */
skipAddCA = 1;
/* do not add to certificate manager */
skipAddCA = 1;
}
}
#endif /* WOLFSSL_ALT_CERT_CHAINS */
@@ -13711,7 +13711,12 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ret = ssl->error = 0;
}
#ifdef WOLFSSL_ALT_CERT_CHAINS
if (ret != 0 && args->dCert->isCA) {
/* do not add to certificate manager */
skipAddCA = 1;
}
#endif
/* If valid CA then add to Certificate Manager */
if (ret == 0 && args->dCert->isCA &&
@@ -13745,13 +13750,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
}
/* Handle error codes */
ssl->error = ret; /* Report SSL error or clear error if
* callback overrides. */
if (ret != 0) {
if (!ssl->options.verifyNone) {
WOLFSSL_ERROR_VERBOSE(ret);
DoCertFatalAlert(ssl, ret);
}
ssl->error = ret; /* Report SSL error */
if (args->lastErr == 0) {
args->lastErr = ret; /* save error from last time */
ret = 0; /* reset error */