Abort on first possible certificate validation error
Only retry certificate validation if the purpose was wrong.
(cherry picked from commit de619e9964)
This commit is contained in:
akallabeth
parent
5a1167f7e3
commit
f975fe2746
@ -856,7 +856,7 @@ BOOL x509_verify_certificate(CryptoCert cert, const char* certificate_store_path
|
|||||||
|
|
||||||
for (i = 0; i < ARRAYSIZE(purposes); i++)
|
for (i = 0; i < ARRAYSIZE(purposes); i++)
|
||||||
{
|
{
|
||||||
int rc = -1;
|
int err = -1, rc = -1;
|
||||||
int purpose = purposes[i];
|
int purpose = purposes[i];
|
||||||
csc = X509_STORE_CTX_new();
|
csc = X509_STORE_CTX_new();
|
||||||
|
|
||||||
@ -869,6 +869,7 @@ BOOL x509_verify_certificate(CryptoCert cert, const char* certificate_store_path
|
|||||||
X509_STORE_CTX_set_verify_cb(csc, verify_cb);
|
X509_STORE_CTX_set_verify_cb(csc, verify_cb);
|
||||||
|
|
||||||
rc = X509_verify_cert(csc);
|
rc = X509_verify_cert(csc);
|
||||||
|
err = X509_STORE_CTX_get_error(csc);
|
||||||
skip:
|
skip:
|
||||||
X509_STORE_CTX_free(csc);
|
X509_STORE_CTX_free(csc);
|
||||||
if (rc == 1)
|
if (rc == 1)
|
||||||
@ -876,6 +877,8 @@ BOOL x509_verify_certificate(CryptoCert cert, const char* certificate_store_path
|
|||||||
status = TRUE;
|
status = TRUE;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
else if (err != X509_V_ERR_INVALID_PURPOSE)
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
X509_STORE_free(cert_ctx);
|
X509_STORE_free(cert_ctx);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user