add discardSessionCerts flag for verify callback

This commit is contained in:
toddouska 2013-04-18 09:11:35 -07:00
parent 71a1abebf5
commit 729fc1e603
2 changed files with 17 additions and 4 deletions

View File

@ -134,14 +134,13 @@ typedef struct CYASSL_X509_OBJECT {
} CYASSL_X509_OBJECT;
/* in internal.h too, change there !! */
typedef struct CYASSL_X509_STORE_CTX {
int error;
int error_depth;
CYASSL_X509* current_cert; /* stunnel dereference */
char* domain; /* subject CN domain name */
void* ex_data; /* external data, for fortress build */
/* in internal.h too, change there !! */
int error; /* current error */
int error_depth; /* cert depth for this error */
int discardSessionCerts; /* so verify callback can flag for discard */
} CYASSL_X509_STORE_CTX;

View File

@ -3107,6 +3107,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
store.error = ret;
store.error_depth = totalCerts;
store.discardSessionCerts = 0;
store.domain = domain;
#ifdef KEEP_PEER_CERT
store.current_cert = &ssl->peerCert;
@ -3121,6 +3122,12 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
CYASSL_MSG("Verify callback overriding error!");
ret = 0;
}
#ifdef SESSION_CERTS
if (store.discardSessionCerts) {
CYASSL_MSG("Verify callback requested discard sess certs");
ssl->session.chain.count = 0;
}
#endif
}
if (ret != 0) {
SendAlert(ssl, alert_fatal, why); /* try to send */
@ -3137,6 +3144,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
store.error = ret;
store.error_depth = totalCerts;
store.discardSessionCerts = 0;
store.domain = domain;
store.current_cert = &ssl->peerCert;
store.ex_data = ssl;
@ -3148,6 +3156,12 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
SendAlert(ssl, alert_fatal, bad_certificate);
ssl->options.isClosed = 1;
}
#ifdef SESSION_CERTS
if (store.discardSessionCerts) {
CYASSL_MSG("Verify callback requested discard sess certs");
ssl->session.chain.count = 0;
}
#endif
}
}
#endif