mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix crl problem error out if verify peer disabled

This commit is contained in:
toddouska 2014-07-03 12:13:41 -07:00
parent 2d63c559cc
commit 8a3b3b03d2
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/internal.c
View File

@ -4161,8 +4161,6 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx,
if (anyError != 0 && ret == 0)
ret = anyError;
if (ret == 0 && ssl->options.side == CYASSL_CLIENT_END)
ssl->options.serverState = SERVER_CERT_COMPLETE;
if (ret != 0) {
if (!ssl->options.verifyNone) {
@ -4238,6 +4236,15 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx,
}
#endif
if (ssl->options.verifyNone &&
(ret == CRL_MISSING || ret == CRL_CERT_REVOKED)) {
CYASSL_MSG("Ignoring CRL problem based on verify setting");
ret = ssl->error = 0;
}
if (ret == 0 && ssl->options.side == CYASSL_CLIENT_END)
ssl->options.serverState = SERVER_CERT_COMPLETE;
return ret;
}