add option to always call verify callback with CYASSL_ALWAYS_VERIFY_CB
This commit is contained in:
parent
0126a39d68
commit
dba488ba70
@ -181,7 +181,7 @@ AC_ARG_ENABLE([fortress],
|
||||
|
||||
if test "$ENABLED_FORTRESS" = "yes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD -DCYASSL_SHA512 -DCYASSL_SHA384 -DCYASSL_KEY_GEN"
|
||||
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DCYASSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD -DCYASSL_SHA512 -DCYASSL_SHA384 -DCYASSL_KEY_GEN"
|
||||
fi
|
||||
|
||||
|
||||
|
@ -863,6 +863,7 @@ static INLINE unsigned int my_psk_server_cb(CYASSL* ssl, const char* identity,
|
||||
|
||||
static INLINE int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
|
||||
{
|
||||
(void)preverify;
|
||||
char buffer[CYASSL_MAX_ERROR_SZ];
|
||||
|
||||
#ifdef OPENSSL_EXTRA
|
||||
|
@ -3391,7 +3391,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
||||
}
|
||||
ssl->error = ret;
|
||||
}
|
||||
#ifdef FORTRESS
|
||||
#ifdef CYASSL_ALWAYS_VERIFY_CB
|
||||
else {
|
||||
if (ssl->verifyCallback) {
|
||||
int ok;
|
||||
@ -3402,7 +3402,9 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
|
||||
store.discardSessionCerts = 0;
|
||||
store.domain = domain;
|
||||
store.userCtx = ssl->verifyCbCtx;
|
||||
#ifdef KEEP_PEER_CERT
|
||||
store.current_cert = &ssl->peerCert;
|
||||
#endif
|
||||
store.ex_data = ssl;
|
||||
|
||||
ok = ssl->verifyCallback(1, &store);
|
||||
|
Loading…
Reference in New Issue
Block a user