add option to always call verify callback with CYASSL_ALWAYS_VERIFY_CB

This commit is contained in:
Chris Conlon 2013-10-14 15:04:26 -06:00
parent 0126a39d68
commit dba488ba70
3 changed files with 5 additions and 2 deletions

View File

@ -181,7 +181,7 @@ AC_ARG_ENABLE([fortress],
if test "$ENABLED_FORTRESS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD -DCYASSL_SHA512 -DCYASSL_SHA384 -DCYASSL_KEY_GEN"
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DCYASSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DCYASSL_DES_ECB -DCYASSL_AES_COUNTER -DCYASSL_AES_DIRECT -DCYASSL_DER_LOAD -DCYASSL_SHA512 -DCYASSL_SHA384 -DCYASSL_KEY_GEN"
fi

View File

@ -863,6 +863,7 @@ static INLINE unsigned int my_psk_server_cb(CYASSL* ssl, const char* identity,
static INLINE int myVerify(int preverify, CYASSL_X509_STORE_CTX* store)
{
(void)preverify;
char buffer[CYASSL_MAX_ERROR_SZ];
#ifdef OPENSSL_EXTRA

View File

@ -3391,7 +3391,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
}
ssl->error = ret;
}
#ifdef FORTRESS
#ifdef CYASSL_ALWAYS_VERIFY_CB
else {
if (ssl->verifyCallback) {
int ok;
@ -3402,7 +3402,9 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
store.discardSessionCerts = 0;
store.domain = domain;
store.userCtx = ssl->verifyCbCtx;
#ifdef KEEP_PEER_CERT
store.current_cert = &ssl->peerCert;
#endif
store.ex_data = ssl;
ok = ssl->verifyCallback(1, &store);