mirror/ULib
1
0
Fork 0
mirror of https://github.com/stefanocasazza/ULib.git synced 2025-09-28 19:05:55 +08:00
Code Issues Releases Wiki Activity

Update sslsocket.cpp

Browse Source
This commit is contained in:
Victor Stewart 2020-03-29 00:31:50 -04:00 committed by GitHub
parent ffb657b164
commit 4d08ac49b7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/ulib/ssl/net/sslsocket.cpp
View File

@ -668,28 +668,26 @@ bool USSLSocket::setContext(const char* dh_file, const char* cert_file, const ch
{
U_SYSCALL_VOID(SSL_CTX_set_cert_verify_callback, "%p,%p,%p", ctx, USSLSocket::SPKIPinVerification, UServer_Base::tls_pin);
}
else
{
if (CAfile && *CAfile == '\0') CAfile = U_NULLPTR;
if (CApath && *CApath == '\0') CApath = U_NULLPTR;
if (CAfile && *CAfile == '\0') CAfile = U_NULLPTR;
if (CApath && *CApath == '\0') CApath = U_NULLPTR;
if (CAfile ||
CApath)
{
if (UServices::setupOpenSSLStore(CAfile, CApath, (verify_mode ? U_STORE_FLAGS : 0)) == false) U_RETURN(false);
if (CAfile ||
CApath)
{
if (UServices::setupOpenSSLStore(CAfile, CApath, (verify_mode ? U_STORE_FLAGS : 0)) == false) U_RETURN(false);
U_SYSCALL_VOID(SSL_CTX_set_cert_store, "%p,%p", ctx, UServices::store);
U_SYSCALL_VOID(SSL_CTX_set_cert_store, "%p,%p", ctx, UServices::store);
// Sets the list of CA sent to the client when requesting a client certificate for ctx
// Sets the list of CA sent to the client when requesting a client certificate for ctx
if (CAfile) // Process CA certificate bundle file
{
STACK_OF(X509_NAME)* list = (STACK_OF(X509_NAME)*) U_SYSCALL(SSL_load_client_CA_file, "%S", CAfile);
if (CAfile) // Process CA certificate bundle file
{
STACK_OF(X509_NAME)* list = (STACK_OF(X509_NAME)*) U_SYSCALL(SSL_load_client_CA_file, "%S", CAfile);
U_SYSCALL_VOID(SSL_CTX_set_client_CA_list, "%p,%p", ctx, list);
}
}
}
U_SYSCALL_VOID(SSL_CTX_set_client_CA_list, "%p,%p", ctx, list);
}
}
setVerifyCallback(UServices::X509Callback, verify_mode);
@ -1090,10 +1088,14 @@ int USSLSocket::SPKIPinVerification(X509_STORE_CTX* context, void *arg)
OPENSSL_free(pkey_buf);
if (result) return true;
if (result) goto verifyTheChain;
}
return result;
return false;
verifyTheChain:
return X509_verify_cert(context);
}
// server side RE-NEGOTIATE asking for client cert