Check value returned by X509_OBJECT_new()
Reported by Alexander Couzens, thanks to him !
This commit is contained in:
parent
e452c023ad
commit
2e81cca480
|
@ -1374,30 +1374,33 @@ static int bip_ssl_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||||
err == X509_V_ERR_CERT_HAS_EXPIRED ||
|
err == X509_V_ERR_CERT_HAS_EXPIRED ||
|
||||||
err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)) {
|
err == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)) {
|
||||||
|
|
||||||
xobj = X509_OBJECT_new();
|
if (!(xobj = X509_OBJECT_new())) {
|
||||||
if (X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509,
|
result = 0;
|
||||||
X509_get_subject_name(err_cert), xobj) > 0 &&
|
|
||||||
!X509_cmp(X509_OBJECT_get0_X509(xobj), err_cert)) {
|
|
||||||
if (err == X509_V_ERR_CERT_HAS_EXPIRED)
|
|
||||||
mylog(LOG_INFO, "Basic mode; Accepting "
|
|
||||||
"*expired* peer certificate "
|
|
||||||
"found in store.");
|
|
||||||
else
|
|
||||||
mylog(LOG_INFO, "Basic mode; Accepting peer "
|
|
||||||
"certificate found in store.");
|
|
||||||
|
|
||||||
result = 1;
|
|
||||||
err = X509_V_OK;
|
|
||||||
X509_STORE_CTX_set_error(ctx, err);
|
|
||||||
} else {
|
} else {
|
||||||
mylog(LOG_INFO, "Basic mode; peer certificate NOT "
|
if (X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509,
|
||||||
"in store, rejecting it!");
|
X509_get_subject_name(err_cert), xobj) > 0 &&
|
||||||
err = X509_V_ERR_CERT_REJECTED;
|
!X509_cmp(X509_OBJECT_get0_X509(xobj), err_cert)) {
|
||||||
X509_STORE_CTX_set_error(ctx, err);
|
if (err == X509_V_ERR_CERT_HAS_EXPIRED)
|
||||||
|
mylog(LOG_INFO, "Basic mode; Accepting "
|
||||||
|
"*expired* peer certificate "
|
||||||
|
"found in store.");
|
||||||
|
else
|
||||||
|
mylog(LOG_INFO, "Basic mode; Accepting peer "
|
||||||
|
"certificate found in store.");
|
||||||
|
|
||||||
link_add_untrusted(c->user_data, X509_dup(err_cert));
|
result = 1;
|
||||||
|
err = X509_V_OK;
|
||||||
|
X509_STORE_CTX_set_error(ctx, err);
|
||||||
|
} else {
|
||||||
|
mylog(LOG_INFO, "Basic mode; peer certificate NOT "
|
||||||
|
"in store, rejecting it!");
|
||||||
|
err = X509_V_ERR_CERT_REJECTED;
|
||||||
|
X509_STORE_CTX_set_error(ctx, err);
|
||||||
|
|
||||||
|
link_add_untrusted(c->user_data, X509_dup(err_cert));
|
||||||
|
}
|
||||||
|
X509_OBJECT_free(xobj);
|
||||||
}
|
}
|
||||||
X509_OBJECT_free(xobj);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!result) {
|
if (!result) {
|
||||||
|
|
Loading…
Reference in New Issue