abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-30 01:33:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update x509_certs_verify to check crl

Browse Source
This commit is contained in:
Zhi Guan
2026-06-19 11:41:55 +08:00
parent 61f621d404
commit 12aeed4986
9 changed files with 144 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/tls12.c
View File

@@ -1285,7 +1285,8 @@ int tls_recv_server_certificate(TLS_CONNECT *conn)
// verify server Certificate
if (conn->ctx->cacertslen) {
if (x509_certs_verify(conn->peer_cert_chain, conn->peer_cert_chain_len, X509_cert_chain_server,
conn->ctx->cacerts, conn->ctx->cacertslen, conn->ctx->verify_depth, &verify_result) != 1) {
conn->ctx->cacerts, conn->ctx->cacertslen, NULL, 0,
conn->ctx->verify_depth, &verify_result) != 1) {
error_print();
conn->verify_result = verify_result;
tls_send_alert(conn, TLS_alert_bad_certificate);
@@ -2584,7 +2585,8 @@ int tls_recv_client_certificate(TLS_CONNECT *conn)
return -1;
}
if (x509_certs_verify(conn->client_certs, conn->client_certs_len, X509_cert_chain_client,
conn->ctx->cacerts, conn->ctx->cacertslen, verify_depth, &verify_result) != 1) {
conn->ctx->cacerts, conn->ctx->cacertslen, NULL, 0,
verify_depth, &verify_result) != 1) {
error_print();
tls_send_alert(conn, TLS_alert_bad_certificate);
return -1;