abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-30 17:53:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update x509_certs_verify to check crl

Browse Source
This commit is contained in:
Zhi Guan
2026-06-19 11:41:55 +08:00
parent 61f621d404
commit 12aeed4986
9 changed files with 144 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/tls13.c
View File

@@ -6261,6 +6261,7 @@ int tls13_recv_server_certificate(TLS_CONNECT *conn)
if (x509_certs_verify(
conn->peer_cert_chain, conn->peer_cert_chain_len, X509_cert_chain_server,
conn->ctx->cacerts, conn->ctx->cacertslen,
NULL, 0,
conn->ctx->verify_depth, &verify_result) != 1) {
error_print();
tls13_send_alert(conn, TLS_alert_bad_certificate);
@@ -8619,6 +8620,7 @@ int tls13_recv_client_certificate(TLS_CONNECT *conn)
// verify client cert_chain
if (x509_certs_verify(conn->peer_cert_chain, conn->peer_cert_chain_len, X509_cert_chain_client,
conn->ctx->cacerts, conn->ctx->cacertslen,
NULL, 0,
conn->ctx->verify_depth, &verify_result) != 1) {
error_print();
tls13_send_alert(conn, TLS_alert_bad_certificate);