abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-30 22:44:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update TLCP client

Browse Source 
set optional CA certs and client keys
tlcp_client can correctly connect  https://ebssec.boc.cn, https://zffw.jxzwfww.gov.cn

Bugs:
send, recv return value.
handle input when connected.
This commit is contained in:
Zhi Guan
2022-07-26 22:36:33 +08:00
parent 43bec77d15
commit bb1dea9160
4 changed files with 28 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/tlcp.c
View File

@@ -296,11 +296,15 @@ int tlcp_do_connect(TLS_CONNECT *conn)
sm2_sign_update(&sign_ctx, record + 5, recordlen - 5);
// verify ServerCertificate
if (x509_certs_verify_tlcp(conn->server_certs, conn->server_certs_len,
conn->ca_certs, conn->ca_certs_len, depth, &verify_result) != 1) {
error_print();
tls_send_alert(conn, alert);
goto end;
if (conn->ca_certs_len) {
// 只有提供了CA证书才验证服务器证书链
// FIXME: 逻辑需要再检查
if (x509_certs_verify_tlcp(conn->server_certs, conn->server_certs_len,
conn->ca_certs, conn->ca_certs_len, depth, &verify_result) != 1) {
error_print();
tls_send_alert(conn, alert);
goto end;
}
}
// recv ServerKeyExchange