TSG-4471 将 self signed certificate in certificate chain 状态的证书判断为 invalid issuer

2020-12-14 17:06:07 +06:00
parent 47a572bda3
commit 5bf7f2f298
1 changed files with 1 additions and 1 deletions
--- a/platform/src/ssl_trusted_cert_storage.cpp
+++ b/platform/src/ssl_trusted_cert_storage.cpp
@@ -355,6 +355,7 @@ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 	param = (struct cert_verify_param*)X509_STORE_CTX_get_ex_data(ctx, SSL_EX_DATA_IDX_VERIFY_PARAM);
 	switch(err)
 	{
+		case	X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
 		case	X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
 		case	X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
 			if(param->no_verify_issuer)
@@ -363,7 +364,6 @@ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 			}
 			param->real_untrust |= 0x02;
 			break;
-		case	X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
 		case	X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
 			if(param->no_verify_self_signed)
 			{