TSG-3438 中间证书缓存判定条件不完善
This commit is contained in:
luwenpeng
@@ -333,6 +333,7 @@ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
|
|||||||
ret=1; //host match is verfied via X509_check_host
|
ret=1; //host match is verfied via X509_check_host
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
param->real_untrust |= 0x10;
|
||||||
ret=0;
|
ret=0;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -416,15 +417,16 @@ int ssl_trusted_cert_storage_verify_conn(struct ssl_trusted_cert_storage* storag
|
|||||||
}
|
}
|
||||||
|
|
||||||
TFE_LOG_DEBUG(g_default_logger,
|
TFE_LOG_DEBUG(g_default_logger,
|
||||||
"sni:%s, cet_real_untrust:%d, verify_host_fail:%d, verify_issure_fail:%d, verify_self_signed_fail:%d, verify_expiry_date_fail:%d",
|
"sni:%s, cet_real_untrust:%d, verify_host_fail:%d, verify_issure_fail:%d, verify_self_signed_fail:%d, verify_expiry_date_fail:%d, verify_other_fail:%d",
|
||||||
(hostname ? hostname : "NULL"),
|
(hostname ? hostname : "NULL"),
|
||||||
((param->real_untrust & 0x0f) ? 1 : 0),
|
((param->real_untrust & 0xff) ? 1 : 0),
|
||||||
((param->real_untrust & 0x01) ? 1 : 0),
|
((param->real_untrust & 0x01) ? 1 : 0),
|
||||||
((param->real_untrust & 0x02) ? 1 : 0),
|
((param->real_untrust & 0x02) ? 1 : 0),
|
||||||
((param->real_untrust & 0x04) ? 1 : 0),
|
((param->real_untrust & 0x04) ? 1 : 0),
|
||||||
((param->real_untrust & 0x08) ? 1 : 0));
|
((param->real_untrust & 0x08) ? 1 : 0),
|
||||||
|
((param->real_untrust & 0x10) ? 1 : 0));
|
||||||
|
|
||||||
// case cert verify success
|
// case cert verify success
|
||||||
if (param->real_untrust == 0) {
|
if (param->real_untrust == 0) {
|
||||||
ssl_fetch_trusted_cert_from_chain(cert_chain, storage->effective_store, hostname);
|
ssl_fetch_trusted_cert_from_chain(cert_chain, storage->effective_store, hostname);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user