gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-700 修改中间证书可信的判断依据(之前:仅验证界面配置的校验项,通过则认为中间证书可信,当校验选项较少时,会误缓存不可信的中间证书;现在:所有校验选项全开启且校验通过才认为中间证书可信,才会缓存)

Browse Source
This commit is contained in:
luwenpeng
2020-01-16 18:52:58 +08:00
parent 92060eeaab
commit adda5eca92
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
platform/src/ssl_trusted_cert_storage.cpp
View File

@@ -403,7 +403,11 @@ int ssl_trusted_cert_storage_verify_conn(struct ssl_trusted_cert_storage* storag
} }
// case cert verify success // case cert verify success
if (ret == 1) { if (!param->no_verify_self_signed &&
!param->no_verify_cn &&
!param->no_verify_issuer &&
!param->no_verify_expiry_date &&
ret == 1) {
ssl_fetch_trusted_cert_from_chain(cert_chain, storage->effective_store, hostname); ssl_fetch_trusted_cert_from_chain(cert_chain, storage->effective_store, hostname);
} }