TSG-700 修改中间证书可信的判断依据(之前:仅验证界面配置的校验项，通过则认为中间证书可信，当校验选项较少时，会误缓存不可信的中间证书；现在:所有校验选项全开启且校验通过才认为中间证书可信，才会缓存)

2020-01-16 18:52:58 +08:00
parent 92060eeaab
commit adda5eca92
1 changed files with 5 additions and 1 deletions
--- a/platform/src/ssl_trusted_cert_storage.cpp
+++ b/platform/src/ssl_trusted_cert_storage.cpp
@@ -403,7 +403,11 @@ int ssl_trusted_cert_storage_verify_conn(struct ssl_trusted_cert_storage* storag
 	}

 	// case cert verify success
-	if (ret == 1) {
+	if (!param->no_verify_self_signed &&
+		!param->no_verify_cn &&
+		!param->no_verify_issuer &&
+		!param->no_verify_expiry_date &&
+		ret == 1) {
 		ssl_fetch_trusted_cert_from_chain(cert_chain, storage->effective_store, hostname);
 	}