mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2024-11-23 01:49:53 +03:00
Mayaqua/Network.c: Fix EAP-TLS chain certificate verification
This commit is contained in:
parent
43a80702a9
commit
65bcbc8db3
@ -5670,7 +5670,7 @@ int SslCertVerifyCallback(int preverify_ok, X509_STORE_CTX *ctx)
|
|||||||
StrCpy(clientcert->PreverifyErrMessage, PREVERIFY_ERR_MESSAGE_SIZE, (char *)msg);
|
StrCpy(clientcert->PreverifyErrMessage, PREVERIFY_ERR_MESSAGE_SIZE, (char *)msg);
|
||||||
Debug("SslCertVerifyCallback preverify error: '%s'\n", msg);
|
Debug("SslCertVerifyCallback preverify error: '%s'\n", msg);
|
||||||
}
|
}
|
||||||
else
|
else if (X509_STORE_CTX_get_error_depth(ctx) == 0)
|
||||||
{
|
{
|
||||||
cert = X509_STORE_CTX_get0_cert(ctx);
|
cert = X509_STORE_CTX_get0_cert(ctx);
|
||||||
if (cert != NULL)
|
if (cert != NULL)
|
||||||
@ -5736,6 +5736,13 @@ SSL_PIPE *NewSslPipeEx(bool server_mode, X *x, K *k, DH_CTX *dh, bool verify_pee
|
|||||||
if (verify_peer)
|
if (verify_peer)
|
||||||
{
|
{
|
||||||
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, SslCertVerifyCallback);
|
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, SslCertVerifyCallback);
|
||||||
|
|
||||||
|
if (server_mode)
|
||||||
|
{
|
||||||
|
// Allow incomplete client trust chain
|
||||||
|
X509_VERIFY_PARAM *vpm = SSL_CTX_get0_param(ssl_ctx);
|
||||||
|
X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (dh != NULL)
|
if (dh != NULL)
|
||||||
@ -11610,16 +11617,7 @@ bool AddChainSslCert(struct ssl_ctx_st *ctx, X *x)
|
|||||||
|
|
||||||
if (x_copy != NULL)
|
if (x_copy != NULL)
|
||||||
{
|
{
|
||||||
if (x_copy->root_cert)
|
SSL_CTX_add_extra_chain_cert(ctx, x_copy->x509);
|
||||||
{
|
|
||||||
X509_STORE *store = SSL_CTX_get_cert_store(ctx);
|
|
||||||
X509_STORE_add_cert(store, x_copy->x509);
|
|
||||||
X509_free(x_copy->x509);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SSL_CTX_add_extra_chain_cert(ctx, x_copy->x509);
|
|
||||||
}
|
|
||||||
x_copy->do_not_free = true;
|
x_copy->do_not_free = true;
|
||||||
|
|
||||||
ret = true;
|
ret = true;
|
||||||
|
Loading…
Reference in New Issue
Block a user