mirror of https://github.com/wolfSSL/wolfssl.git
build condition for SendAlerts and fix free of x509 store
Jacob Barthelmeh
parent
025ba1445e
commit
be98e3e7f3
|
|
@ -8439,10 +8439,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||
wolfSSL_sk_X509_free(store->chain);
|
||||
store->chain = NULL;
|
||||
#endif
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509);
|
||||
XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE);
|
||||
#endif
|
||||
#ifdef SESSION_CERTS
|
||||
if (store->discardSessionCerts) {
|
||||
WOLFSSL_MSG("Verify callback requested discard sess certs");
|
||||
|
|
@ -8452,6 +8448,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||
#endif
|
||||
}
|
||||
#endif /* SESSION_CERTS */
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509);
|
||||
XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE);
|
||||
#endif
|
||||
}
|
||||
if (ret != 0) {
|
||||
SendAlert(ssl, alert_fatal, why); /* try to send */
|
||||
|
|
@ -8525,10 +8525,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||
wolfSSL_sk_X509_free(store->chain);
|
||||
store->chain = NULL;
|
||||
#endif
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE);
|
||||
XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509);
|
||||
#endif
|
||||
#ifdef SESSION_CERTS
|
||||
if (store->discardSessionCerts) {
|
||||
WOLFSSL_MSG("Verify callback requested discard sess certs");
|
||||
|
|
@ -8538,6 +8534,10 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||
#endif
|
||||
}
|
||||
#endif /* SESSION_CERTS */
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE);
|
||||
XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
#endif /* WOLFSSL_ALWAYS_VERIFY_CB */
|
||||
|
|
@ -8614,8 +8614,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||
}
|
||||
else if (ret == ASN_PARSE_E || ret == BUFFER_E) {
|
||||
WOLFSSL_MSG("Got Peer cert ASN PARSE or BUFFER ERROR");
|
||||
SendAlert(ssl, alert_fatal, bad_certificate);
|
||||
#ifdef OPENSSL_EXTRA
|
||||
SendAlert(ssl, alert_fatal, bad_certificate);
|
||||
ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
|
||||
#endif
|
||||
args->fatal = 1;
|
||||
|
|
@ -8632,10 +8632,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||
}
|
||||
else {
|
||||
WOLFSSL_MSG("\tNo callback override available, fatal");
|
||||
SendAlert(ssl, alert_fatal, bad_certificate);
|
||||
args->fatal = 1;
|
||||
#ifdef OPENSSL_EXTRA
|
||||
SendAlert(ssl, alert_fatal, bad_certificate);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef HAVE_SECURE_RENEGOTIATION
|
||||
if (args->fatal == 0 && ssl->secure_renegotiation
|
||||
&& ssl->secure_renegotiation->enabled) {
|
||||
|
|
@ -8805,8 +8808,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
|||
|
||||
if (args->fatal) {
|
||||
ssl->error = ret;
|
||||
SendAlert(ssl, alert_fatal, bad_certificate);
|
||||
#ifdef OPENSSL_EXTRA
|
||||
SendAlert(ssl, alert_fatal, bad_certificate);
|
||||
ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
|
||||
#endif
|
||||
goto exit_ppc;
|
||||
|
|
|
|||
|
|
@ -343,7 +343,7 @@ typedef struct WOLFSSL_X509_STORE_CTX {
|
|||
void* ex_data; /* external data, for fortress build */
|
||||
void* userCtx; /* user ctx */
|
||||
int error; /* current error */
|
||||
int error_depth; /* cert depth for this error */
|
||||
int error_depth; /* index of cert depth for this error */
|
||||
int discardSessionCerts; /* so verify callback can flag for discard */
|
||||
int totalCerts; /* number of peer cert buffers */
|
||||
WOLFSSL_BUFFER_INFO* certs; /* peer certs */
|
||||
|
|
|
|||
Loading…
Reference in New Issue