From dabb8058c4aee2bc6f316bc9e215dfa932324821 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Mon, 11 Nov 2013 11:19:35 -0800 Subject: [PATCH] 1. Updated README Note 2. The error code described for no signer errors is -188. (The error code -155 is for the signature confirmation failing.) 2. Fixed bug in copying the signature from a DecodedCert to a CYASSL_X509 record. --- README | 8 ++++---- src/internal.c | 3 +-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/README b/README index 8f4e61ee8..98a59480d 100644 --- a/README +++ b/README @@ -23,10 +23,10 @@ beginning of the note and specify the full path. Note 2) CyaSSL takes a different approach to certificate verification than OpenSSL does. The default policy for the client is to verify the server, this means that if -you don't load CAs to verify the server you'll get a connect error, unable to -verify (-155). It you want to mimic OpenSSL behavior of having SSL_connect -succeed even if verifying the server fails and reducing security you can do -this by calling: +you don't load CAs to verify the server you'll get a connect error, no signer +error to confirm failure (-188). If you want to mimic OpenSSL behavior of +having SSL_connect succeed even if verifying the server fails and reducing +security you can do this by calling: SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); diff --git a/src/internal.c b/src/internal.c index 82801139d..b9af086bc 100644 --- a/src/internal.c +++ b/src/internal.c @@ -3136,8 +3136,7 @@ int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert) ret = MEMORY_E; } else { - XMEMCPY(x509->sig.buffer, - &dCert->source[dCert->sigIndex], dCert->sigLength); + XMEMCPY(x509->sig.buffer, dCert->signature, dCert->sigLength); x509->sig.length = dCert->sigLength; x509->sigOID = dCert->signatureOID; }