mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-18 21:28:02 +00:00
wolfssl: fix API breakage of SSL_get_verify_result
Backport fix for API breakage of SSL_get_verify_result() introduced in v5.1.1-stable. In v4.8.1-stable SSL_get_verify_result() used to return X509_V_OK when used on LE powered sites or other sites utilizing relaxed/alternative cert chain validation feature. After an update to v5.1.1-stable that API calls started returning X509_V_ERR_INVALID_CA error and thus rendered all such connection attempts imposible: $ docker run -it openwrt/rootfs:x86_64-21.02.2 sh -c "wget https://letsencrypt.org" Downloading 'https://letsencrypt.org' Connecting to 18.159.128.50:443 Connection error: Invalid SSL certificate Fixes: #9283 References: https://github.com/wolfSSL/wolfssl/issues/4879 Signed-off-by: Petr Štetiar <ynezz@true.cz>
This commit is contained in:
parent
9e6a71e86d
commit
b9251e3b40
@ -0,0 +1,26 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
|
||||
Date: Sat, 12 Feb 2022 00:34:24 +0100
|
||||
Subject: [PATCH] Reported in ZD13631
|
||||
|
||||
`ssl->peerVerifyRet` wasn't being cleared when retrying with an alternative cert chain
|
||||
|
||||
References: https://github.com/wolfSSL/wolfssl/issues/4879
|
||||
---
|
||||
src/internal.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/internal.c b/src/internal.c
|
||||
index 0dded42a76c4..f5814d30607c 100644
|
||||
--- a/src/internal.c
|
||||
+++ b/src/internal.c
|
||||
@@ -12372,6 +12372,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
}
|
||||
|
||||
ret = 0; /* clear errors and continue */
|
||||
+ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
+ ssl->peerVerifyRet = 0;
|
||||
+ #endif
|
||||
args->verifyErr = 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user