projects
/
platform
/
upstream
/
freerdp.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
5a1167f
)
Abort on first possible certificate validation error
author
akallabeth
<akallabeth@posteo.net>
Wed, 20 May 2020 11:45:57 +0000
(13:45 +0200)
committer
akallabeth
<akallabeth@posteo.net>
Wed, 20 May 2020 13:41:24 +0000
(15:41 +0200)
Only retry certificate validation if the purpose was wrong.
(cherry picked from commit
de619e9964684eced5fb3108de81440b979aace0
)
libfreerdp/crypto/crypto.c
patch
|
blob
|
history
diff --git
a/libfreerdp/crypto/crypto.c
b/libfreerdp/crypto/crypto.c
index
636ac1f
..
8414683
100644
(file)
--- a/
libfreerdp/crypto/crypto.c
+++ b/
libfreerdp/crypto/crypto.c
@@
-856,7
+856,7
@@
BOOL x509_verify_certificate(CryptoCert cert, const char* certificate_store_path
for (i = 0; i < ARRAYSIZE(purposes); i++)
{
- int rc = -1;
+ int
err = -1,
rc = -1;
int purpose = purposes[i];
csc = X509_STORE_CTX_new();
@@
-869,6
+869,7
@@
BOOL x509_verify_certificate(CryptoCert cert, const char* certificate_store_path
X509_STORE_CTX_set_verify_cb(csc, verify_cb);
rc = X509_verify_cert(csc);
+ err = X509_STORE_CTX_get_error(csc);
skip:
X509_STORE_CTX_free(csc);
if (rc == 1)
@@
-876,6
+877,8
@@
BOOL x509_verify_certificate(CryptoCert cert, const char* certificate_store_path
status = TRUE;
break;
}
+ else if (err != X509_V_ERR_INVALID_PURPOSE)
+ break;
}
X509_STORE_free(cert_ctx);