Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

ssl_pm_reload_crt() - Fix verify_mode checking to match openssl documentation https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_verify.html

Browse source 
Merges https://github.com/espressif/esp-idf/pull/2162
This commit is contained in:
Chris Morgan 2018-07-07 15:54:47 -04:00 committed by Ivan Grokhotkov
parent 7ccc28de6c
commit 3e1633354a
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
components/openssl/platform/ssl_pm.c
View file

@ -220,11 +220,11 @@ static int ssl_pm_reload_crt(SSL *ssl)
struct pkey_pm *pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
struct x509_pm *crt_pm = (struct x509_pm *)ssl->cert->x509->x509_pm;
if (ssl->verify_mode == SSL_VERIFY_PEER)
if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
mode = MBEDTLS_SSL_VERIFY_REQUIRED;
else if (ssl->verify_mode == SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
else if (ssl->verify_mode & SSL_VERIFY_PEER)
mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
else if (ssl->verify_mode == SSL_VERIFY_CLIENT_ONCE)
else if (ssl->verify_mode & SSL_VERIFY_CLIENT_ONCE)
mode = MBEDTLS_SSL_VERIFY_UNSET;
else
mode = MBEDTLS_SSL_VERIFY_NONE;