mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-24 17:38:10 +00:00
Fix an x509 compatibility issue
Certificates with unsupported algorithms in the certificate chain prevented verification even if a certificate before the unsupported ones was already trusted. We change the behaviour to ignoring every certificate with unknown (unsupported) signature algorithm oid when parsing the certificate chain received from the peer.
This commit is contained in:
parent
9fe6f92561
commit
23bdca0d63
1 changed files with 2 additions and 3 deletions
|
@ -49,8 +49,7 @@
|
|||
|
||||
#include <string.h>
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
||||
defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#include "mbedtls/oid.h"
|
||||
#endif
|
||||
|
||||
|
@ -4347,7 +4346,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
|||
|
||||
ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert,
|
||||
ssl->in_msg + i, n );
|
||||
if( ret != 0 )
|
||||
if( 0 != ret && ( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND ) != ret )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, " mbedtls_x509_crt_parse_der", ret );
|
||||
return( ret );
|
||||
|
|
Loading…
Reference in a new issue