- Information about missing or non-verified client certificate is not provided as well.
This commit is contained in:
parent
9fc4659b30
commit
cdf07e9979
@ -85,12 +85,14 @@
|
||||
* \name X509 Verify codes
|
||||
* \{
|
||||
*/
|
||||
#define BADCERT_EXPIRED 1 /**< The certificate validity has expired. */
|
||||
#define BADCERT_REVOKED 2 /**< The certificate has been revoked (is on a CRL). */
|
||||
#define BADCERT_CN_MISMATCH 4 /**< The certificate Common Name (CN) does not match with the expected CN. */
|
||||
#define BADCERT_NOT_TRUSTED 8 /**< The certificate is not correctly signed by the trusted CA. */
|
||||
#define BADCRL_NOT_TRUSTED 16 /**< CRL is not correctly signed by the trusted CA. */
|
||||
#define BADCRL_EXPIRED 32 /**< CRL is expired. */
|
||||
#define BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */
|
||||
#define BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */
|
||||
#define BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */
|
||||
#define BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */
|
||||
#define BADCRL_NOT_TRUSTED 0x10 /**< CRL is not correctly signed by the trusted CA. */
|
||||
#define BADCRL_EXPIRED 0x20 /**< CRL is expired. */
|
||||
#define BADCERT_MISSING 0x40 /**< Certificate was missing. */
|
||||
#define BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */
|
||||
/* \} name */
|
||||
|
||||
|
||||
|
@ -1280,6 +1280,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||
if( ssl->endpoint == SSL_IS_SERVER &&
|
||||
ssl->authmode == SSL_VERIFY_NONE )
|
||||
{
|
||||
ssl->verify_result = BADCERT_SKIP_VERIFY;
|
||||
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
|
||||
ssl->state++;
|
||||
return( 0 );
|
||||
@ -1306,6 +1307,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
|
||||
|
||||
ssl->verify_result = BADCERT_MISSING;
|
||||
if( ssl->authmode == SSL_VERIFY_OPTIONAL )
|
||||
return( 0 );
|
||||
else
|
||||
@ -1323,6 +1325,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
|
||||
|
||||
ssl->verify_result = BADCERT_MISSING;
|
||||
if( ssl->authmode == SSL_VERIFY_REQUIRED )
|
||||
return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
|
||||
else
|
||||
|
Loading…
Reference in New Issue
Block a user