From 8d9dc3d79f8a305adc45f15dd9136296ec23e7f4 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sat, 14 Oct 2023 13:15:00 +0900 Subject: [PATCH 1/2] skip DATE if flags is set when calling AddTrustedPeer --- src/ssl.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 04bb5a6fc1..cff4aa05ec 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7230,10 +7230,10 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, else if (type == TRUSTED_PEER_TYPE) { /* add trusted peer cert. der is freed within */ if (ctx != NULL) - ret = AddTrustedPeer(ctx->cm, &der, !ctx->verifyNone); + ret = AddTrustedPeer(ctx->cm, &der, verify); else { SSL_CM_WARNING(ssl); - ret = AddTrustedPeer(SSL_CM(ssl), &der, !ssl->options.verifyNone); + ret = AddTrustedPeer(SSL_CM(ssl), &der, verify); } if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error adding trusted peer"); @@ -15640,13 +15640,19 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (sz < 0 || in == NULL || ctx == NULL) { return BAD_FUNC_ARG; } + int verify; + + verify = GET_VERIFY_SETTING_CTX(ctx); + if (WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) + verify = VERIFY_SKIP_DATE; if (format == WOLFSSL_FILETYPE_PEM) return ProcessChainBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE, - NULL, GET_VERIFY_SETTING_CTX(ctx)); + NULL, verify); else return ProcessBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE, NULL, - NULL, 0, GET_VERIFY_SETTING_CTX(ctx)); + NULL, 0, verify); } #endif /* WOLFSSL_TRUST_PEER_CERT */ From 49121b5c47d346c7c0458088932b004828e283d1 Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Fri, 3 Nov 2023 11:45:33 +0900 Subject: [PATCH 2/2] move declaration to the top of func --- src/ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index cff4aa05ec..a27fe025fb 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15634,13 +15634,13 @@ int wolfSSL_set_compression(WOLFSSL* ssl) const unsigned char* in, long sz, int format) { + int verify; WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_buffer"); /* sanity check on arguments */ if (sz < 0 || in == NULL || ctx == NULL) { return BAD_FUNC_ARG; } - int verify; verify = GET_VERIFY_SETTING_CTX(ctx); if (WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS &