rottenwheel/monero
1
0
Fork 0
mirror of https://codeberg.org/anoncontributorxmr/monero.git synced 2024-11-23 11:23:26 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Only check top-level certificate against fingerprint list.

Browse Source 
This allows "chain" certificates to be used with the fingerprint
whitelist option. A user can get a system-ca signature as backup while
clients explicitly whitelist the server certificate. The user specified
CA can also be combined with fingerprint whitelisting.
This commit is contained in:
Lee Clagett 2019-04-04 01:48:55 -04:00
parent 7c388fb358
commit 97cd1fa98d
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
contrib/epee/src/net_ssl.cpp
View File

@ -285,8 +285,10 @@ bool ssl_options_t::has_fingerprint(boost::asio::ssl::verify_context &ctx) const
MERROR("Error getting verify_context handle"); MERROR("Error getting verify_context handle");
return false; return false;
} }
X509 *cert =X509_STORE_CTX_get_current_cert(sctx);
if (!cert) X509* cert = nullptr;
const STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(sctx);
if (!chain || sk_X509_num(chain) < 1 || !(cert = sk_X509_value(chain, 0)))
{ {
MERROR("No certificate found in verify_context"); MERROR("No certificate found in verify_context");
return false; return false;