TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-03-20 19:21:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Set verify_result to failure by default

Browse Source 
At initialization, set the verify_result field of the ssl session to
MBEDTLS_X509_VERIFY_NOT_STARTED, rather than 0 as it is by default
currently. This prevents mbedtls_ssl_get_verify_result() from indicating
that certificate verification has passed if it is called prior to the
handshake happening.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
This commit is contained in:
David Horstmann
2025-09-03 11:21:00 +01:00
parent 6966659a31
commit 710aaa7ae7
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
library/ssl_tls.c
View File

@@ -1048,6 +1048,8 @@ void mbedtls_ssl_transform_init(mbedtls_ssl_transform *transform)
void mbedtls_ssl_session_init(mbedtls_ssl_session *session)
{
memset(session, 0, sizeof(mbedtls_ssl_session));
/* Set verify_result to indicate failure by default. */
session->verify_result = MBEDTLS_X509_VERIFY_NOT_STARTED;
}
MBEDTLS_CHECK_RETURN_CRITICAL