TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-09 11:14:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Set verify_result to 0 when not checking certs

Browse Source 
When we are using PSK or authmode is MBEDTLS_SSL_VERIFY_NONE, set
verify_result to 0 rather than MBEDTLS_X509_BADCERT_SKIP_VERIFY.

This is specific to the 3.6 LTS, to preserve the previous behaviour of
the library in these cases, which was determined by the default value
of verify_result being 0.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
This commit is contained in:
David Horstmann
2026-02-17 14:41:59 +00:00
parent c0faf73be6
commit d179019ec2
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
library/ssl_tls.c
View File

@@ -2288,8 +2288,8 @@ int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl,
return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
}
/* Since we're not using a certificate, set verify_result to skipped */
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
/* Since we're not using a certificate, set verify_result to success */
ssl->session_negotiate->verify_result = 0;
/* Allow calling psa_destroy_key() on psk remove */
ssl->handshake->psk_opaque_is_internal = 1;
@@ -7937,7 +7937,7 @@ static int ssl_parse_certificate_coordinate(mbedtls_ssl_context *ssl,
ssl->handshake->ciphersuite_info;
if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) {
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
ssl->session_negotiate->verify_result = 0;
return SSL_CERTIFICATE_SKIP;
}
@@ -9882,7 +9882,7 @@ int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl,
void *rs_ctx)
{
if (authmode == MBEDTLS_SSL_VERIFY_NONE) {
ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
ssl->session_negotiate->verify_result = 0;
return 0;
}