aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls/schannel.h
diff options
context:
space:
mode:
authorJay Satiro <raysatiro@yahoo.com>2016-01-18 03:48:10 -0500
committerJay Satiro <raysatiro@yahoo.com>2016-01-18 03:48:10 -0500
commitd58ba66eeceb5a290ecd50f596606a7f77d68b4b (patch)
treed9d56a027821f1e3d7dc8c77ad6a05b282a4adb7 /lib/vtls/schannel.h
parentd56637113092ebc6721601812510ef5e3e5126e4 (diff)
mbedtls: Fix pinned key return value on fail
- Switch from verifying a pinned public key in a callback during the certificate verification to inline after the certificate verification. The callback method had three problems: 1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH was not returned. 2. If peer certificate verification was disabled the pinned key verification did not take place as it should. 3. (related to #2) If there was no certificate of depth 0 the callback would not have checked the pinned public key. Though all those problems could have been fixed it would have made the code more complex. Instead we now verify inline after the certificate verification in mbedtls_connect_step2. Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html Ref: https://github.com/bagder/curl/pull/601
Diffstat (limited to 'lib/vtls/schannel.h')
0 files changed, 0 insertions, 0 deletions