blob: f7207db9dca136db05ff8629c4163331b984c380 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
From 3d08027f30c6d9c1eaccf7d60c68c8f7d78017c3 Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Wed, 26 Oct 2022 07:31:43 -0400
Subject: [PATCH] fix cert order only for lookup=0. Fixes #4785
---
src/main/tls.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/main/tls.c b/src/main/tls.c
index a33699cbb66e..c67148cf12c7 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -3015,7 +3015,14 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
*/
if (lookup > 1) {
if (!my_ok) lookup = 1;
- } else {
+
+ } else if (lookup == 0) {
+ /*
+ * This flag is only set for outbound
+ * connections. And then allows us to remap SSL
+ * offset 0 (server) to our offset 1 (also
+ * server).
+ */
lookup = (SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_FIX_CERT_ORDER) != NULL);
}
|