wolfssl icon indicating copy to clipboard operation
wolfssl copied to clipboard
verified publisher icon wolfSSL

Use verify callback before checking dates

Open embhorn opened this issue 1 year ago • 1 comments

Description

In wolfSSL_X509_verify_cert, after an error has been set is can be overwritten by the subsequent date check. If the callback is being used to override date errors, then the invalid cert gets treated as verified. This change adds a call to the verify callback before the date check. This way the application can handle the error(s) appropriately.

Fixes zd18433

Testing

Set system time to before cert validity of ./certs/intermediate/ca-int2-cert.pem. Call X509_verify_cert, similar to test_X509_STORE_untrusted_certs test. Observe ASN_SIGNER_ERROR being overwritten with date error.

Checklist

  • [ ] added tests
  • [ ] updated/added doxygen
  • [ ] updated appropriate READMEs
  • [ ] Updated manual and documentation

embhorn avatar Aug 23 '24 19:08 embhorn

retest this please Failing on

Build [PRB-generic-config-parser #5515](https://cloud.wolfssl-test.com/jenkins/job/PRB-generic-config-parser/5515/) completed: FAILURE
[Pipeline] }
[PRB-generic-config-parser #5515](https://cloud.wolfssl-test.com/jenkins/job/PRB-generic-config-parser/5515/) completed with status FAILURE (propagate: false to ignore)
org.jenkinsci.plugins.workflow.actions.ErrorAction$ErrorId: 3f1c96d4-ce62-4660-9068-00cafc9d37ae
Setting overall build result to FAILURE

embhorn avatar Aug 23 '24 22:08 embhorn