mirror of
https://github.com/monero-project/monero.git
synced 2024-10-01 11:49:47 -04:00
Only check top-level certificate against fingerprint list.
This allows "chain" certificates to be used with the fingerprint whitelist option. A user can get a system-ca signature as backup while clients explicitly whitelist the server certificate. The user specified CA can also be combined with fingerprint whitelisting.
This commit is contained in:
parent
7c388fb358
commit
97cd1fa98d
@ -285,8 +285,10 @@ bool ssl_options_t::has_fingerprint(boost::asio::ssl::verify_context &ctx) const
|
||||
MERROR("Error getting verify_context handle");
|
||||
return false;
|
||||
}
|
||||
X509 *cert =X509_STORE_CTX_get_current_cert(sctx);
|
||||
if (!cert)
|
||||
|
||||
X509* cert = nullptr;
|
||||
const STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(sctx);
|
||||
if (!chain || sk_X509_num(chain) < 1 || !(cert = sk_X509_value(chain, 0)))
|
||||
{
|
||||
MERROR("No certificate found in verify_context");
|
||||
return false;
|
||||
|
Loading…
Reference in New Issue
Block a user