MT#55283 verify "zero" DTLS cert

... instead of "current" if available

closes #1771

Change-Id: Id1b742b2446d4d59b3de251a1d1a5dcbed86834a
(cherry picked from commit 8fba68f2c9)
mr10.5.7
Richard Fuchs 2 years ago
parent 7e11cb7ae8
commit 9e62aee968

@ -501,7 +501,13 @@ static int verify_callback(int ok, X509_STORE_CTX *store) {
if (ps->dtls_cert)
X509_free(ps->dtls_cert);
ps->dtls_cert = X509_dup(X509_STORE_CTX_get_current_cert(store));
ps->dtls_cert = NULL;
X509 *cert = X509_STORE_CTX_get0_cert(store);
if (!cert)
cert = X509_STORE_CTX_get_current_cert(store);
if (!cert)
return 0;
ps->dtls_cert = X509_dup(cert);
if (!media->fingerprint.hash_func || !media->fingerprint.digest_len)
return 1; /* delay verification */

Loading…
Cancel
Save