wolfssl icon indicating copy to clipboard operation
wolfssl copied to clipboard
verified publisher icon wolfSSL

Allow overriding CRL chain errors early so CRL chain processing will continue.

Open kareem-wolfssl opened this issue 1 year ago • 2 comments

Description

Fixes zd#17844

Testing

Customer confirmed fix

Checklist

  • [ ] added tests
  • [ ] updated/added doxygen
  • [ ] updated appropriate READMEs
  • [ ] Updated manual and documentation

kareem-wolfssl avatar May 03 '24 20:05 kareem-wolfssl

Retest this please

dgarske avatar May 24 '24 14:05 dgarske

I tried moving the check to the end of the function, but this lead to test failures, and doesn't seem scalable if we decide to call the verify callback in more spots in the future. Instead, I've added a flag to indicate the verify callback did not override an error which prevents it from being called again. This should cover the case you laid out.

kareem-wolfssl avatar Jun 12 '24 23:06 kareem-wolfssl