Amebis/GEANTLink
Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

Explicit server certificate check introduced

Browse Source
This commit is contained in:
Simon Rozman 2016-09-30 14:24:49 +02:00
parent a834fbcb7c
commit a1455078e9
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
lib/Events/res/EventsETW.man
View File

Binary file not shown.

10
lib/TLS/src/Method.cpp
View File

@ -1306,6 +1306,16 @@ void eap::method_tls::verify_server_trust() const
throw sec_runtime_error(status, __FUNCTION__ " Error retrieving server certificate from Schannel."); throw sec_runtime_error(status, __FUNCTION__ " Error retrieving server certificate from Schannel.");
#endif #endif
for (list<cert_context>::const_iterator c = m_cfg.m_trusted_root_ca.cbegin(), c_end = m_cfg.m_trusted_root_ca.cend(); c != c_end; ++c) {
if (cert->cbCertEncoded == (*c)->cbCertEncoded &&
memcmp(cert->pbCertEncoded, (*c)->pbCertEncoded, cert->cbCertEncoded) == 0)
{
// Server certificate found directly on the trusted root CA list.
m_module.log_event(&EAPMETHOD_TLS_SERVER_CERT_TRUSTED_EX, event_data::blank);
return;
}
}
// Check server name. // Check server name.
if (!m_cfg.m_server_names.empty()) { if (!m_cfg.m_server_names.empty()) {
bool bool