[OpenSIPS-Devel] [OpenSIPS/opensips] b1c672: tls_wolfssl: fix behavior of is_peer_verified() wi...
Vlad Pătrașcu
noreply at github.com
Tue Aug 17 11:13:51 UTC 2021
Branch: refs/heads/master
Home: https://github.com/OpenSIPS/opensips
Commit: b1c67295c1ae5937df316df3152b8ecf4da6e067
https://github.com/OpenSIPS/opensips/commit/b1c67295c1ae5937df316df3152b8ecf4da6e067
Author: Vlad Patrascu <vladp at opensips.org>
Date: 2021-08-17 (Tue, 17 Aug 2021)
Changed paths:
M modules/tls_wolfssl/wolfssl.c
M modules/tls_wolfssl/wolfssl_conn_ops.c
Log Message:
-----------
tls_wolfssl: fix behavior of is_peer_verified() with session tickets
If TLS session tickets were used for session resuming, the
is_peer_verified() script function would not be able to verify the peer
even if it did present a valid certificate in the initial TLS handshake.
Even so, this fix can only guarantee that the peer can be verified when
resuming a session, if the TLS domain is configured to require a peer
certificate initially. Otherwise, wolfssl does not provide a way of
retrieving the peer certificate from the received session ticket.
Fixes #2541
More information about the Devel
mailing list