[OpenSIPS-Devel] [OpenSIPS/opensips] b1c672: tls_wolfssl: fix behavior of is_peer_verified() wi...

Vlad Pătrașcu Tue, 17 Aug 2021 08:15:22 -0700

  Branch: refs/heads/master
  Home:   https://github.com/OpenSIPS/opensips
  Commit: b1c67295c1ae5937df316df3152b8ecf4da6e067
      
https://github.com/OpenSIPS/opensips/commit/b1c67295c1ae5937df316df3152b8ecf4da6e067
  Author: Vlad Patrascu <vl...@opensips.org>
  Date:   2021-08-17 (Tue, 17 Aug 2021)


  Changed paths:
    M modules/tls_wolfssl/wolfssl.c
    M modules/tls_wolfssl/wolfssl_conn_ops.c

  Log Message:
  -----------
  tls_wolfssl: fix behavior of is_peer_verified() with session tickets

If TLS session tickets were used for session resuming, the
is_peer_verified() script function would not be able to verify the peer
even if it did present a valid certificate in the initial TLS handshake.

Even so, this fix can only guarantee that the peer can be verified when
resuming a session, if the TLS domain is configured to require a peer
certificate initially. Otherwise, wolfssl does not provide a way of
retrieving the peer certificate from the received session ticket.

Fixes #2541



_______________________________________________
Devel mailing list
Devel@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/devel

[OpenSIPS-Devel] [OpenSIPS/opensips] b1c672: tls_wolfssl: fix behavior of is_peer_verified() wi...

Reply via email to