Skip to content

Commit a05aeb1

Browse files
Fix missing cast and correct freeing of certs.
1 parent 83e3467 commit a05aeb1

File tree

1 file changed

+12
-14
lines changed

1 file changed

+12
-14
lines changed

src/x509_str.c

Lines changed: 12 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -573,13 +573,22 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
573573
WOLFSSL_MSG("X509_verify_cert current cert failed, retrying with other certs.");
574574
RemoveCA(ctx->store->cm, ctx->current_cert->subjKeyId, WOLFSSL_TEMP_CA);
575575
X509StorePopCert(certs, failedCerts, ctx->current_cert);
576-
if (numInterAdd > 0)
577-
numInterAdd--;
578576
ctx->current_cert = wolfSSL_sk_X509_pop(ctx->chain);
579577
depth++;
580578
}
581579

582580
exit:
581+
/* Copy back failed certs if verification failed. */
582+
if (ret != WOLFSSL_SUCCESS) {
583+
while (wolfSSL_sk_X509_num(failedCerts) > 0)
584+
{
585+
wolfSSL_sk_X509_push(certs, wolfSSL_sk_X509_pop(failedCerts));
586+
}
587+
}
588+
if (failedCerts) {
589+
wolfSSL_sk_X509_free(failedCerts);
590+
}
591+
583592
/* Remove additional intermediates from init from the store */
584593
if (ctx != NULL && numInterAdd > 0) {
585594
for (i = 0; i < numInterAdd; i++) {
@@ -601,17 +610,6 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
601610
wolfSSL_sk_X509_free(certsToUse);
602611
}
603612

604-
/* Copy back failed certs if verification failed. */
605-
if (ret != WOLFSSL_SUCCESS) {
606-
while (wolfSSL_sk_X509_num(failedCerts) > 0)
607-
{
608-
wolfSSL_sk_X509_push(certs, wolfSSL_sk_X509_pop(failedCerts));
609-
}
610-
}
611-
if (failedCerts) {
612-
wolfSSL_sk_X509_free(failedCerts);
613-
}
614-
615613
return ret == WOLFSSL_SUCCESS ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
616614
}
617615

@@ -1103,7 +1101,7 @@ static int X509StorePopCert(WOLFSSL_STACK *certs_stack, WOLFSSL_STACK *dest_stac
11031101

11041102
for (i = 0; i < wolfSSL_sk_X509_num(certs_stack); i++) {
11051103
if (wolfSSL_sk_X509_value(certs_stack, i) == cert) {
1106-
wolfSSL_sk_X509_push(dest_stack, wolfSSL_sk_pop_node(certs_stack, i));
1104+
wolfSSL_sk_X509_push(dest_stack, (WOLFSSL_X509*)wolfSSL_sk_pop_node(certs_stack, i));
11071105
return WOLFSSL_SUCCESS;
11081106
}
11091107
}

0 commit comments

Comments
 (0)