Fix bug in ssl_get_verify_result()

This commit is contained in:
Manuel Pégourié-Gonnard 2015-01-23 14:30:57 +00:00 committed by Paul Bakker
parent cc334eff3e
commit e89163c0a8
3 changed files with 14 additions and 6 deletions

View file

@ -50,6 +50,8 @@ Bugfix
* Fix unchecked return code in x509_crt_parse_path() on Windows (found by * Fix unchecked return code in x509_crt_parse_path() on Windows (found by
Peter Vaskovic). Peter Vaskovic).
* Fix assembly selection for MIPS64 (thanks to James Cowgill). * Fix assembly selection for MIPS64 (thanks to James Cowgill).
* ssl_get_verify_result() now works even if the handshake was aborted due
to a failed verification (found by Fredrik Axelsson).
Changes Changes
* Use deterministic nonces for AEAD ciphers in TLS by default (possible to * Use deterministic nonces for AEAD ciphers in TLS by default (possible to

View file

@ -1710,11 +1710,11 @@ size_t ssl_get_bytes_avail( const ssl_context *ssl );
* *
* \param ssl SSL context * \param ssl SSL context
* *
* \return 0 if successful, or a combination of: * \return 0 if successful,
* BADCERT_EXPIRED * -1 if result is not available (eg because the handshake was
* BADCERT_REVOKED * aborted too early), or
* BADCERT_CN_MISMATCH * a combination of BADCERT_xxx and BADCRL_xxx flags, see
* BADCERT_NOT_TRUSTED * x509.h
*/ */
int ssl_get_verify_result( const ssl_context *ssl ); int ssl_get_verify_result( const ssl_context *ssl );

View file

@ -4336,7 +4336,13 @@ size_t ssl_get_bytes_avail( const ssl_context *ssl )
int ssl_get_verify_result( const ssl_context *ssl ) int ssl_get_verify_result( const ssl_context *ssl )
{ {
return( ssl->session->verify_result ); if( ssl->session != NULL )
return( ssl->session->verify_result );
if( ssl->session_negotiate != NULL )
return( ssl->session_negotiate->verify_result );
return( -1 );
} }
const char *ssl_get_ciphersuite( const ssl_context *ssl ) const char *ssl_get_ciphersuite( const ssl_context *ssl )