diff --git a/components/openssl/include/internal/ssl_code.h b/components/openssl/include/internal/ssl_code.h index 1510ce6ff4..de86e07df1 100644 --- a/components/openssl/include/internal/ssl_code.h +++ b/components/openssl/include/internal/ssl_code.h @@ -17,6 +17,7 @@ #include "ssl3.h" #include "tls1.h" +#include "x509_vfy.h" /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 diff --git a/components/openssl/include/internal/ssl_methods.h b/components/openssl/include/internal/ssl_methods.h index b72b17ad3d..244eec38dd 100644 --- a/components/openssl/include/internal/ssl_methods.h +++ b/components/openssl/include/internal/ssl_methods.h @@ -21,6 +21,7 @@ read, send, pending, \ set_fd, get_fd, \ set_bufflen, \ + get_verify_result, \ get_state) \ static const SSL_METHOD_FUNC func_name LOCAL_ATRR = { \ new, \ @@ -34,6 +35,7 @@ set_fd, \ get_fd, \ set_bufflen, \ + get_verify_result, \ get_state \ }; diff --git a/components/openssl/include/internal/ssl_types.h b/components/openssl/include/internal/ssl_types.h index 133feb9dc1..761250eef7 100644 --- a/components/openssl/include/internal/ssl_types.h +++ b/components/openssl/include/internal/ssl_types.h @@ -193,6 +193,8 @@ struct ssl_st X509 *client_CA; + long verify_result; + int err; void (*info_callback) (const SSL *ssl, int type, int val); @@ -235,6 +237,8 @@ struct ssl_method_func_st { void (*ssl_set_bufflen)(SSL *ssl, int len); + long (*ssl_get_verify_result)(const SSL *ssl); + OSSL_HANDSHAKE_STATE (*ssl_get_state)(const SSL *ssl); }; diff --git a/components/openssl/include/platform/ssl_pm.h b/components/openssl/include/platform/ssl_pm.h index 783ba5445e..3f64a4ae32 100644 --- a/components/openssl/include/platform/ssl_pm.h +++ b/components/openssl/include/platform/ssl_pm.h @@ -49,4 +49,6 @@ void pkey_pm_free(EVP_PKEY *pkey); int pkey_pm_load(EVP_PKEY *pkey, const unsigned char *buffer, int len); void pkey_pm_unload(EVP_PKEY *pkey); +long ssl_pm_get_verify_result(const SSL *ssl); + #endif diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index 36e8cdf794..ac41be6276 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -1731,3 +1731,17 @@ void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_C SSL_ASSERT(ssl); SSL_ASSERT(verify_callback); } + +/* + * SSL_get_verify_result - get the verifying result of the SSL certification + * + * @param ssl - the SSL point + * + * @return the result of verifying + */ +long SSL_get_verify_result(const SSL *ssl) +{ + SSL_ASSERT(ssl); + + return SSL_METHOD_CALL(get_verify_result, ssl); +} diff --git a/components/openssl/library/ssl_methods.c b/components/openssl/library/ssl_methods.c index 0c5c6e7fa4..c6fb40e59c 100644 --- a/components/openssl/library/ssl_methods.c +++ b/components/openssl/library/ssl_methods.c @@ -25,6 +25,7 @@ IMPLEMENT_TLS_METHOD_FUNC(TLS_method_func, ssl_pm_read, ssl_pm_send, ssl_pm_pending, ssl_pm_set_fd, ssl_pm_get_fd, ssl_pm_set_bufflen, + ssl_pm_get_verify_result, ssl_pm_get_state); /* diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index 9c38849dd6..102e5a543a 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -114,8 +114,6 @@ failed1: */ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) { - int ret; - SSL_ASSERT(ctx); SSL_ASSERT(x); @@ -139,8 +137,6 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) */ int SSL_add_client_CA(SSL *ssl, X509 *x) { - int ret; - SSL_ASSERT(ssl); SSL_ASSERT(x); diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 948c1bc4ee..ebb9687ea8 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -444,3 +444,19 @@ void ssl_pm_set_bufflen(SSL *ssl, int len) { max_content_len = len; } + +long ssl_pm_get_verify_result(const SSL *ssl) +{ + long ret; + long verify_result; + struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; + + ret = mbedtls_ssl_get_verify_result(&ssl_pm->ssl); + + if (!ret) + verify_result = X509_V_OK; + else + verify_result = X509_V_ERR_UNSPECIFIED; + + return verify_result; +}