diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2026-05-01 18:29:50 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska-skaware@skarnet.org> | 2026-05-01 18:29:50 +0000 |
| commit | 690a9a27a515ea56f613a9ae2baa9b237daf4f91 (patch) | |
| tree | 06740d2744c892e357b628d175b8db55c0ef6cb5 | |
| parent | 49a26b0671b3fbe932a0a26e9414cce6e8ef3ec2 (diff) | |
| download | s6-networking-690a9a27a515ea56f613a9ae2baa9b237daf4f91.tar.gz | |
Ignore more bearssl errors under --no-verify-cert
| -rw-r--r-- | src/sbearssl/sbearssl_x509_small_vtable.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/src/sbearssl/sbearssl_x509_small_vtable.c b/src/sbearssl/sbearssl_x509_small_vtable.c index 951290a..7ec47f5 100644 --- a/src/sbearssl/sbearssl_x509_small_vtable.c +++ b/src/sbearssl/sbearssl_x509_small_vtable.c @@ -1,5 +1,7 @@ /* ISC license. */ +#include <stdlib.h> + #include <bearssl.h> #include <s6-networking/sbearssl.h> @@ -39,11 +41,25 @@ static void end_cert (br_x509_class const **c) ctx->i++ ; } +static inline int isin (unsigned int key, unsigned int const *table, unsigned int n) +{ + for (unsigned int i = 0 ; i < n ; i++) + if (key == table[i]) return 1 ; + return 0 ; +} + static unsigned int end_chain (br_x509_class const **c) { + static unsigned int const ignored_errors[] = + { + BR_ERR_X509_EXPIRED, + BR_ERR_X509_DN_MISMATCH, + BR_ERR_X509_BAD_SERVER_NAME, + BR_ERR_X509_NOT_TRUSTED, + } ; sbearssl_x509_small_context *ctx = INSTANCE(c) ; unsigned int r = ctx->minimal.vtable->end_chain(&ctx->minimal.vtable) ; - if (ctx->flags & 1 && r == BR_ERR_X509_NOT_TRUSTED) r = 0 ; + if (ctx->flags & 1 && isin(r, ignored_errors, sizeof(ignored_errors)/sizeof(unsigned int))) r = 0 ; if (!r) { uint8_t mask = 1 ; |