Only return VERIFY_FAILED from a single point

Everything else is a fatal error. Also improve documentation about that for the vrfy callback.
2026-03-11 05:16:27 +00:00 · 2017-06-26 10:11:49 +02:00
parent d15795acd5
commit 31458a1878
8 changed files with 22 additions and 6 deletions
--- a/3
+++ b/3
@@ -6,6 +6,9 @@ Changes
   * Certificate verification functions now set flags to -1 in case the full
     chain was not verified due to an internal error (including in the verify
     callback) or chain length limitations.
+   * With authmode set to optional, handshake is now aborted if the
+     verification of the peer's certificate failed due to an overlong chain or
+     a fatal error in the vrfy callback.

 = mbed TLS 2.5.1 released 2017-06-21