Google Git
Sign in
dart / sdk / 322a7354241ac6f2380fd451a6ed706157ec26f2^! / .
commit322a7354241ac6f2380fd451a6ed706157ec26f2[log] [tgz]
authorWilliam Hesse <whesse@google.com>Wed Sep 30 15:25:45 2015 +0200
committerWilliam Hesse <whesse@google.com>Wed Sep 30 15:25:45 2015 +0200
treec84a3adc5ae8fc4640083a2cdb9b0c5578a0f03b
parent86c76de23799153bf91ed32ed53be86816fc1cc9 [diff]
Allow X509 certificate chains where we trust a certificate in the middle of the chain.

BUG=https://github.com/dart-lang/sdk/issues/24330
R=sgjesse@google.com

Review URL: https://codereview.chromium.org//1381673002 .

diff --git a/runtime/bin/secure_socket.cc b/runtime/bin/secure_socket.cc
index 0670683..af90fab 100644
--- a/runtime/bin/secure_socket.cc
+++ b/runtime/bin/secure_socket.cc

@@ -895,6 +895,9 @@
     // against the certificate presented by the server.
     X509_VERIFY_PARAM* certificate_checking_parameters = SSL_get0_param(ssl_);
     hostname_ = strdup(hostname);
+    X509_VERIFY_PARAM_set_flags(certificate_checking_parameters,
+                                X509_V_FLAG_PARTIAL_CHAIN |
+                                X509_V_FLAG_TRUSTED_FIRST);
     X509_VERIFY_PARAM_set_hostflags(certificate_checking_parameters, 0);
     X509_VERIFY_PARAM_set1_host(certificate_checking_parameters,
                                 hostname_, strlen(hostname_));
@@ -957,8 +960,10 @@
   if (SSL_LOG_STATUS) Log::Print("SSL_handshake status: %d\n", status);
   if (status != 1) {
     error = SSL_get_error(ssl_, status);
-    if (SSL_LOG_STATUS) Log::Print("ERROR: %d\n", error);
-    ERR_print_errors_cb(printErrorCallback, NULL);
+    if (SSL_LOG_STATUS) {
+      Log::Print("ERROR: %d\n", error);
+      ERR_print_errors_cb(printErrorCallback, NULL);
+    }
   }
   if (status == 1) {
     if (in_handshake_) {