Skip to content

Commit 0924278

Browse files
committed
Revert "Remove useless check for valid certificate"
This reverts commit a1f93fc.
1 parent ce2537f commit 0924278

File tree

1 file changed

+13
-0
lines changed

1 file changed

+13
-0
lines changed

platform/posix/transport/src/openssl_posix.c

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -282,6 +282,19 @@ static OpensslStatus_t tlsHandshake( OpensslParams_t * pOpensslParams,
282282
}
283283
}
284284

285+
/* Verify X509 certificate from peer. */
286+
if( returnStatus == OPENSSL_SUCCESS )
287+
{
288+
verifyPeerCertStatus = ( int32_t ) SSL_get_verify_result( pOpensslParams->pSsl );
289+
290+
if( verifyPeerCertStatus != X509_V_OK )
291+
{
292+
LogError( ( "SSL_get_verify_result failed to verify X509 "
293+
"certificate from peer." ) );
294+
returnStatus = OPENSSL_HANDSHAKE_FAILED;
295+
}
296+
}
297+
285298
return returnStatus;
286299
}
287300

0 commit comments

Comments
 (0)