Generate fingerprints for chained certificates with an unknown root

author Aaron Jones <redacted>

Tue, 24 Mar 2015 05:25:38 +0000 (05:25 +0000)

committer Ed Kellett <redacted>

Wed, 28 Dec 2016 20:56:17 +0000 (20:56 +0000)
author Aaron Jones <redacted>
Tue, 24 Mar 2015 05:25:38 +0000 (05:25 +0000)
committer Ed Kellett <redacted>
Wed, 28 Dec 2016 20:56:17 +0000 (20:56 +0000)
diff --git a/libratbox/src/openssl.c b/libratbox/src/openssl.c

index eee3f8dc4f1fc5f2e6d49f42e1a279033612df96..fab262c7281af85a959895a6c09d9bf7eda15b14 100644 (file)
--- a/libratbox/src/openssl.c
+++ b/libratbox/src/openssl.c
@@ -634,10 +634,12 @@ rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN])
         if(cert != NULL)
         {
                 res = SSL_get_verify_result((SSL *) F->ssl);
-               if(res == X509_V_OK ||
-                               res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
-                               res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
-                               res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+               if(
+                       res == X509_V_OK ||
+                       res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
+                       res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
+                       res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
+                       res == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
                 {
                         memcpy(certfp, cert->sha1_hash, RB_SSL_CERTFP_LEN);
                         return 1;
author	Aaron Jones <redacted>
	Tue, 24 Mar 2015 05:25:38 +0000 (05:25 +0000)
committer	Ed Kellett <redacted>
	Wed, 28 Dec 2016 20:56:17 +0000 (20:56 +0000)