RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 05:48:12 +00:00
Code Issues Activity Actions

LibTLS: (Almost) verify certificate chain against root CA certificates

Browse source 
Also adds a very primitive systemwide ca_certs.ini file.
This commit is contained in:
AnotherTest 2020-10-30 11:56:31 +03:30 committed by Andreas Kling
parent 34f8d55100
commit 37c089fb7b
7 changed files with 632 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
Libraries/LibTLS/ClientHandshake.cpp
View file

@ -274,7 +274,14 @@ void TLSv12::build_random(PacketBuilder& builder)
m_context.premaster_key = ByteBuffer::copy(random_bytes, bytes);
const auto& certificate = m_context.certificates[0];
const auto& certificate_option = verify_chain_and_get_matching_certificate(m_context.SNI); // if the SNI is empty, we'll make a special case and match *a* leaf certificate.
if (!certificate_option.has_value()) {
dbg() << "certificate verification failed :(";
alert(AlertLevel::Critical, AlertDescription::BadCertificate);
return;
}
auto& certificate = m_context.certificates[certificate_option.value()];
#ifdef TLS_DEBUG
dbg() << "PreMaster secret";
print_buffer(m_context.premaster_key);