mirror of
https://github.com/RGBCube/serenity
synced 2025-07-25 21:57:43 +00:00
LibTLS: Verify the certificate chain sent by the server
With this change the certificate chain sent by the server will actually be verified, instead of just checking the names of the certificates. To determine if a certificate is signed by a root certificate, the list of root certificates is now a HashMap mapping from the unique identifier string to the certificate. This allows us to take the issuer of a certificate and easily check if it is a root certificate. If a certificate is not signed by a root certificate, we will check that it is signed by the next certificate in the chain. This also removes the ad-hoc checking of certificate validity from multiple places, and moves all checking to the verify_chain.
This commit is contained in:
parent
d5cef41bb6
commit
fea5aeda0b
6 changed files with 162 additions and 47 deletions
|
@ -91,6 +91,11 @@ Optional<Certificate> Certificate::parse_asn1(ReadonlyBytes buffer, bool)
|
|||
} while (0)
|
||||
|
||||
Certificate certificate;
|
||||
auto copy_buffer_result = ByteBuffer::copy(buffer.data(), buffer.size());
|
||||
if (copy_buffer_result.is_error())
|
||||
return {};
|
||||
certificate.original_asn1 = copy_buffer_result.release_value();
|
||||
|
||||
Crypto::ASN1::Decoder decoder { buffer };
|
||||
// Certificate ::= Sequence {
|
||||
// certificate TBSCertificate,
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue