wolfssl: fix API breakage of SSL_get_verify_result

[openwrt/staging/mkresin.git] / package / libs / wolfssl / patches / 300-fix-SSL_get_verify_result-regression.patch

diff --git a/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch b/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch
new file mode 100644 (file)
index 0000000..9651c03
--- /dev/null
+++ b/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch
@@ -0,0 +1,26 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Juliusz Sosinowicz <juliusz@wolfssl.com>
+Date: Sat, 12 Feb 2022 00:34:24 +0100
+Subject: [PATCH] Reported in ZD13631
+
+`ssl->peerVerifyRet` wasn't being cleared when retrying with an alternative cert chain
+
+References: https://github.com/wolfSSL/wolfssl/issues/4879
+---
+ src/internal.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/internal.c b/src/internal.c
+index 0dded42a76c4..f5814d30607c 100644
+--- a/src/internal.c
++++ b/src/internal.c
+@@ -12372,6 +12372,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
+                             }
+ 
+                             ret = 0; /* clear errors and continue */
++                    #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
++                            ssl->peerVerifyRet = 0;
++                    #endif
+                             args->verifyErr = 0;
+                         }
+