search

wolfSSL / wolfssh

wolfSSH is a small, fast, portable SSH implementation, including support for SCP and SFTP.
https://www.wolfssl.com
370 stars 88 forks source link

Certificate OK #669

Closed ejohnstown closed 5 months ago

ejohnstown commented 6 months ago
  1. Split ParseAndVerifyCert() into ParseCertChainVerify() and ParseCert() with a common ParseCertChain() function.
  2. When the server is checking the user's certificate, don't do the verify step. Verify when the user's client sends a signature. The server needs to tell the client the cert is OK as a cert. Make the client do a PK sign.
  3. If the certificate check fails, we still need to be able to send the failure message to the peer. Set the ret value back to WS_SUCCESS. All other auth actions are gated on the authFailed.
  4. Whitespace. (ZD 17555)