-
Helga Velroyen authored
This patch significantly changes the callback that is called upon receiving an incoming SSL connection. Since this callback is called not only with the certificate that the client sends, but also (in some implementations) with the entire certificate chain of the client certificate. In our case, the certficate chain contains the client certificate and the server certificate as the one that signed the client certificate. This means that we have to accept the server certificate, but only if we receive it with the 'depth' greater than 0, meaning that this is part of the chain and not the actual certificate. If the depth value is 0, we can be sure to have received the actual certficate and match it against the list of master candidate certificates as before. Signed-off-by: Helga Velroyen <helgav@google.com> Reviewed-by: Klaus Aehlig <aehlig@google.com>
7e01704b