ShuriZma
/
dolphin
mirror of https://github.com/dolphin-emu/dolphin.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed: Allowed unknown certificates

This commit is contained in:
Sepalani 2015-06-07 00:49:18 +02:00
parent 170d0588a7
commit d3be9d155d
2 changed files with 22 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp
View File

@ -174,7 +174,7 @@ IPCCommandResult CWII_IPC_HLE_Device_net_ssl::IOCtlV(u32 _CommandAddress)
mbedtls_ssl_set_session(&ssl->ctx, &ssl->session); mbedtls_ssl_set_session(&ssl->ctx, &ssl->session);
mbedtls_ssl_conf_authmode(&ssl->config, MBEDTLS_SSL_VERIFY_NONE); mbedtls_ssl_conf_authmode(&ssl->config, MBEDTLS_SSL_VERIFY_REQUIRED);
mbedtls_ssl_conf_renegotiation(&ssl->config, MBEDTLS_SSL_RENEGOTIATION_ENABLED); mbedtls_ssl_conf_renegotiation(&ssl->config, MBEDTLS_SSL_RENEGOTIATION_ENABLED);
ssl->hostname = hostname; ssl->hostname = hostname;

22
Source/Core/Core/IPC_HLE/WII_Socket.cpp
View File

@ -312,7 +312,8 @@ void WiiSocket::Update(bool read, bool write, bool except)
{ {
case IOCTLV_NET_SSL_DOHANDSHAKE: case IOCTLV_NET_SSL_DOHANDSHAKE:
{ {
int ret = mbedtls_ssl_handshake(&CWII_IPC_HLE_Device_net_ssl::_SSL[sslID].ctx); mbedtls_ssl_context* ctx = &CWII_IPC_HLE_Device_net_ssl::_SSL[sslID].ctx;
int ret = mbedtls_ssl_handshake(ctx);
switch (ret) switch (ret)
{ {
case 0: case 0:
@ -328,6 +329,25 @@ void WiiSocket::Update(bool read, bool write, bool except)
if (!nonBlock) if (!nonBlock)
ReturnValue = SSL_ERR_WAGAIN; ReturnValue = SSL_ERR_WAGAIN;
break; break;
case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
{
int flags = ctx->session_negotiate->verify_result;
if (flags & MBEDTLS_X509_BADCERT_CN_MISMATCH)
ret = SSL_ERR_VCOMMONNAME;
else if (flags & MBEDTLS_X509_BADCERT_NOT_TRUSTED)
ret = SSL_ERR_VROOTCA;
else if (flags & MBEDTLS_X509_BADCERT_REVOKED)
ret = SSL_ERR_VCHAIN;
else if (flags & MBEDTLS_X509_BADCERT_EXPIRED ||
flags & MBEDTLS_X509_BADCERT_FUTURE)
ret = SSL_ERR_VDATE;
else
ret = SSL_ERR_FAILED;
Memory::Write_U32(ret, BufferIn);
if (!nonBlock)
ReturnValue = ret;
break;
}
default: default:
Memory::Write_U32(SSL_ERR_FAILED, BufferIn); Memory::Write_U32(SSL_ERR_FAILED, BufferIn);
break; break;