diff options
Diffstat (limited to 'test')
-rw-r--r-- | test/helpers/handshake.c | 12 | ||||
-rw-r--r-- | test/sslapitest.c | 11 |
2 files changed, 20 insertions, 3 deletions
diff --git a/test/helpers/handshake.c b/test/helpers/handshake.c index d44aa4baaf..f05782220d 100644 --- a/test/helpers/handshake.c +++ b/test/helpers/handshake.c @@ -305,10 +305,18 @@ static int verify_reject_cb(X509_STORE_CTX *ctx, void *arg) { static int n_retries = 0; static int verify_retry_cb(X509_STORE_CTX *ctx, void *arg) { + int idx = SSL_get_ex_data_X509_STORE_CTX_idx(); + SSL *ssl; + + /* this should not happen but check anyway */ + if (idx < 0 + || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL) + return 0; + if (--n_retries < 0) return 1; - X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION); - return -1; + + return SSL_set_retry_verify(ssl); } static int verify_accept_cb(X509_STORE_CTX *ctx, void *arg) { diff --git a/test/sslapitest.c b/test/sslapitest.c index de2eeec3e8..f12ae26a32 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -557,10 +557,19 @@ end: static int verify_retry_cb(X509_STORE_CTX *ctx, void *arg) { int res = X509_verify_cert(ctx); + int idx = SSL_get_ex_data_X509_STORE_CTX_idx(); + SSL *ssl; + + /* this should not happen but check anyway */ + if (idx < 0 + || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL) + return 0; if (res == 0 && X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) - return -1; /* indicate SSL_ERROR_WANT_RETRY_VERIFY */ + /* indicate SSL_ERROR_WANT_RETRY_VERIFY */ + return SSL_set_retry_verify(ssl); + return res; } |