linux: invoke the certificate chain callback only once

atbagga · Oct 26, 2021 · 68c40a7 · 68c40a7
1 parent a694f50
commit 68c40a7
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 5 deletions.
diff --git a/Release/include/cpprest/certificate_info.h b/Release/include/cpprest/certificate_info.h
@@ -34,15 +34,15 @@ namespace web { namespace http { namespace client {
 
     struct certificate_info
     {
-        CertificateChain certificate_chain;
         std::string host_name;
+        CertificateChain certificate_chain;
         long certificate_error{ 0 };
         bool verified{ false };
 
-        certificate_info(const std::string host) : host_name(host) {};
-        certificate_info(const std::string host, CertificateChain chain, long error = 0) : host_name(host), certificate_chain(chain), certificate_error(error) {};
+        certificate_info(const std::string host) : host_name(host) {}
+        certificate_info(const std::string host, CertificateChain chain, long error = 0) : host_name(host), certificate_chain(chain), certificate_error(error) {}
     };
 
     using CertificateChainFunction = std::function<bool(const std::shared_ptr<certificate_info> certificate_Info)>;
 
-}}}
+}}}
diff --git a/Release/include/cpprest/ws_client.h b/Release/include/cpprest/ws_client.h
@@ -228,6 +228,7 @@ class websocket_client_config
     }
 
 private:
+    http::client::CertificateChainFunction m_certificate_chain_callback;
     web::web_proxy m_proxy;
     web::credentials m_credentials;
     web::http::http_headers m_headers;

diff --git a/Release/src/http/client/http_client_asio.cpp b/Release/src/http/client/http_client_asio.cpp
@@ -1164,6 +1164,12 @@ class asio_context final : public request_context, public std::enable_shared_fro
         auto info = std::make_shared<certificate_info>(host, get_X509_cert_chain_encoded_data(verifyCtx));
         info->verified = true;
 
+        if (!is_end_certificate_in_chain(verifyCtx))
+        {
+            // Continue until we get the end certificate.
+            return true;
+        }
+
         return m_http_client->client_config().invoke_certificate_chain_callback(info);
     }
 

diff --git a/Release/src/http/client/x509_cert_utilities.cpp b/Release/src/http/client/x509_cert_utilities.cpp
@@ -641,4 +641,4 @@ bool verify_X509_cert_chain(const std::vector<std::string>& certChain,
 } // namespace http
 } // namespace web
 
-#endif
+#endif
-Original file line number
+Diff line change
@@ Expand Up @@
     } // namespace http
     } // namespace web
-    #endif
+    #endif