Use verify callback before checking dates

wolfSSL · Aug 23, 2024 · be37587 · be37587
1 parent e99bbf9
commit be37587
Showing 1 changed file with 9 additions and 5 deletions.
diff --git a/src/x509_str.c b/src/x509_str.c
@@ -269,6 +269,10 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
  ctx->current_cert->derCert->length,
  WOLFSSL_FILETYPE_ASN1);
  SetupStoreCtxError(ctx, ret);
+ #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+ if (ctx->store && ctx->store->verify_cb)
+ ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ? 0 : ret;
+ #endif
 
  #ifndef NO_ASN_TIME
  if (ret != WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) &&
@@ -289,14 +293,14 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
  ret = ASN_BEFORE_DATE_E;
  }
  SetupStoreCtxError(ctx, ret);
+ #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
+ if (ctx->store && ctx->store->verify_cb)
+ ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0,
+ ctx) == 1 ? 0 : -1;
+ #endif
  }
  #endif
 
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
- if (ctx->store && ctx->store->verify_cb)
- ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ? 0 : -1;
- #endif
-
  return ret >= 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
  }
  return WOLFSSL_FATAL_ERROR;