(openoffice) 06/12: In the WebDAV content provider, allow the user to permit any TLS certificate in the chain that's invalid, not just the first.

Sat, 27 Apr 2024 09:32:17 -0700 

This is an automated email from the ASF dual-hosted git repository.

ardovm pushed a commit to branch AOO42X
in repository https://gitbox.apache.org/repos/asf/openoffice.git

commit f7ba5d5a709e464e56e5d80c5635469f9351434d
Author: Damjan Jovanovic <dam...@apache.org>
AuthorDate: Tue Aug 23 02:52:31 2022 +0200

    In the WebDAV content provider, allow the user to permit any TLS certificate
    in the chain that's invalid, not just the first.
    
    Patch by: me
    
    (cherry picked from commit c464040a4409a7ab63c22a7b2358ce0134c09c10)
---
 main/ucb/source/ucp/webdav/CurlSession.cxx | 27 +++++++++++++--------------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/main/ucb/source/ucp/webdav/CurlSession.cxx 
b/main/ucb/source/ucp/webdav/CurlSession.cxx
index 721f1aa4cb..bf6494233f 100644
--- a/main/ucb/source/ucp/webdav/CurlSession.cxx
+++ b/main/ucb/source/ucp/webdav/CurlSession.cxx
@@ -373,25 +373,24 @@ int CurlSession::validateServerX509Certificate( 
X509_STORE_CTX *x509StoreContext
          X509_STORE_CTX_get_chain( x509StoreContext );
 #endif
     
-    if ( depth == 0 ) {
-        std::vector< uno::Sequence< sal_Int8 > > asn1DerCertificates;
-        if ( chain != NULL ) {
-            int nCertificates = sk_X509_num( chain );
-            for ( int i = 0; i < nCertificates; i++ ) {
-                X509 *certificate = sk_X509_value( chain, i );
-                uno::Sequence< sal_Int8 > asn1DerCertificate = 
convertCertificateToAsn1Der( certificate );
-                if ( asn1DerCertificate.getLength() == 0 )
-                    return 0;
-                asn1DerCertificates.push_back( asn1DerCertificate );
-            }
-        } else {
-            uno::Sequence< sal_Int8 > asn1DerCertificate = 
convertCertificateToAsn1Der( serverCertificate );
+    std::vector< uno::Sequence< sal_Int8 > > asn1DerCertificates;
+    if ( chain != NULL ) {
+        int nCertificates = sk_X509_num( chain );
+        for ( int i = 0; i < nCertificates; i++ ) {
+            X509 *certificate = sk_X509_value( chain, i );
+            uno::Sequence< sal_Int8 > asn1DerCertificate = 
convertCertificateToAsn1Der( certificate );
             if ( asn1DerCertificate.getLength() == 0 )
                 return 0;
             asn1DerCertificates.push_back( asn1DerCertificate );
         }
-        verifyOk = verifyCertificateChain( asn1DerCertificates );
+    } else {
+        uno::Sequence< sal_Int8 > asn1DerCertificate = 
convertCertificateToAsn1Der( serverCertificate );
+        if ( asn1DerCertificate.getLength() == 0 )
+            return 0;
+        asn1DerCertificates.push_back( asn1DerCertificate );
     }
+    verifyOk = verifyCertificateChain( asn1DerCertificates );
+
     m_aLogger.log( LogLevel::FINE, "validateServerX509Certificate() returning 
$1$ at depth $2$",
         (sal_Int32)verifyOk, (sal_Int32)depth );
     return verifyOk;

Reply via email to