gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

verify certificate chain when receiving it, return correct errors

Browse Source
This commit is contained in:
Marten Seemann
2016-11-20 23:11:46 +08:00
parent 41c66f9a60
commit 865aed07d8
2 changed files with 22 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
handshake/crypto_setup_client.go
View File

@@ -146,7 +146,12 @@ func (h *cryptoSetupClient) handleREJMessage(cryptoData map[Tag][]byte) error {
if crt, ok := cryptoData[TagCERT]; ok {
err := h.certManager.SetData(crt)
if err != nil {
return err
return qerr.Error(qerr.InvalidCryptoMessageParameter, "Certificate data invalid")
}
err = h.certManager.Verify(h.hostname)
if err != nil {
return qerr.ProofInvalid
}
}