Fix chained certificate loading

2025-03-03 15:38:22 +00:00 · 2021-07-08 17:28:44 -07:00 · 2021-07-08 17:28:44 -07:00 · 45d72920ba
commit 45d72920ba
parent feb0f9fb3a
1 changed files with 9 additions and 8 deletions
--- a/tool/net/redbean.c
+++ b/tool/net/redbean.c
@ -651,18 +651,19 @@ static bool ChainCertificate(mbedtls_x509_crt *cert, mbedtls_x509_crt *parent) {
  }
 }

-static void InternCertificate(mbedtls_x509_crt *cert,
-                              mbedtls_x509_crt *parent) {
+static void InternCertificate(mbedtls_x509_crt *cert, mbedtls_x509_crt *prev) {
  int r;
  size_t i;
  if (cert->next) InternCertificate(cert->next, cert);
-  if (parent) {
-    if (mbedtls_x509_crt_check_parent(cert, parent, 1)) {
-      parent->next = 0; /* unchain ca root bundles */
-    } else if ((r = mbedtls_x509_crt_check_signature(cert, parent, 0))) {
+  if (prev) {
+    if (mbedtls_x509_crt_check_parent(prev, cert, 1)) {
+      DEBUGF("unbundling %`'s from %`'s", gc(FormatX509Name(&prev->subject)),
+             gc(FormatX509Name(&cert->subject)));
+      prev->next = 0;
+    } else if ((r = mbedtls_x509_crt_check_signature(prev, cert, 0))) {
      WARNF("invalid signature for %`'s -> %`'s (-0x%04x)",
-            gc(FormatX509Name(&cert->subject)),
-            gc(FormatX509Name(&parent->subject)), -r);
+            gc(FormatX509Name(&prev->subject)),
+            gc(FormatX509Name(&cert->subject)), -r);
    }
  }
  if (mbedtls_x509_time_is_past(&cert->valid_to)) {