TSG-3438 中间证书缓存判定条件不完善

1 files changed, 6 insertions, 4 deletions

diff --git a/platform/src/ssl_trusted_cert_storage.cpp b/platform/src/ssl_trusted_cert_storage.cpp
index d9ff4fe..f751579 100644
--- a/platform/src/ssl_trusted_cert_storage.cpp
+++ b/platform/src/ssl_trusted_cert_storage.cpp
@@ -333,6 +333,7 @@ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 			ret=1;	//host match is verfied via X509_check_host
 			break;
 		default:
+			param->real_untrust |= 0x10;
 			ret=0;
 			break;
 	}
@@ -416,15 +417,16 @@ int ssl_trusted_cert_storage_verify_conn(struct ssl_trusted_cert_storage* storag
 	}
 
 	TFE_LOG_DEBUG(g_default_logger,
-		"sni:%s, cet_real_untrust:%d, verify_host_fail:%d, verify_issure_fail:%d, verify_self_signed_fail:%d, verify_expiry_date_fail:%d",
+		"sni:%s, cet_real_untrust:%d, verify_host_fail:%d, verify_issure_fail:%d, verify_self_signed_fail:%d, verify_expiry_date_fail:%d, verify_other_fail:%d",
 		(hostname ? hostname : "NULL"),
-		((param->real_untrust & 0x0f) ? 1 : 0),
+		((param->real_untrust & 0xff) ? 1 : 0),
 		((param->real_untrust & 0x01) ? 1 : 0),
 		((param->real_untrust & 0x02) ? 1 : 0),
 		((param->real_untrust & 0x04) ? 1 : 0),
-		((param->real_untrust & 0x08) ? 1 : 0));
+		((param->real_untrust & 0x08) ? 1 : 0),
+		((param->real_untrust & 0x10) ? 1 : 0));
 
-	// case cert verify success 
+    // case cert verify success 
 	if (param->real_untrust == 0) {
 		ssl_fetch_trusted_cert_from_chain(cert_chain, storage->effective_store, hostname);
 	}