Implement support for verify flag X509_V_FLAG_PARTIAL_CHAIN

ColtonWilley · douzzer · commit f7bfa71d9f69 · 2024-10-23T16:55:34.000-05:00
diff --git a/src/x509_str.c b/src/x509_str.c
@@ -403,6 +403,11 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
              * a trusted CA in the CM */
             ret = wolfSSL_X509_verify_cert_ex(ctx);
             if (ret != WOLFSSL_SUCCESS) {
+                if ((ctx->store->param->flags & X509_V_FLAG_PARTIAL_CHAIN) &&
+                    (added == 1)) {
+                    wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert);
+                    ret = WOLFSSL_SUCCESS;
+                }
                 goto exit;
             }
 
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
@@ -643,7 +643,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
 #define X509_V_FLAG_CRL_CHECK     WOLFSSL_CRL_CHECK
 #define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL
 
-#define X509_V_FLAG_PARTIAL_CHAIN 0
+#define X509_V_FLAG_PARTIAL_CHAIN 0x80000
 #define X509_V_FLAG_TRUSTED_FIRST 0
 
 #define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME
