wolfssl: fix API breakage of SSL_get_verify_result
authorPetr Štetiar <ynezz@true.cz>
Tue, 22 Feb 2022 19:00:28 +0000 (20:00 +0100)
committerPetr Štetiar <ynezz@true.cz>
Tue, 22 Feb 2022 19:27:15 +0000 (20:27 +0100)
commitb9251e3b407592f3114e739231088c3d27663c4c
tree89022f138162f2034a4cb893198514ccf6801542
parent9e6a71e86d5707db3ca3248a09f735cbd07c0a4c
wolfssl: fix API breakage of SSL_get_verify_result

Backport fix for API breakage of SSL_get_verify_result() introduced in
v5.1.1-stable.  In v4.8.1-stable SSL_get_verify_result() used to return
X509_V_OK when used on LE powered sites or other sites utilizing
relaxed/alternative cert chain validation feature. After an update to
v5.1.1-stable that API calls started returning X509_V_ERR_INVALID_CA
error and thus rendered all such connection attempts imposible:

 $ docker run -it openwrt/rootfs:x86_64-21.02.2 sh -c "wget https://letsencrypt.org"
 Downloading 'https://letsencrypt.org'
 Connecting to 18.159.128.50:443
 Connection error: Invalid SSL certificate

Fixes: #9283
References: https://github.com/wolfSSL/wolfssl/issues/4879
Signed-off-by: Petr Štetiar <ynezz@true.cz>
package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch [new file with mode: 0644]