Catch errors on CA MD5 calculation (PIA only)
This commit is contained in:
parent
d1b5c94be9
commit
8fe43269ab
|
@ -613,7 +613,13 @@ public class SessionProxy {
|
|||
|
||||
private func hardResetPayload() -> Data? {
|
||||
guard !(configuration.usesPIAPatches ?? false) else {
|
||||
let caMD5 = TLSBox.md5(forCertificatePath: caURL.path)
|
||||
let caMD5: String
|
||||
do {
|
||||
caMD5 = try TLSBox.md5(forCertificatePath: caURL.path)
|
||||
} catch {
|
||||
log.error("CA MD5 could not be computed, skipping custom HARD_RESET")
|
||||
return nil
|
||||
}
|
||||
log.debug("CA MD5 is: \(caMD5)")
|
||||
return try? PIAHardReset(
|
||||
caMd5Digest: caMD5,
|
||||
|
|
|
@ -51,7 +51,7 @@ extern NSString *const TLSBoxPeerVerificationErrorNotification;
|
|||
//
|
||||
@interface TLSBox : NSObject
|
||||
|
||||
+ (NSString *)md5ForCertificatePath:(NSString *)path;
|
||||
+ (nullable NSString *)md5ForCertificatePath:(NSString *)path error:(NSError **)error;
|
||||
|
||||
- (instancetype)initWithCAPath:(NSString *)caPath
|
||||
clientCertificatePath:(nullable NSString *)clientCertificatePath
|
||||
|
|
|
@ -80,14 +80,21 @@ int TLSBoxVerifyPeer(int ok, X509_STORE_CTX *ctx) {
|
|||
|
||||
@implementation TLSBox
|
||||
|
||||
+ (NSString *)md5ForCertificatePath:(NSString *)path
|
||||
+ (NSString *)md5ForCertificatePath:(NSString *)path error:(NSError * _Nullable __autoreleasing * _Nullable)error
|
||||
{
|
||||
const EVP_MD *alg = EVP_get_digestbyname("MD5");
|
||||
uint8_t md[16];
|
||||
unsigned int len;
|
||||
|
||||
FILE *pem = fopen([path cStringUsingEncoding:NSASCIIStringEncoding], "r");
|
||||
if (!pem) {
|
||||
return NULL;
|
||||
}
|
||||
X509 *cert = PEM_read_X509(pem, NULL, NULL, NULL);
|
||||
if (!cert) {
|
||||
fclose(pem);
|
||||
return NULL;
|
||||
}
|
||||
X509_digest(cert, alg, md, &len);
|
||||
X509_free(cert);
|
||||
fclose(pem);
|
||||
|
|
Loading…
Reference in New Issue