mirror of
https://github.com/asterisk/asterisk.git
synced 2025-09-03 03:20:57 +00:00
b3de33b76b
The verification process will now load a full certificate chain retrieved via the X5U URL instead of loading only the end user cert. * Renamed crypto_load_cert_from_file() and crypto_load_cert_from_memory() to crypto_load_cert_chain_from_file() and crypto_load_cert_chain_from_memory() respectively. * The two load functions now continue to load certs from the file or memory PEMs and store them in a separate stack of untrusted certs specific to the current verification context. * crypto_is_cert_trusted() now uses the stack of untrusted certs that were extracted from the PEM in addition to any untrusted certs that were passed in from the configuration (and any CA certs passed in from the config of course). Resolves: #1272 UserNote: The STIR/SHAKEN verification process will now load a full certificate chain retrieved via the X5U URL instead of loading only the end user cert.