[Privoxy-commits] [privoxy] 05/19: MbedTLS: Only call mbedtls_ssl_get_verify_result() when we're actually interested in the result

[User Git]

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit 7603ae2dd09202423efe4a275cbbc3f04ede0d8c
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Mon Apr 27 08:27:43 2026 +0200

    MbedTLS: Only call mbedtls_ssl_get_verify_result() when we're actually interested in the result
---
 ssl.c | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/ssl.c b/ssl.c
index 172de749..44942cc4 100644
--- a/ssl.c
+++ b/ssl.c
@@ -763,17 +763,11 @@ extern int create_server_ssl_connection(struct client_state *csp)
    free_certificate_chain(csp);
 
    csp->ssl_with_server_is_opened = 1;
-   csp->server_cert_verification_result =
-      mbedtls_ssl_get_verify_result(&(ssl_attr->mbedtls_attr.ssl));
-
-#if MBEDTLS_VERSION_MAJOR > 3
-   if ((csp->server_cert_verification_result == MBEDTLS_X509_BADCERT_SKIP_VERIFY) &&
-      csp->dont_verify_certificate)
+   if (!csp->dont_verify_certificate)
    {
-      log_error(LOG_LEVEL_CONNECT, "Ignoring MBEDTLS_X509_BADCERT_SKIP_VERIFY");
-      csp->server_cert_verification_result = 0;
+      csp->server_cert_verification_result =
+         mbedtls_ssl_get_verify_result(&(ssl_attr->mbedtls_attr.ssl));
    }
-#endif
 
 exit:
    /* Freeing structures if connection wasn't created successfully */

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.