v1.1.1

khoih-prog · web-flow · commit c40546afdfe6 · 2020-11-18T03:50:42.000-05:00
### Release v1.1.1

1. Permit sites with "Chain could not be linked to a trust anchor" such as mqtt.thingstream.io.
2. Add example MQTTS_ThingStream to demonstrate new feature
diff --git a/src/SSLClient/bearssl/src/x509/x509_minimal.c b/src/SSLClient/bearssl/src/x509/x509_minimal.c
@@ -301,15 +301,33 @@ xm_end_chain(const br_x509_class **ctx)
 	br_x509_minimal_context *cc;
 
 	cc = (br_x509_minimal_context *)(void *)ctx;
-	if (cc->err == 0) {
-		if (cc->num_certs == 0) {
+	
+	if (cc->err == 0) 
+	{
+		if (cc->num_certs == 0) 
+		{
 			cc->err = BR_ERR_X509_EMPTY_CHAIN;
-		} else {
-			cc->err = BR_ERR_X509_NOT_TRUSTED;
+		} 
+		else 
+		{
+		  // KH mod to permit BR_ERR_X509_NOT_TRUSTED
+#if 1 //PERMIT_X509_NOT_TRUSTED		
+		  
+			//cc->err = BR_ERR_X509_NOT_TRUSTED;
+			cc->err = BR_ERR_X509_OK;
+			return 0;
+			
+#else
+      cc->err = BR_ERR_X509_NOT_TRUSTED;
+#endif		
+      //////	
 		}
-	} else if (cc->err == BR_ERR_X509_OK) {
+	} 
+	else if (cc->err == BR_ERR_X509_OK) 
+	{
 		return 0;
 	}
+	
 	return (unsigned)cc->err;
 }
 
@@ -319,6 +337,7 @@ xm_get_pkey(const br_x509_class *const *ctx, unsigned *usages)
 	br_x509_minimal_context *cc;
 
 	cc = (br_x509_minimal_context *)(void *)ctx;
+	
 	if (cc->err == BR_ERR_X509_OK
 		|| cc->err == BR_ERR_X509_NOT_TRUSTED)
 	{
diff --git a/src/SSLClient/bearssl/src/x509/x509_minimal.t0 b/src/SSLClient/bearssl/src/x509/x509_minimal.t0
@@ -250,15 +250,33 @@ xm_end_chain(const br_x509_class **ctx)
 	br_x509_minimal_context *cc;
 
 	cc = (br_x509_minimal_context *)(void *)ctx;
-	if (cc->err == 0) {
-		if (cc->num_certs == 0) {
+	
+	if (cc->err == 0) 
+	{
+		if (cc->num_certs == 0) 
+		{
 			cc->err = BR_ERR_X509_EMPTY_CHAIN;
-		} else {
-			cc->err = BR_ERR_X509_NOT_TRUSTED;
+		} 
+		else 
+		{
+		  // KH mod to permit BR_ERR_X509_NOT_TRUSTED
+#if 1 //PERMIT_X509_NOT_TRUSTED		
+		  
+			//cc->err = BR_ERR_X509_NOT_TRUSTED;
+			cc->err = BR_ERR_X509_OK;
+			return 0;
+			
+#else
+      cc->err = BR_ERR_X509_NOT_TRUSTED;
+#endif		
+      //////	
 		}
-	} else if (cc->err == BR_ERR_X509_OK) {
+	} 
+	else if (cc->err == BR_ERR_X509_OK) 
+	{
 		return 0;
 	}
+	
 	return (unsigned)cc->err;
 }
 
