arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-19 23:22:16 +03:00
Code

Now load PEM cert bundles correctly for verification.

Browse Source 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@201 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich 2011-01-24 22:49:20 +00:00
parent e254859fb0
commit 9c91e355da
4 changed files with 16 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ssl/asn1.c
View File

@ -433,13 +433,13 @@ end_sig:
*/ */
static int asn1_compare_dn_comp(const char *dn1, const char *dn2) static int asn1_compare_dn_comp(const char *dn1, const char *dn2)
{ {
int ret = 1; int ret;
if ((dn1 && dn2 == NULL) || (dn1 == NULL && dn2)) goto err_no_match; if (dn1 == NULL && dn2 == NULL)
ret = 0;
else
ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 0;
ret = (dn1 && dn2) ? strcmp(dn1, dn2) : 0;
err_no_match:
return ret; return ret;
} }

12
ssl/loader.c
View File

@ -303,7 +303,7 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where,
if ((start = strstr(where, begins[i])) && if ((start = strstr(where, begins[i])) &&
(end = strstr(where, ends[i]))) (end = strstr(where, ends[i])))
{ {
remain -= (int)(end-start); remain -= (int)(end-where);
start += strlen(begins[i]); start += strlen(begins[i]);
pem_size = (int)(end-start); pem_size = (int)(end-start);
@ -362,20 +362,16 @@ static int new_pem_obj(SSL_CTX *ssl_ctx, int is_cacert, char *where,
remain--; remain--;
} }
where = end;
break; break;
} }
} }
ssl_obj_free(ssl_obj); ssl_obj_free(ssl_obj);
ssl_obj = NULL; ssl_obj = NULL;
if (start == NULL)
if (i == NUM_PEM_TYPES) break;
{
ret = SSL_ERROR_BAD_CERTIFICATE;
goto error;
}
} }
error: error:
ssl_obj_free(ssl_obj); ssl_obj_free(ssl_obj);
return ret; return ret;

19
ssl/tls1.c
View File

@ -416,7 +416,13 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
/* ignore the return code */ /* ignore the return code */
if (x509_new(buf, &offset, &ca_cert_ctx->cert[i]) == X509_OK) if (x509_new(buf, &offset, &ca_cert_ctx->cert[i]) == X509_OK)
{
#if defined (CONFIG_SSL_FULL_MODE)
if (ssl_ctx->options & SSL_DISPLAY_CERTS)
x509_print(ca_cert_ctx->cert[i], NULL);
#endif
i++; i++;
}
len -= offset; len -= offset;
} }
@ -1808,7 +1814,6 @@ int process_certificate(SSL *ssl, X509_CTX **x509_ctx)
goto error; goto error;
} }
/* DISPLAY_CERT(ssl, *chain); */
chain = &((*chain)->next); chain = &((*chain)->next);
offset += cert_size; offset += cert_size;
} }
@ -1898,18 +1903,6 @@ void DISPLAY_STATE(SSL *ssl, int is_send, uint8_t state, int not_ok)
TTY_FLUSH(); TTY_FLUSH();
} }
/**
* Debugging routine to display X509 certificates.
*/
void DISPLAY_CERT(SSL *ssl, const X509_CTX *x509_ctx)
{
if (!IS_SET_SSL_FLAG(SSL_DISPLAY_CERTS))
return;
x509_print(x509_ctx, ssl->ssl_ctx->ca_cert_ctx);
TTY_FLUSH();
}
/** /**
* Debugging routine to display RSA objects * Debugging routine to display RSA objects
*/ */

2
ssl/x509.c
View File

@ -367,7 +367,7 @@ int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert)
if (ca_cert_ctx != NULL) if (ca_cert_ctx != NULL)
{ {
/* go thu the CA store */ /* go thu the CA store */
while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i]) while (i < CONFIG_X509_MAX_CA_CERTS && ca_cert_ctx->cert[i])
{ {
if (asn1_compare_dn(cert->ca_cert_dn, if (asn1_compare_dn(cert->ca_cert_dn,
ca_cert_ctx->cert[i]->cert_dn) == 0) ca_cert_ctx->cert[i]->cert_dn) == 0)