arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-07-30 16:24:09 +03:00
Code Activity

Postpone freeing of X509 context to the first data exchange after handshake

Browse Source 
X509 context contains certificate fingerprint and various names which may be used to verify the certificate.
Previously we would free it right after the handshake completion, which prevented the client from actually using any information from X509 context.
Postponing this to the first ssl_read/ssl_write call after the handshake, we give the client a chance to verify the certificate.

Also added logging to ssl_match_fingerprint function in case fingerprint doesn't match expected value.
This commit is contained in:
Ivan Grokhotkov
2016-02-26 16:21:09 +03:00
parent 28869ea94b
commit 9eaeca3a03
3 changed files with 28 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/tls1.h
View File

@ -190,8 +190,6 @@ struct _SSL
#ifdef CONFIG_SSL_CERT_VERIFICATION
X509_CTX *x509_ctx;
#endif
uint8_t* fingerprint;
uint8_t session_id[SSL_SESSION_ID_SIZE];
uint8_t client_mac[SHA1_SIZE]; /* for HMAC verification */
uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */