arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-07-30 16:24:09 +03:00
Code Activity

Postpone freeing of X509 context to the first data exchange after handshake

Browse Source 
X509 context contains certificate fingerprint and various names which may be used to verify the certificate.
Previously we would free it right after the handshake completion, which prevented the client from actually using any information from X509 context.
Postponing this to the first ssl_read/ssl_write call after the handshake, we give the client a chance to verify the certificate.

Also added logging to ssl_match_fingerprint function in case fingerprint doesn't match expected value.
This commit is contained in:
Ivan Grokhotkov
2016-02-26 16:21:09 +03:00
parent 28869ea94b
commit 9eaeca3a03
3 changed files with 28 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/tls1_clnt.c
View File

@ -119,10 +119,7 @@ int do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len)
case HS_FINISHED:
ret = process_finished(ssl, buf, hs_len);
ssl->fingerprint = ssl->x509_ctx->fingerprint;
ssl->x509_ctx->fingerprint = 0;
disposable_free(ssl); /* free up some memory */
increase_bm_data_size(ssl);
disposable_free(ssl);
/* note: client renegotiation is not allowed after this */
break;