lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-07 06:42:56 +03:00
Code Activity

- Added Secure Renegotiation (RFC 5746)

Browse Source
This commit is contained in:
Paul Bakker
2012-09-16 19:57:18 +00:00
parent b5b20f19e7
commit 48916f9b67
10 changed files with 1405 additions and 667 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
programs/ssl/ssl_client2.c
View File

@@ -50,6 +50,8 @@
#define DFL_CRT_FILE ""
#define DFL_KEY_FILE ""
#define DFL_FORCE_CIPHER 0
#define DFL_RENEGOTIATION SSL_RENEGOTIATION_ENABLED
#define DFL_ALLOW_LEGACY SSL_NO_LEGACY_RENEGOTIATION
#define GET_REQUEST "GET %s HTTP/1.0\r\n\r\n"
@@ -67,6 +69,8 @@ struct options
char *crt_file; /* the file with the client certificate */
char *key_file; /* the file with the client key */
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
int renegotiation; /* enable / disable renegotiation */
int allow_legacy; /* allow legacy renegotiation */
} opt;
void my_debug( void *ctx, int level, const char *str )
@@ -97,6 +101,8 @@ void my_debug( void *ctx, int level, const char *str )
" debug_level=%%d default: 0 (disabled)\n" \
USAGE_IO \
" request_page=%%s default: \".\"\n" \
" renegotiation=%%d default: 1 (enabled)\n" \
" allow_legacy=%%d default: 0 (disabled)\n" \
" force_ciphersuite=<name> default: all enabled\n"\
" acceptable ciphersuite names:\n"
@@ -171,6 +177,8 @@ int main( int argc, char *argv[] )
opt.crt_file = DFL_CRT_FILE;
opt.key_file = DFL_KEY_FILE;
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
opt.renegotiation = DFL_RENEGOTIATION;
opt.allow_legacy = DFL_ALLOW_LEGACY;
for( i = 1; i < argc; i++ )
{
@@ -224,6 +232,17 @@ int main( int argc, char *argv[] )
}
opt.force_ciphersuite[1] = 0;
}
else if( strcmp( p, "renegotiation" ) == 0 )
{
opt.renegotiation = (atoi( q )) ? SSL_RENEGOTIATION_ENABLED :
SSL_RENEGOTIATION_DISABLED;
}
else if( strcmp( p, "allow_legacy" ) == 0 )
{
opt.allow_legacy = atoi( q );
if( opt.allow_legacy < 0 || opt.allow_legacy > 1 )
goto usage;
}
else
goto usage;
}
@@ -367,6 +386,9 @@ int main( int argc, char *argv[] )
else
ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
ssl_set_renegotiation( &ssl, opt.renegotiation );
ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
ssl_set_session( &ssl, 1, 600, &ssn );
ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
@@ -419,7 +441,8 @@ int main( int argc, char *argv[] )
printf( " ok\n" );
printf( " . Peer certificate information ...\n" );
x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", ssl.peer_cert );
x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ",
ssl.session->peer_cert );
printf( "%s\n", buf );
/*
@@ -495,6 +518,7 @@ exit:
x509_free( &clicert );
x509_free( &cacert );
rsa_free( &rsa );
ssl_session_free( &ssn );
ssl_free( &ssl );
memset( &ssl, 0, sizeof( ssl ) );

2
programs/ssl/ssl_fork_server.c
View File

@@ -379,7 +379,9 @@ int main( int argc, char *argv[] )
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
#if defined(POLARSSL_DHM_C)
ssl_set_dh_param( &ssl, my_dhm_P, my_dhm_G );
#endif
/*
* 5. Handshake

4
programs/ssl/ssl_mail_client.c
View File

@@ -171,7 +171,8 @@ int do_handshake( ssl_context *ssl, struct options *opt )
printf( " ok\n" );
printf( " . Peer certificate information ...\n" );
x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", ssl->peer_cert );
x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ",
ssl->session->peer_cert );
printf( "%s\n", buf );
return( 0 );
@@ -803,6 +804,7 @@ exit:
x509_free( &clicert );
x509_free( &cacert );
rsa_free( &rsa );
ssl_session_free( &ssn );
ssl_free( &ssl );
memset( &ssl, 0, sizeof( ssl ) );

20
programs/ssl/ssl_server.c
View File

@@ -370,7 +370,9 @@ int main( int argc, char *argv[] )
ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &rsa );
#if defined(POLARSSL_DHM_C)
ssl_set_dh_param( &ssl, my_dhm_P, my_dhm_G );
#endif
printf( " ok\n" );
@@ -484,8 +486,11 @@ reset:
len = ret;
printf( " %d bytes read\n\n%s", len, (char *) buf );
if( ret > 0 )
break;
}
while( 0 );
while( 1 );
/*
* 7. Write the 200 Response
@@ -531,19 +536,10 @@ exit:
net_close( client_fd );
x509_free( &srvcert );
rsa_free( &rsa );
ssl_session_free( &ssn );
ssl_session_free( s_list_1st );
ssl_free( &ssl );
cur = s_list_1st;
while( cur != NULL )
{
prv = cur;
cur = cur->next;
memset( prv, 0, sizeof( ssl_session ) );
free( prv );
}
memset( &ssl, 0, sizeof( ssl_context ) );
#if defined(_WIN32)
printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();

6
programs/x509/cert_app.c
View File

@@ -312,7 +312,8 @@ int main( int argc, char *argv[] )
* 5. Print the certificate
*/
printf( " . Peer certificate information ...\n" );
ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ", ssl.peer_cert );
ret = x509parse_cert_info( (char *) buf, sizeof( buf ) - 1, " ",
ssl.session->peer_cert );
if( ret == -1 )
{
printf( " failed\n ! x509parse_cert_info returned %d\n\n", ret );
@@ -332,10 +333,9 @@ exit:
net_close( server_fd );
x509_free( &clicert );
rsa_free( &rsa );
ssl_session_free( &ssn );
ssl_free( &ssl );
memset( &ssl, 0, sizeof( ssl ) );
#if defined(_WIN32)
printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();