lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-12-14 02:22:15 +03:00
Code Activity

Merge pull request #1313 from gilles-peskine-arm/ssl-hostname-unset-magic-pointer-2.28

Browse Source 
Backport 2.28: require setting the hostname for verification
This commit is contained in:
David Horstmann
2025-03-05 17:59:19 +00:00
committed by GitHub
parent 0834c59d06 2cc9dcbbcc
commit c43a9d5576
16 changed files with 588 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
ChangeLog.d/mbedtls_ssl_set_hostname.txt Normal file
View File

@@ -0,0 +1,21 @@
Default behavior changes
* In TLS clients, if mbedtls_ssl_set_hostname() has not been called,
mbedtls_ssl_handshake() now fails with
MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
if certificate-based authentication of the server is attempted.
This is because authenticating a server without knowing what name
to expect is usually insecure. To restore the old behavior, either
call mbedtls_ssl_set_hostname() with NULL as the hostname, or
enable the new compile-time option
MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
The content of ssl->hostname after mbedtls_ssl_set_hostname(ssl, NULL)
has changed, see the documentation of the hostname field in the
mbedtls_ssl_context struct type for details.
Security
* Note that TLS clients should generally call mbedtls_ssl_set_hostname()
if they use certificate authentication (i.e. not pre-shared keys).
Otherwise, in many scenarios, the server could be impersonated.
The library will now prevent the handshake and return
MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
if mbedtls_ssl_set_hostname() has not been called.

40
include/mbedtls/config.h
View File

@@ -1713,6 +1713,46 @@
*/ */
//#define MBEDTLS_SSL_ASYNC_PRIVATE //#define MBEDTLS_SSL_ASYNC_PRIVATE
/** \def MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
*
* In TLS clients, when a client authenticates a server through its
* certificate, the client normally checks three things:
* - the certificate chain must be valid;
* - the chain must start from a trusted CA;
* - the certificate must cover the server name that is expected by the client.
*
* Omitting any of these checks is generally insecure, and can allow a
* malicious server to impersonate a legitimate server.
*
* The third check may be safely skipped in some unusual scenarios,
* such as networks where eavesdropping is a risk but not active attacks,
* or a private PKI where the client equally trusts all servers that are
* accredited by the root CA.
*
* You should call mbedtls_ssl_set_hostname() with the expected server name
* before starting a TLS handshake on a client (unless the client is
* set up to only use PSK-based authentication, which does not rely on the
* host name). This configuration option controls what happens if a TLS client
* is configured with the authentication mode #MBEDTLS_SSL_VERIFY_REQUIRED
* (default), certificate authentication is enabled and the client does not
* call mbedtls_ssl_set_hostname():
*
* - If this option is unset (default), the connection attempt is aborted
* with the error #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
* - If this option is set, the TLS library does not check the server name
* that the certificate is valid for. This is the historical behavior
* of Mbed TLS, but may be insecure as explained above.
*
* Enable this option for strict backward compatibility if you have
* determined that it is secure in the scenario where you are using
* Mbed TLS.
*
* \deprecated This option exists only for backward compatibility and will
* be removed in the next major version of Mbed TLS.
*
*/
//#define MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
/** /**
* \def MBEDTLS_SSL_CONTEXT_SERIALIZATION * \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
* *

2
include/mbedtls/error.h
View File

@@ -92,7 +92,7 @@
* ECP 4 10 (Started from top) * ECP 4 10 (Started from top)
* MD 5 5 * MD 5 5
* HKDF 5 1 (Started from top) * HKDF 5 1 (Started from top)
* SSL 5 2 (Started from 0x5F00) * SSL 5 3 (Started from 0x5F00)
* CIPHER 6 8 (Started from 0x6080) * CIPHER 6 8 (Started from 0x6080)
* SSL 6 24 (Started from top, plus 0x6000) * SSL 6 24 (Started from top, plus 0x6000)
* SSL 7 32 * SSL 7 32

102
include/mbedtls/ssl.h
View File

@@ -183,6 +183,41 @@
#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 #define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
/** Cache entry not found */ /** Cache entry not found */
#define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND -0x5E00 #define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND -0x5E00
/** Attempt to verify a certificate without an expected hostname.
* This is usually insecure.
*
* In TLS clients, when a client authenticates a server through its
* certificate, the client normally checks three things:
* - the certificate chain must be valid;
* - the chain must start from a trusted CA;
* - the certificate must cover the server name that is expected by the client.
*
* Omitting any of these checks is generally insecure, and can allow a
* malicious server to impersonate a legitimate server.
*
* The third check may be safely skipped in some unusual scenarios,
* such as networks where eavesdropping is a risk but not active attacks,
* or a private PKI where the client equally trusts all servers that are
* accredited by the root CA.
*
* You should call mbedtls_ssl_set_hostname() with the expected server name
* before starting a TLS handshake on a client (unless the client is
* set up to only use PSK-based authentication, which does not rely on the
* host name). If you have determined that server name verification is not
* required for security in your scenario, call mbedtls_ssl_set_hostname()
* with \p NULL as the server name.
*
* This error is raised if all of the following conditions are met:
*
* - A TLS client is configured with the authentication mode
* #MBEDTLS_SSL_VERIFY_REQUIRED (default).
* - Certificate authentication is enabled.
* - The client does not call mbedtls_ssl_set_hostname().
* - The configuration option
* #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
* is not enabled.
*/
#define MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME -0x5D80
/* /*
* Various constants * Various constants
@@ -1403,8 +1438,36 @@ struct mbedtls_ssl_context {
* User settings * User settings
*/ */
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
char *hostname; /*!< expected peer CN for verification /** Expected peer CN for verification.
(and SNI if available) */ *
* Also used on clients for SNI.
*
* The value of this field can be:
* - \p NULL in a newly initialized or reset context.
* - A heap-allocated copy of the last value passed to
* mbedtls_ssl_set_hostname(), if the last call had a non-null
* \p hostname argument.
* - A special value to indicate that mbedtls_ssl_set_hostname()
* was called with \p NULL (as opposed to never having been called).
*
* If you need to obtain the value passed to
* mbedtls_ssl_set_hostname() even if it may have been called with
* \p NULL, call mbedtls_ssl_get_hostname_pointer().
*
* If this field contains the value \p NULL and the configuration option
* #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
* is unset, on a TLS client, attempting to verify a server certificate
* results in the error
* #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
*
* If this field contains the special value described above, or if
* the value is \p NULL and the configuration option
* #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
* is set, then the peer name verification is skipped, which may be
* insecure, especially on a client. Furthermore, on a client, the
* server_name extension is not sent.
*/
char *hostname;
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
@@ -1535,6 +1598,14 @@ void mbedtls_ssl_init(mbedtls_ssl_context *ssl);
* Calling mbedtls_ssl_setup again is not supported, even * Calling mbedtls_ssl_setup again is not supported, even
* if no session is active. * if no session is active.
* *
* \warning After setting up a client context, if certificate-based
* authentication is enabled, you should call
* mbedtls_ssl_set_hostname() to specifiy the expected
* name of the server. Without this, in most scenarios,
* the TLS connection is insecure. See
* #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
* for more information.
*
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling * subsystem must have been initialized by calling
* psa_crypto_init() before calling this function. * psa_crypto_init() before calling this function.
@@ -3107,16 +3178,29 @@ void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf,
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
/** /**
* \brief Set or reset the hostname to check against the received * \brief Set or reset the hostname to check against the received
* server certificate. It sets the ServerName TLS extension, * peer certificate. On a client, this also sets the
* too, if that extension is enabled. (client-side only) * ServerName TLS extension, if that extension is enabled.
* On a TLS 1.3 client, this also sets the server name in
* the session resumption ticket, if that feature is enabled.
* *
* \param ssl SSL context * \param ssl SSL context
* \param hostname the server hostname, may be NULL to clear hostname * \param hostname The server hostname. This may be \c NULL to clear
* the hostname.
* \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
* *
* \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on * \note Maximum hostname length #MBEDTLS_SSL_MAX_HOST_NAME_LEN.
* allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on *
* \note If the hostname is \c NULL on a client, then the server
* is not authenticated: it only needs to have a valid
* certificate, not a certificate matching its name.
* Therefore you should always call this function on a client,
* unless the connection is set up to only allow
* pre-shared keys, or in scenarios where server
* impersonation is not a concern. See the documentation of
* #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
* for more details.
*
* \return 0 if successful, #MBEDTLS_ERR_SSL_ALLOC_FAILED on
* allocation failure, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
* too long input hostname. * too long input hostname.
* *
* Hostname set to the one provided on success (cleared * Hostname set to the one provided on success (cleared

10
include/mbedtls/ssl_internal.h
View File

@@ -1214,6 +1214,16 @@ static inline size_t mbedtls_ssl_hs_hdr_len(const mbedtls_ssl_context *ssl)
return 4; return 4;
} }
/** Get the host name from the SSL context.
*
* \param[in] ssl SSL context
*
* \return The \p hostname pointer from the SSL context.
* \c NULL if mbedtls_ssl_set_hostname() has never been called on
* \p ssl or if it was last called with \p NULL.
*/
const char *mbedtls_ssl_get_hostname_pointer(const mbedtls_ssl_context *ssl);
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl); void mbedtls_ssl_send_flight_completed(mbedtls_ssl_context *ssl);
void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl); void mbedtls_ssl_recv_flight_completed(mbedtls_ssl_context *ssl);

2
library/error.c
View File

@@ -508,6 +508,8 @@ const char *mbedtls_high_level_strerr(int error_code)
return( "SSL - Invalid value in SSL config" ); return( "SSL - Invalid value in SSL config" );
case -(MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND): case -(MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND):
return( "SSL - Cache entry not found" ); return( "SSL - Cache entry not found" );
case -(MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME):
return( "SSL - Attempt to verify a certificate without an expected hostname. This is usually insecure. In TLS clients, when a client authenticates a server through its certificate, the client normally checks three things: - the certificate chain must be valid; - the chain must start from a trusted CA; - the certificate must cover the server name that is expected by the client. Omitting any of these checks is generally insecure, and can allow a malicious server to impersonate a legitimate server. The third check may be safely skipped in some unusual scenarios, such as networks where eavesdropping is a risk but not active attacks, or a private PKI where the client equally trusts all servers that are accredited by the root CA. You should call mbedtls_ssl_set_hostname() with the expected server name before starting a TLS handshake on a client (unless the client is set up to only use PSK-based authentication, which does not rely on the host name). If you have determined that server name verification is not required for security in your scenario, call mbedtls_ssl_set_hostname() with \\p NULL as the server name. This error is raised if all of the following conditions are met: - A TLS client is configured with the authentication mode #MBEDTLS_SSL_VERIFY_REQUIRED (default). - Certificate authentication is enabled. - The client does not call mbedtls_ssl_set_hostname(). - The configuration option #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME is not enabled" );
#endif /* MBEDTLS_SSL_TLS_C */ #endif /* MBEDTLS_SSL_TLS_C */
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)

9
library/ssl_cli.c
View File

@@ -83,19 +83,20 @@ static int ssl_write_hostname_ext(mbedtls_ssl_context *ssl,
size_t *olen) size_t *olen)
{ {
unsigned char *p = buf; unsigned char *p = buf;
const char *hostname = mbedtls_ssl_get_hostname_pointer(ssl);
size_t hostname_len; size_t hostname_len;
*olen = 0; *olen = 0;
if (ssl->hostname == NULL) { if (hostname == NULL) {
return 0; return 0;
} }
MBEDTLS_SSL_DEBUG_MSG(3, MBEDTLS_SSL_DEBUG_MSG(3,
("client hello, adding server name extension: %s", ("client hello, adding server name extension: %s",
ssl->hostname)); hostname));
hostname_len = strlen(ssl->hostname); hostname_len = strlen(hostname);
MBEDTLS_SSL_CHK_BUF_PTR(p, end, hostname_len + 9); MBEDTLS_SSL_CHK_BUF_PTR(p, end, hostname_len + 9);
@@ -139,7 +140,7 @@ static int ssl_write_hostname_ext(mbedtls_ssl_context *ssl,
MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0); MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0);
p += 2; p += 2;
memcpy(p, ssl->hostname, hostname_len); memcpy(p, hostname, hostname_len);
*olen = hostname_len + 9; *olen = hostname_len + 9;

167
library/ssl_tls.c
View File

@@ -38,6 +38,92 @@
#include "mbedtls/oid.h" #include "mbedtls/oid.h"
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/* A magic value for `ssl->hostname` indicating that
* mbedtls_ssl_set_hostname() has been called with `NULL`.
* If mbedtls_ssl_set_hostname() has never been called on `ssl`, then
* `ssl->hostname == NULL`. */
static const char *const ssl_hostname_skip_cn_verification = "";
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/** Whether mbedtls_ssl_set_hostname() has been called.
*
* \param[in] ssl SSL context
*
* \return \c 1 if mbedtls_ssl_set_hostname() has been called on \p ssl
* (including `mbedtls_ssl_set_hostname(ssl, NULL)`),
* otherwise \c 0.
*/
static int mbedtls_ssl_has_set_hostname_been_called(
const mbedtls_ssl_context *ssl)
{
return ssl->hostname != NULL;
}
#endif
const char *mbedtls_ssl_get_hostname_pointer(const mbedtls_ssl_context *ssl)
{
if (ssl->hostname == ssl_hostname_skip_cn_verification) {
return NULL;
}
return ssl->hostname;
}
static void mbedtls_ssl_free_hostname(mbedtls_ssl_context *ssl)
{
if (ssl->hostname != NULL &&
ssl->hostname != ssl_hostname_skip_cn_verification) {
mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname));
mbedtls_free(ssl->hostname);
}
ssl->hostname = NULL;
}
int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname)
{
/* Initialize to suppress unnecessary compiler warning */
size_t hostname_len = 0;
/* Check if new hostname is valid before
* making any change to current one */
if (hostname != NULL) {
hostname_len = strlen(hostname);
if (hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
}
/* Now it's clear that we will overwrite the old hostname,
* so we can free it safely */
mbedtls_ssl_free_hostname(ssl);
if (hostname == NULL) {
/* Passing NULL as hostname clears the old one, but leaves a
* special marker to indicate that mbedtls_ssl_set_hostname()
* has been called. */
/* ssl->hostname should be const, but isn't. We won't actually
* write to the buffer, so it's ok to cast away the const. */
ssl->hostname = (char *) ssl_hostname_skip_cn_verification;
} else {
ssl->hostname = mbedtls_calloc(1, hostname_len + 1);
if (ssl->hostname == NULL) {
/* mbedtls_ssl_set_hostname() has been called, but unsuccessfully.
* Leave ssl->hostname in the same state as if the function had
* not been called, i.e. a null pointer. */
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
memcpy(ssl->hostname, hostname, hostname_len);
ssl->hostname[hostname_len] = '\0';
}
return 0;
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -2521,13 +2607,33 @@ static int ssl_parse_certificate_coordinate(mbedtls_ssl_context *ssl,
return SSL_CERTIFICATE_EXPECTED; return SSL_CERTIFICATE_EXPECTED;
} }
static int get_hostname_for_verification(mbedtls_ssl_context *ssl,
const char **hostname)
{
if (!mbedtls_ssl_has_set_hostname_been_called(ssl)) {
MBEDTLS_SSL_DEBUG_MSG(1, ("Certificate verification without having set hostname"));
#if !defined(MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME)
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT &&
ssl->conf->authmode == MBEDTLS_SSL_VERIFY_REQUIRED) {
return MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME;
}
#endif
}
*hostname = mbedtls_ssl_get_hostname_pointer(ssl);
if (*hostname == NULL) {
MBEDTLS_SSL_DEBUG_MSG(2, ("Certificate verification without CN verification"));
}
return 0;
}
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl, static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
int authmode, int authmode,
mbedtls_x509_crt *chain, mbedtls_x509_crt *chain,
void *rs_ctx) void *rs_ctx)
{ {
int ret = 0;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->handshake->ciphersuite_info; ssl->handshake->ciphersuite_info;
int have_ca_chain = 0; int have_ca_chain = 0;
@@ -2549,6 +2655,13 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
p_vrfy = ssl->conf->p_vrfy; p_vrfy = ssl->conf->p_vrfy;
} }
const char *hostname = "";
int ret = get_hostname_for_verification(ssl, &hostname);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "get_hostname_for_verification", ret);
return ret;
}
/* /*
* Main check: verify certificate * Main check: verify certificate
*/ */
@@ -2563,7 +2676,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
ssl->conf->f_ca_cb, ssl->conf->f_ca_cb,
ssl->conf->p_ca_cb, ssl->conf->p_ca_cb,
ssl->conf->cert_profile, ssl->conf->cert_profile,
ssl->hostname, hostname,
&ssl->session_negotiate->verify_result, &ssl->session_negotiate->verify_result,
f_vrfy, p_vrfy); f_vrfy, p_vrfy);
} else } else
@@ -2591,7 +2704,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
chain, chain,
ca_chain, ca_crl, ca_chain, ca_crl,
ssl->conf->cert_profile, ssl->conf->cert_profile,
ssl->hostname, hostname,
&ssl->session_negotiate->verify_result, &ssl->session_negotiate->verify_result,
f_vrfy, p_vrfy, rs_ctx); f_vrfy, p_vrfy, rs_ctx);
} }
@@ -4617,49 +4730,6 @@ void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
} }
#endif /* MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname)
{
/* Initialize to suppress unnecessary compiler warning */
size_t hostname_len = 0;
/* Check if new hostname is valid before
* making any change to current one */
if (hostname != NULL) {
hostname_len = strlen(hostname);
if (hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
}
/* Now it's clear that we will overwrite the old hostname,
* so we can free it safely */
if (ssl->hostname != NULL) {
mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname));
mbedtls_free(ssl->hostname);
}
/* Passing NULL as hostname shall clear the old one */
if (hostname == NULL) {
ssl->hostname = NULL;
} else {
ssl->hostname = mbedtls_calloc(1, hostname_len + 1);
if (ssl->hostname == NULL) {
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
memcpy(ssl->hostname, hostname, hostname_len);
ssl->hostname[hostname_len] = '\0';
}
return 0;
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf, void mbedtls_ssl_conf_sni(mbedtls_ssl_config *conf,
int (*f_sni)(void *, mbedtls_ssl_context *, int (*f_sni)(void *, mbedtls_ssl_context *,
@@ -6816,10 +6886,7 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl)
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
if (ssl->hostname != NULL) { mbedtls_ssl_free_hostname(ssl);
mbedtls_platform_zeroize(ssl->hostname, strlen(ssl->hostname));
mbedtls_free(ssl->hostname);
}
#endif #endif
#if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)

3
library/version_features.c
View File

@@ -486,6 +486,9 @@ static const char * const features[] = {
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
"MBEDTLS_SSL_ASYNC_PRIVATE", "MBEDTLS_SSL_ASYNC_PRIVATE",
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME)
"MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME",
#endif /* MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME */
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
"MBEDTLS_SSL_CONTEXT_SERIALIZATION", "MBEDTLS_SSL_CONTEXT_SERIALIZATION",
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */

31
programs/ssl/ssl_client2.c
View File

@@ -64,6 +64,7 @@ int main(void)
#define DFL_ARC4 -1 #define DFL_ARC4 -1
#define DFL_SHA1 -1 #define DFL_SHA1 -1
#define DFL_AUTH_MODE -1 #define DFL_AUTH_MODE -1
#define DFL_SET_HOSTNAME 1
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE #define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
#define DFL_TRUNC_HMAC -1 #define DFL_TRUNC_HMAC -1
#define DFL_RECSPLIT -1 #define DFL_RECSPLIT -1
@@ -380,6 +381,9 @@ int main(void)
#define USAGE2 \ #define USAGE2 \
" auth_mode=%%s default: (library default: none)\n" \ " auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \ " options: none, optional, required\n" \
" set_hostname=%%s call mbedtls_ssl_set_hostname()?" \
" options: no, server_name, NULL\n" \
" default: server_name (but ignored if certs disabled)\n" \
USAGE_IO \ USAGE_IO \
USAGE_KEY_OPAQUE \ USAGE_KEY_OPAQUE \
USAGE_CA_CALLBACK \ USAGE_CA_CALLBACK \
@@ -473,6 +477,8 @@ struct options {
int arc4; /* flag for arc4 suites support */ int arc4; /* flag for arc4 suites support */
int allow_sha1; /* flag for SHA-1 support */ int allow_sha1; /* flag for SHA-1 support */
int auth_mode; /* verify mode for connection */ int auth_mode; /* verify mode for connection */
int set_hostname; /* call mbedtls_ssl_set_hostname()? */
/* 0=no, 1=yes, -1=NULL */
unsigned char mfl_code; /* code for maximum fragment length */ unsigned char mfl_code; /* code for maximum fragment length */
int trunc_hmac; /* negotiate truncated hmac or not */ int trunc_hmac; /* negotiate truncated hmac or not */
int recsplit; /* enable record splitting? */ int recsplit; /* enable record splitting? */
@@ -796,6 +802,7 @@ int main(int argc, char *argv[])
opt.arc4 = DFL_ARC4; opt.arc4 = DFL_ARC4;
opt.allow_sha1 = DFL_SHA1; opt.allow_sha1 = DFL_SHA1;
opt.auth_mode = DFL_AUTH_MODE; opt.auth_mode = DFL_AUTH_MODE;
opt.set_hostname = DFL_SET_HOSTNAME;
opt.mfl_code = DFL_MFL_CODE; opt.mfl_code = DFL_MFL_CODE;
opt.trunc_hmac = DFL_TRUNC_HMAC; opt.trunc_hmac = DFL_TRUNC_HMAC;
opt.recsplit = DFL_RECSPLIT; opt.recsplit = DFL_RECSPLIT;
@@ -1148,6 +1155,16 @@ usage:
} else { } else {
goto usage; goto usage;
} }
} else if (strcmp(p, "set_hostname") == 0) {
if (strcmp(q, "no") == 0) {
opt.set_hostname = 0;
} else if (strcmp(q, "server_name") == 0) {
opt.set_hostname = 1;
} else if (strcmp(q, "NULL") == 0) {
opt.set_hostname = -1;
} else {
goto usage;
}
} else if (strcmp(p, "max_frag_len") == 0) { } else if (strcmp(p, "max_frag_len") == 0) {
if (strcmp(q, "512") == 0) { if (strcmp(q, "512") == 0) {
opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512; opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
@@ -1893,11 +1910,25 @@ usage:
} }
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
switch (opt.set_hostname) {
case -1:
if ((ret = mbedtls_ssl_set_hostname(&ssl, NULL)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
ret);
goto exit;
}
break;
case 0:
/* Skip the call */
break;
default:
if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) { if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
ret); ret);
goto exit; goto exit;
} }
break;
}
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)

12
programs/test/query_config.c
View File

@@ -1376,6 +1376,14 @@ int query_config(const char *config)
} }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME)
if( strcmp( "MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME );
return( 0 );
}
#endif /* MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME */
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
if( strcmp( "MBEDTLS_SSL_CONTEXT_SERIALIZATION", config ) == 0 ) if( strcmp( "MBEDTLS_SSL_CONTEXT_SERIALIZATION", config ) == 0 )
{ {
@@ -3506,6 +3514,10 @@ void list_config(void)
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_ASYNC_PRIVATE); OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_ASYNC_PRIVATE);
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME)
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME);
#endif /* MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME */
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_CONTEXT_SERIALIZATION); OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_CONTEXT_SERIALIZATION);
#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */

1
scripts/config.py
View File

@@ -326,6 +326,7 @@ def crypto_adapter(adapter):
DEPRECATED = frozenset([ DEPRECATED = frozenset([
'MBEDTLS_SSL_PROTO_SSL3', 'MBEDTLS_SSL_PROTO_SSL3',
'MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME',
'MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO', 'MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO',
]) ])

3
tests/scripts/all.sh
View File

@@ -1780,6 +1780,9 @@ component_test_full_no_deprecated () {
msg "test: make, full_no_deprecated config" # ~ 5s msg "test: make, full_no_deprecated config" # ~ 5s
make test make test
msg "test: ssl-opt.sh authentication, full_no_deprecated config" # ~ 10s
tests/ssl-opt.sh -f 'Default\|Authentication'
} }
component_test_full_no_deprecated_deprecated_warning () { component_test_full_no_deprecated_deprecated_warning () {

4
tests/src/test_helpers/ssl_helpers.c
View File

@@ -721,6 +721,10 @@ int mbedtls_test_ssl_endpoint_init(
ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf)); ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf));
TEST_ASSERT(ret == 0); TEST_ASSERT(ret == 0);
if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) {
ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost");
}
#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) { if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) {
mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL); mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL);

250
tests/ssl-opt.sh
View File

@@ -372,6 +372,11 @@ detect_required_features() {
requires_config_enabled MBEDTLS_SSL_FALLBACK_SCSV;; requires_config_enabled MBEDTLS_SSL_FALLBACK_SCSV;;
esac esac
case " $1 " in
*\ ca_callback=1\ *)
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK;;
esac
unset tmp unset tmp
} }
@@ -1646,7 +1651,6 @@ run_test "Default (compression enabled)" \
-S "error" \ -S "error" \
-C "error" -C "error"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "CA callback on client" \ run_test "CA callback on client" \
"$P_SRV debug_level=3" \ "$P_SRV debug_level=3" \
"$P_CLI ca_callback=1 debug_level=3 " \ "$P_CLI ca_callback=1 debug_level=3 " \
@@ -1655,7 +1659,6 @@ run_test "CA callback on client" \
-S "error" \ -S "error" \
-C "error" -C "error"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_ECDSA_C
requires_config_enabled MBEDTLS_SHA256_C requires_config_enabled MBEDTLS_SHA256_C
@@ -4647,6 +4650,234 @@ run_test "Authentication: server goodcert, client required, no trusted CA" \
-c "! mbedtls_ssl_handshake returned" \ -c "! mbedtls_ssl_handshake returned" \
-c "SSL - No CA Chain is set, but required to operate" -c "SSL - No CA Chain is set, but required to operate"
# The next few tests check what happens if the server has a valid certificate
# that does not match its name (impersonation).
run_test "Authentication: hostname match, client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=localhost debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname match, client required, CA callback" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=localhost debug_level=3 ca_callback=1" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-c "use CA callback for X.509 CRT verification" \
-C "x509_verify_cert() returned -" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch (wrong), client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=wrong-name debug_level=1" \
1 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch (empty), client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name= debug_level=1" \
1 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch (truncated), client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=localhos debug_level=1" \
1 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch (last char), client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=localhoss debug_level=1" \
1 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch (trailing), client required" \
"$P_SRV" \
"$P_CLI auth_mode=required server_name=localhostt debug_level=1" \
1 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch, client optional" \
"$P_SRV" \
"$P_CLI auth_mode=optional server_name=wrong-name debug_level=2" \
0 \
-c "does not match with the expected CN" \
-c "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname mismatch, client none" \
"$P_SRV" \
"$P_CLI auth_mode=none server_name=wrong-name debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname null, client required" \
"$P_SRV" \
"$P_CLI auth_mode=required set_hostname=NULL debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname null, client optional" \
"$P_SRV" \
"$P_CLI auth_mode=optional set_hostname=NULL debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname null, client none" \
"$P_SRV" \
"$P_CLI auth_mode=none set_hostname=NULL debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client required, secure config" \
"$P_SRV" \
"$P_CLI auth_mode=required set_hostname=no debug_level=2" \
1 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-c "get_hostname_for_verification() returned -" \
-C "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client required, historical config" \
"$P_SRV" \
"$P_CLI auth_mode=required set_hostname=no debug_level=2" \
0 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "get_hostname_for_verification() returned -" \
-C "x509_verify_cert() returned -" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client required, secure config, CA callback" \
"$P_SRV" \
"$P_CLI auth_mode=required set_hostname=no debug_level=3 ca_callback=1" \
1 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-c "get_hostname_for_verification() returned -" \
-C "use CA callback for X.509 CRT verification" \
-C "x509_verify_cert() returned -" \
-c "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client required, historical config, CA callback" \
"$P_SRV" \
"$P_CLI auth_mode=required set_hostname=no debug_level=3 ca_callback=1" \
0 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "get_hostname_for_verification() returned -" \
-c "use CA callback for X.509 CRT verification" \
-C "x509_verify_cert() returned -" \
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname unset, client optional" \
"$P_SRV" \
"$P_CLI auth_mode=optional set_hostname=no debug_level=2" \
0 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname unset, client none" \
"$P_SRV" \
"$P_CLI auth_mode=none set_hostname=no debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
requires_config_disabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client default, secure config, server picks cert" \
"$P_SRV force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
"$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
1 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-c "get_hostname_for_verification() returned -" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
run_test "Authentication: hostname unset, client default, historical config, server picks cert" \
"$P_SRV force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
"$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
0 \
-C "does not match with the expected CN" \
-c "Certificate verification without having set hostname" \
-c "Certificate verification without CN verification" \
-C "get_hostname_for_verification() returned -" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
run_test "Authentication: hostname unset, client default, server picks PSK" \
"$P_SRV force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
0 \
-C "does not match with the expected CN" \
-C "Certificate verification without having set hostname" \
-C "Certificate verification without CN verification" \
-C "x509_verify_cert() returned -" \
-C "X509 - Certificate verification failed"
# The purpose of the next two tests is to test the client's behaviour when receiving a server # The purpose of the next two tests is to test the client's behaviour when receiving a server
# certificate with an unsupported elliptic curve. This should usually not happen because # certificate with an unsupported elliptic curve. This should usually not happen because
# the client informs the server about the supported curves - it does, though, in the # the client informs the server about the supported curves - it does, though, in the
@@ -4999,7 +5230,6 @@ run_test "Authentication: send CA list in CertificateRequest, client self sig
# Tests for auth_mode, using CA callback, these are duplicated from the authentication tests # Tests for auth_mode, using CA callback, these are duplicated from the authentication tests
# When updating these tests, modify the matching authentication tests accordingly # When updating these tests, modify the matching authentication tests accordingly
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client required" \ run_test "Authentication, CA callback: server badcert, client required" \
"$P_SRV crt_file=data_files/server5-badsign.crt \ "$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \ key_file=data_files/server5.key" \
@@ -5011,7 +5241,6 @@ run_test "Authentication, CA callback: server badcert, client required" \
-c "! mbedtls_ssl_handshake returned" \ -c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed" -c "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client optional" \ run_test "Authentication, CA callback: server badcert, client optional" \
"$P_SRV crt_file=data_files/server5-badsign.crt \ "$P_SRV crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \ key_file=data_files/server5.key" \
@@ -5031,7 +5260,6 @@ run_test "Authentication, CA callback: server badcert, client optional" \
# different means to have the server ignoring the client's supported curve list. # different means to have the server ignoring the client's supported curve list.
requires_config_enabled MBEDTLS_ECP_C requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \ run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \ "$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \ crt_file=data_files/server5.ku-ka.crt" \
@@ -5043,7 +5271,6 @@ run_test "Authentication, CA callback: server ECDH p256v1, client required, p
-C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
requires_config_enabled MBEDTLS_ECP_C requires_config_enabled MBEDTLS_ECP_C
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \ run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=data_files/server5.key \ "$P_SRV debug_level=1 key_file=data_files/server5.key \
crt_file=data_files/server5.ku-ka.crt" \ crt_file=data_files/server5.ku-ka.crt" \
@@ -5054,7 +5281,6 @@ run_test "Authentication, CA callback: server ECDH p256v1, client optional, p
-c "! Certificate verification flags"\ -c "! Certificate verification flags"\
-c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client SHA256, server required" \ run_test "Authentication, CA callback: client SHA256, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server6.crt \ "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
@@ -5065,7 +5291,6 @@ run_test "Authentication, CA callback: client SHA256, server required" \
-c "Supported Signature Algorithm found: 4," \ -c "Supported Signature Algorithm found: 4," \
-c "Supported Signature Algorithm found: 5," -c "Supported Signature Algorithm found: 5,"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client SHA384, server required" \ run_test "Authentication, CA callback: client SHA384, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server6.crt \ "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
@@ -5076,7 +5301,6 @@ run_test "Authentication, CA callback: client SHA384, server required" \
-c "Supported Signature Algorithm found: 4," \ -c "Supported Signature Algorithm found: 4," \
-c "Supported Signature Algorithm found: 5," -c "Supported Signature Algorithm found: 5,"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client badcert, server required" \ run_test "Authentication, CA callback: client badcert, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -5099,7 +5323,6 @@ run_test "Authentication, CA callback: client badcert, server required" \
# detect that its write end of the connection is closed and abort # detect that its write end of the connection is closed and abort
# before reading the alert message. # before reading the alert message.
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client cert not trusted, server required" \ run_test "Authentication, CA callback: client cert not trusted, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
@@ -5118,7 +5341,6 @@ run_test "Authentication, CA callback: client cert not trusted, server requir
-c "! mbedtls_ssl_handshake returned" \ -c "! mbedtls_ssl_handshake returned" \
-s "X509 - Certificate verification failed" -s "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client badcert, server optional" \ run_test "Authentication, CA callback: client badcert, server optional" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -5139,7 +5361,6 @@ run_test "Authentication, CA callback: client badcert, server optional" \
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int chain, client default" \ run_test "Authentication, CA callback: server max_int chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \ key_file=data_files/dir-maxpath/09.key" \
@@ -5150,7 +5371,6 @@ run_test "Authentication, CA callback: server max_int chain, client default"
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client default" \ run_test "Authentication, CA callback: server max_int+1 chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \ key_file=data_files/dir-maxpath/10.key" \
@@ -5161,7 +5381,6 @@ run_test "Authentication, CA callback: server max_int+1 chain, client default
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \ run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \ key_file=data_files/dir-maxpath/10.key" \
@@ -5173,7 +5392,6 @@ run_test "Authentication, CA callback: server max_int+1 chain, client optiona
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server optional" \ run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -5184,7 +5402,6 @@ run_test "Authentication, CA callback: client max_int+1 chain, server optiona
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server required" \ run_test "Authentication, CA callback: client max_int+1 chain, server required" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
@@ -5195,7 +5412,6 @@ run_test "Authentication, CA callback: client max_int+1 chain, server require
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int chain, server required" \ run_test "Authentication, CA callback: client max_int chain, server required" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \

8
tests/suites/test_suite_config.mbedtls_boolean.data
View File

@@ -1264,6 +1264,14 @@ Config: !MBEDTLS_SSL_CBC_RECORD_SPLITTING
depends_on:!MBEDTLS_SSL_CBC_RECORD_SPLITTING:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C depends_on:!MBEDTLS_SSL_CBC_RECORD_SPLITTING:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C
pass: pass:
Config: MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
depends_on:MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C
pass:
Config: !MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
depends_on:!MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C
pass:
Config: MBEDTLS_SSL_CLI_C Config: MBEDTLS_SSL_CLI_C
depends_on:MBEDTLS_SSL_CLI_C depends_on:MBEDTLS_SSL_CLI_C
pass: pass: