lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Merge remote-tracking branch 'origin/pr/2539' into development

Browse Source 
Resolve conflicts by performing the following:
  - Ensure calls to mbedtls_x509_crt_verify_* are made with callbacks

* origin/pr/2539:
  Make CRT callback tests more robust
  Rename constant in client2.c
  Fix typo
  Add test for configuration specific CRT callback
  Fix doxygen documentation of mbedtls_ssl_set_verify()
  Add test exercising context-specific CRT callback to ssl-opt.sh
  Add cmd to use context-specific CRT callback in ssl_client2
  Implement context-specific verification callbacks
  Add context-specific CRT verification callbacks
  Improve documentation of mbedtls_ssl_conf_verify()
This commit is contained in:
Jaeden Amero
2019-04-16 15:03:12 +01:00
parent ff34d43720 4031b314ed
commit fe7106755e
4 changed files with 117 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
programs/ssl/ssl_client2.c
View File

@ -82,6 +82,7 @@ int main( void )
#define DFL_REQUEST_PAGE "/"
#define DFL_REQUEST_SIZE -1
#define DFL_DEBUG_LEVEL 0
#define DFL_CONTEXT_CRT_CB 0
#define DFL_NBIO 0
#define DFL_EVENT 0
#define DFL_READ_TIMEOUT 0
@ -130,6 +131,16 @@ int main( void )
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
#define GET_REQUEST_END "\r\n\r\n"
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#define USAGE_CONTEXT_CRT_CB \
" context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \
" to the SSL configuration of the SSL context.\n" \
" Possible values:\n"\
" - 0 (default): Use CRT callback bound to configuration\n" \
" - 1: Use CRT callback bound to SSL context\n"
#else
#define USAGE_CONTEXT_CRT_CB ""
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_FS_IO)
#define USAGE_IO \
@ -339,6 +350,7 @@ int main( void )
USAGE_TICKETS \
USAGE_MAX_FRAG_LEN \
USAGE_TRUNC_HMAC \
USAGE_CONTEXT_CRT_CB \
USAGE_ALPN \
USAGE_FALLBACK \
USAGE_EMS \
@ -435,6 +447,7 @@ struct options
int dgram_packing; /* allow/forbid datagram packing */
int extended_ms; /* negotiate extended master secret? */
int etm; /* negotiate encrypt then mac? */
int context_crt_cb; /* use context-specific CRT verify callback */
} opt;
int query_config( const char *config );
@ -757,6 +770,7 @@ int main( int argc, char *argv[] )
opt.debug_level = DFL_DEBUG_LEVEL;
opt.nbio = DFL_NBIO;
opt.event = DFL_EVENT;
opt.context_crt_cb = DFL_CONTEXT_CRT_CB;
opt.read_timeout = DFL_READ_TIMEOUT;
opt.max_resend = DFL_MAX_RESEND;
opt.request_page = DFL_REQUEST_PAGE;
@ -834,6 +848,12 @@ int main( int argc, char *argv[] )
if( opt.debug_level < 0 || opt.debug_level > 65535 )
goto usage;
}
else if( strcmp( p, "context_crt_cb" ) == 0 )
{
opt.context_crt_cb = atoi( q );
if( opt.context_crt_cb != 0 && opt.context_crt_cb != 1 )
goto usage;
}
else if( strcmp( p, "nbio" ) == 0 )
{
opt.nbio = atoi( q );
@ -1590,7 +1610,9 @@ int main( int argc, char *argv[] )
mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
}
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
if( opt.context_crt_cb == 0 )
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@ -1799,6 +1821,11 @@ int main( int argc, char *argv[] )
}
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if( opt.context_crt_cb == 1 )
mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
if( opt.nbio == 2 )
mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL );
else