New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Server handshakes with mismatched public/private key pair #507

Closed
attilamolnar opened this Issue Jun 14, 2016 · 2 comments

Comments

Projects
None yet
4 participants
@attilamolnar
Copy link
Contributor

attilamolnar commented Jun 14, 2016

mbedTLS does not verify that the public/private key pair matches when doing a handshake, resulting in client side public key signature verification errors if they don't match. This was tested on 2.2.1.

If this is the desired behavior then the documentation of mbedtls_ssl_conf_own_cert() should be updated to mention this fact and also point to mbedtls_pk_check_pair().

@ciarmcom

This comment has been minimized.

Copy link
Member

ciarmcom commented Jun 20, 2016

ARM Internal Ref: IOTSSL-821

@ciarmcom ciarmcom added the mirrored label Jun 20, 2016

@sbutcher-arm sbutcher-arm added the bug label Jun 22, 2016

sbutcher-arm added a commit that referenced this issue Sep 13, 2018

Merge pull request #507 from sbutcher-arm/mbedtls-version-2.1.15
Update library version number to 2.1.15
@mpg

This comment has been minimized.

Copy link
Contributor

mpg commented Oct 25, 2018

@attilamolnar Thanks for your report, and sorry for taking so long to reply!

We think the behaviour is as intended, since the check can be computationally expensive, which turned out to be a problem for some users depending on their workflow. So we're going to apply your suggestion and update the documentation to clarify that and reference mbedtls_pk_check_pair().

mpg added a commit to mpg/mbedtls that referenced this issue Oct 25, 2018

mpg added a commit to mpg/mbedtls that referenced this issue Oct 29, 2018

mpg added a commit to mpg/mbedtls that referenced this issue Oct 29, 2018

mpg added a commit to mpg/mbedtls that referenced this issue Oct 29, 2018

mpg added a commit to mpg/mbedtls that referenced this issue Oct 29, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment