Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clean up psk_list in ssl-opt.sh #9135

Open
gilles-peskine-arm opened this issue May 13, 2024 · 0 comments
Open

Clean up psk_list in ssl-opt.sh #9135

gilles-peskine-arm opened this issue May 13, 2024 · 0 comments
Labels
component-tls enhancement size-s Estimated task size: small (~2d)

Comments

@gilles-peskine-arm
Copy link
Contributor

In ssl-opt.sh (3.6, 4.x), we set up psk_list with unintended values: the argument to psk_list= should be a comma-separated list of byte strings in hexadecimal, so Client_identity is wrong (I guess non-hex-digits are skipped?) and abc and def are weird (I guess an extra odd digit is either completed with a 0 or ignored?). Fix this.

Note that we need to be consistent with other psk_list and psk settings in individual test cases, since it matters whether the client's psk and the server's psk are in the server's psk_list. (On the server, psk and psk_list go through two different APIs: mbedtls_ssl_conf_psk and mbedtls_ssl_conf_psk_cb.)

PSK strings used for testing should be at least 4 bytes long (i.e. at least 8 hex digits) because GnuTLS rejects shorter strings.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component-tls enhancement size-s Estimated task size: small (~2d)
Projects
Friction
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gilles-peskine-arm