New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for trusted CA callbacks #2532
Commits on Mar 28, 2019
-
Add compile-time option to enable X.509 CA callbacks
Hanno Becker committedMar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for 288dedc - Browse repository at this point
Copy the full SHA 288dedcView commit details -
Add X.509 CRT verification API using trusted CA callbacks
Hanno Becker committedMar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for 5c8df78 - Browse repository at this point
Copy the full SHA 5c8df78View commit details -
Improve documentation of old X.509 CRT verification functions
This commit applies the documentation improvements noticed and applied while adding the documentation for the new X.509 CRT verification API mbedtls_x509_crt_verify_with_cb() to the existing verification APIs.
Hanno Becker committedMar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for 902451d - Browse repository at this point
Copy the full SHA 902451dView commit details -
Add SSL configuration API for trusted CA callbacks
Hanno Becker committedMar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for 8bf74f3 - Browse repository at this point
Copy the full SHA 8bf74f3View commit details -
Jarno Lamsa authored and Hanno Becker committed
Mar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for 03cd120 - Browse repository at this point
Copy the full SHA 03cd120View commit details -
Change callback name to ca_callback
Jarno Lamsa authored and Hanno Becker committedMar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for 912ed33 - Browse repository at this point
Copy the full SHA 912ed33View commit details -
Add a failure testcase for ca callback
Jarno Lamsa authored and Hanno Becker committedMar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for 557426a - Browse repository at this point
Copy the full SHA 557426aView commit details -
Add possibility to use ca_callbacks in ssl programs
Jarno Lamsa authored and Hanno Becker committedMar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for 1b4a2ba - Browse repository at this point
Copy the full SHA 1b4a2baView commit details -
Add X.509 CA callback to SSL configuration and implement setter API
Hanno Becker committedMar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for 5adaad9 - Browse repository at this point
Copy the full SHA 5adaad9View commit details -
Make use of CA callback if present when verifying peer CRT chain
Hanno Becker committedMar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for afd0b0a - Browse repository at this point
Copy the full SHA afd0b0aView commit details -
Add prototype for CRT verification with static and dynamic CA list
So far, there were the following CRT verification functions: - `mbedtls_x509_crt_verify()` -- no profile, no restartable ECC - `mbedtls_x509_crt_verify_with_profile()` -- profile, no restartable ECC - `mbedtls_x509_crt_verify_restartable()` -- profile, restartable ECC all publicly declared and offering increasing functionality. On the implementation-side, - `mbedtls_x509_crt_verify()` resolves to a call to `mbedtls_x509_crt_verify_with_profile()` setting the profile to `NULL`, and - `mbedtls_x509_crt_verify_with_profile()` resolves to a call to ``mbedtls_x509_crt_verify_restartable()` setting the ECC restart context to NULL. This commit adds two more functions to this zoo: - `mbedtls_x509_crt_verify_with_cb()` - `x509_crt_verify_restartable_cb()` Here, `mbedtls_x509_crt_verify_with_cb()` is similar to `mbedtls_x509_crt_verify_with_profile()` but uses a CA callback instead of a static CA list, and no restart context. `x509_crt_verify_restartable_cb()` is similar to `mbedtls_x509_crt_verify_restartable()` but allows to either use a static list of trusted CAs _or_ a trusted CA callback. On the implementation-side, - the body of `mbedtls_x509_crt_verify_restartable()` is moved to `x509_crt_verify_restartable_cb()`, and the new version of `mbedtls_x509_crt_verify_restartable()` just resolves to `x509_crt_verify_restartable_cb()` with the trusted CA callback set to NULL. - The new function `mbedtls_x509_crt_verify_with_cb()` forward to `x509_crt_verify_restartable_cb()` with the restart context set to `NULL`. There's no change to the implementation yet, and in particular, `mbedtls_x509_crt_verify_with_cb()` isn't yet usable.
Hanno Becker committedMar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for 3116fb3 - Browse repository at this point
Copy the full SHA 3116fb3View commit details -
Implement X.509 CRT verification using CA callback
Hanno Becker committedMar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for f53893b - Browse repository at this point
Copy the full SHA f53893bView commit details -
Declare CA callback type even if feature is disabled
Hanno Becker committedMar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for e15dae7 - Browse repository at this point
Copy the full SHA e15dae7View commit details -
Minor fixes to CA callback tests
Hanno Becker committedMar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for cbb5903 - Browse repository at this point
Copy the full SHA cbb5903View commit details -
Only run X.509 CRT verification tests with CA callback tests if !CRL
Hanno Becker committedMar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for 0350d56 - Browse repository at this point
Copy the full SHA 0350d56View commit details -
Add ssl-opt.sh tests for trusted CA callbacks
Hanno Becker committedMar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for 746aaf3 - Browse repository at this point
Copy the full SHA 746aaf3View commit details -
Hanno Becker committed
Mar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for fa738d1 - Browse repository at this point
Copy the full SHA fa738d1View commit details -
Remove trailing whitespace in test_suite_x509parse.function
Hanno Becker committedMar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for 3f932bb - Browse repository at this point
Copy the full SHA 3f932bbView commit details -
Hanno Becker committed
Mar 28, 2019 Configuration menu - View commit details
-
Copy full SHA for fed5d9d - Browse repository at this point
Copy the full SHA fed5d9dView commit details
Commits on Mar 29, 2019
-
Correct placement of usage macro in ssl_client2
Hanno Becker committedMar 29, 2019 Configuration menu - View commit details
-
Copy full SHA for 1bac87c - Browse repository at this point
Copy the full SHA 1bac87cView commit details
Commits on Mar 30, 2019
-
Fix ssl_client2 and ssl_server2 if !PLATFORM_C
The CA callback changes introduce mbedtls_calloc() and mbedtls_free() to ssl_client2 and ssl_server2, which wasn't defined unless MBEDTLS_PLATFORM_C was set.
Hanno Becker committedMar 30, 2019 Configuration menu - View commit details
-
Copy full SHA for d6d100b - Browse repository at this point
Copy the full SHA d6d100bView commit details
Commits on Apr 1, 2019
-
Change the verify function naming
Change the naming to reflect that the function uses a new ca callback feature to distinguish different callbacks.
Jarno Lamsa committedApr 1, 2019 Configuration menu - View commit details
-
Copy full SHA for 31d9db6 - Browse repository at this point
Copy the full SHA 31d9db6View commit details -
Change docs according to review comments
Jarno Lamsa committedApr 1, 2019 Configuration menu - View commit details
-
Copy full SHA for f49fedc - Browse repository at this point
Copy the full SHA f49fedcView commit details -
Remove mbedtls_ from the static function name
Jarno Lamsa committedApr 1, 2019 Configuration menu - View commit details
-
Copy full SHA for 2ee67a6 - Browse repository at this point
Copy the full SHA 2ee67a6View commit details -
Address review comments regarding ssl_client2 and ssl tests
Jarno Lamsa committedApr 1, 2019 Configuration menu - View commit details
-
Copy full SHA for f7a7f9e - Browse repository at this point
Copy the full SHA f7a7f9eView commit details -
Address comments for x509 tests
Jarno Lamsa committedApr 1, 2019 Configuration menu - View commit details
-
Copy full SHA for dfd22c4 - Browse repository at this point
Copy the full SHA dfd22c4View commit details -
Jarno Lamsa committed
Apr 1, 2019 Configuration menu - View commit details
-
Copy full SHA for 9822c0d - Browse repository at this point
Copy the full SHA 9822c0dView commit details
Commits on Apr 5, 2019
-
Configuration menu - View commit details
-
Copy full SHA for d7ecbd6 - Browse repository at this point
Copy the full SHA d7ecbd6View commit details -
Configuration menu - View commit details
-
Copy full SHA for 846ae7a - Browse repository at this point
Copy the full SHA 846ae7aView commit details