Skip to content

/ curl

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enabling the use of EC keys when doing TLS with mbedTLS backend. #3892

Closed
wants to merge 1 commit into from
Closed

Enabling the use of EC keys when doing TLS with mbedTLS backend. #3892

wants to merge 1 commit into from

Conversation

@DeuxVis
Copy link

@DeuxVis DeuxVis commented May 16, 2019

No description provided.

Guy P Guy P
Enabling the use of EC keys when doing TLS with mbedTLS backend.
Loading status checks…
affda72
@bagder bagder added the SSL/TLS label May 16, 2019
@bagder
bagder reviewed May 16, 2019
View changes
lib/vtls/mbedtls.c
@@ -343,7 +343,8 @@ mbed_connect_step1(struct connectdata *conn,
if(SSL_SET_OPTION(key)) {
ret = mbedtls_pk_parse_keyfile(&BACKEND->pk, SSL_SET_OPTION(key),
SSL_SET_OPTION(key_passwd));
if(ret == 0 && !mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_RSA))
if(ret == 0 && !( mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_RSA)
|| mbedtls_pk_can_do(&BACKEND->pk, MBEDTLS_PK_ECKEY)))

This comment has been minimized.

Sign in to view
@bagder

bagder May 16, 2019
Member

Is this MBEDTLS_PK_ECKEY flag supported on all mbedtls versions or is there a risk that this will break the build for some?

This comment has been minimized.

Sign in to view
@danielgustafsson

danielgustafsson May 19, 2019
Member

A quick skim of the code seems to imply that usage of MBEDTLS_PK_ECKEY depends on MBEDTLS_ECP_C.

This comment has been minimized.

Sign in to view
@DeuxVis

DeuxVis May 20, 2019
edited
Author

Is this MBEDTLS_PK_ECKEY flag supported on all mbedtls versions or is there a risk that this will break the build for some?

If you mean historically, I think it dates back from the polarssl days : ARMmbed/mbedtls@211a64c

So it probably have been available in all mbedtls versions.

This comment has been minimized.

Sign in to view
@DeuxVis

DeuxVis May 20, 2019
Author

Yes confirmed, It then have been renamed to the actual name - without polarssl reference - in mbedtls release 2.0 : https://github.com/ARMmbed/mbedtls/blob/4cb87f409df0ddd878ea50cfca7dc8735ee574f2/include/mbedtls/pk.h#L74
@bagder
Copy link
Member

@bagder bagder commented May 20, 2019

Thanks!
@bagder bagder closed this in 0da8441 May 20, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Aug 18, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bagder bagder

@danielgustafsson danielgustafsson

Assignees
No one assigned
Labels
SSL/TLS
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
@DeuxVis @bagder @danielgustafsson
You can’t perform that action at this time.