Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
mbedtls: Fix pinned key return value on fail. draft1 #601
- A copy of the const peercert must be made in order to pass a non-const public key to mbedtls_pk_write_pubkey_der. FAIL: Currently this runs but all pinned key verification fails. I have yet to debug it.
Before this goes in it must be fixed so that the input for
- More correct cleanup pattern for the copy of peer cert *p. - Add some descriptive error messages where appropriate. - Change name ret => result to eliminate variable shadowing warning. - Remove comment about no peer cert on session resume, since that's not true of mbedTLS (the comment was carried over from PolarSSL code). - Allocate cert info buffer on heap instead of stack. Prior to these changes: In draft 2 the code worked fine, however I marked it as 'FAIL' because all my tests failed due to what I later realized was just a copy&paste error on my part: I hadn't enabled curlssl_sha256sum even though I was running the sha256// tests.
- Switch from verifying a pinned public key in a callback during the certificate verification to inline after the certificate verification. The callback method had three problems: 1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH was not returned. 2. If peer certificate verification was disabled the pinned key verification did not take place as it should. 3. (related to #2) If there was no certificate of depth 0 the callback would not have checked the pinned public key. Though all those problems could have been fixed it would have made the code more complex. Instead we now verify inline after the certificate verification in mbedtls_connect_step2. Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html Ref: #601