Fix bug with client auth with DTLS
This commit is contained in:
parent
d0fd1daa6b
commit
08a1d4bce1
2 changed files with 24 additions and 2 deletions
|
@ -3454,10 +3454,10 @@ int ssl_parse_certificate( ssl_context *ssl )
|
|||
if( ssl->endpoint == SSL_IS_SERVER &&
|
||||
ssl->minor_ver != SSL_MINOR_VERSION_0 )
|
||||
{
|
||||
if( ssl->in_hslen == 7 &&
|
||||
if( ssl->in_hslen == 3 + ssl_hs_hdr_len( ssl ) &&
|
||||
ssl->in_msgtype == SSL_MSG_HANDSHAKE &&
|
||||
ssl->in_msg[0] == SSL_HS_CERTIFICATE &&
|
||||
memcmp( ssl->in_msg + 4, "\0\0\0", 3 ) == 0 )
|
||||
memcmp( ssl->in_msg + ssl_hs_hdr_len( ssl ), "\0\0\0", 3 ) == 0 )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
|
||||
|
||||
|
|
|
@ -2024,6 +2024,28 @@ run_test "DTLS cookie: enabled, IPv6" \
|
|||
-c "received hello verify request" \
|
||||
-S "SSL - The requested feature is not available"
|
||||
|
||||
# Tests for various cases of client authentication with DTLS
|
||||
# (focused on handshake flows and message parsing)
|
||||
|
||||
run_test "DTLS client auth: required" \
|
||||
"$P_SRV dtls=1 auth_mode=required" \
|
||||
"$P_CLI dtls=1" \
|
||||
0 \
|
||||
-s "Verifying peer X.509 certificate... ok"
|
||||
|
||||
run_test "DTLS client auth: optional, client has no cert" \
|
||||
"$P_SRV dtls=1 auth_mode=optional" \
|
||||
"$P_CLI dtls=1 crt_file=none key_file=none" \
|
||||
0 \
|
||||
-s "! no client certificate sent"
|
||||
|
||||
run_test "DTLS client auth: optional, client has no cert" \
|
||||
"$P_SRV dtls=1 auth_mode=none" \
|
||||
"$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \
|
||||
0 \
|
||||
-c "skip write certificate$" \
|
||||
-s "! no client certificate sent"
|
||||
|
||||
# Tests for receiving fragmented handshake messages with DTLS
|
||||
|
||||
requires_gnutls
|
||||
|
|
Loading…
Reference in a new issue