Merge remote-tracking branch 'origin/pr/2540' into development

* origin/pr/2540:
  Add guards for MBEDTLS_X509_CRL_PARSE_C in sample
This commit is contained in:
Jaeden Amero 2019-04-24 11:20:31 +01:00
commit 1439b09049
2 changed files with 19 additions and 4 deletions

View file

@ -31,6 +31,8 @@ Bugfix
public macro MBEDTLS_X509_ID_FLAG. This could lead to invalid evaluation public macro MBEDTLS_X509_ID_FLAG. This could lead to invalid evaluation
in case operators binding less strongly than subtraction were used in case operators binding less strongly than subtraction were used
for the parameter. for the parameter.
* Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl
sni entry parameter. Reported by inestlerode in #560.
Changes Changes
* Server's RSA certificate in certs.c was SHA-1 signed. In the default * Server's RSA certificate in certs.c was SHA-1 signed. In the default

View file

@ -290,8 +290,14 @@ int main( void )
#endif /* MBEDTLS_SSL_CACHE_C */ #endif /* MBEDTLS_SSL_CACHE_C */
#if defined(SNI_OPTION) #if defined(SNI_OPTION)
#if defined(MBEDTLS_X509_CRL_PARSE_C)
#define SNI_CRL ",crl"
#else
#define SNI_CRL ""
#endif
#define USAGE_SNI \ #define USAGE_SNI \
" sni=%%s name1,cert1,key1,ca1,crl1,auth1[,...]\n" \ " sni=%%s name1,cert1,key1,ca1"SNI_CRL",auth1[,...]\n" \
" default: disabled\n" " default: disabled\n"
#else #else
#define USAGE_SNI "" #define USAGE_SNI ""
@ -725,10 +731,10 @@ void sni_free( sni_entry *head )
mbedtls_x509_crt_free( cur->ca ); mbedtls_x509_crt_free( cur->ca );
mbedtls_free( cur->ca ); mbedtls_free( cur->ca );
#if defined(MBEDTLS_X509_CRL_PARSE_C)
mbedtls_x509_crl_free( cur->crl ); mbedtls_x509_crl_free( cur->crl );
mbedtls_free( cur->crl ); mbedtls_free( cur->crl );
#endif
next = cur->next; next = cur->next;
mbedtls_free( cur ); mbedtls_free( cur );
cur = next; cur = next;
@ -747,7 +753,10 @@ sni_entry *sni_parse( char *sni_string )
sni_entry *cur = NULL, *new = NULL; sni_entry *cur = NULL, *new = NULL;
char *p = sni_string; char *p = sni_string;
char *end = p; char *end = p;
char *crt_file, *key_file, *ca_file, *crl_file, *auth_str; char *crt_file, *key_file, *ca_file, *auth_str;
#if defined(MBEDTLS_X509_CRL_PARSE_C)
char *crl_file;
#endif
while( *end != '\0' ) while( *end != '\0' )
++end; ++end;
@ -765,7 +774,9 @@ sni_entry *sni_parse( char *sni_string )
GET_ITEM( crt_file ); GET_ITEM( crt_file );
GET_ITEM( key_file ); GET_ITEM( key_file );
GET_ITEM( ca_file ); GET_ITEM( ca_file );
#if defined(MBEDTLS_X509_CRL_PARSE_C)
GET_ITEM( crl_file ); GET_ITEM( crl_file );
#endif
GET_ITEM( auth_str ); GET_ITEM( auth_str );
if( ( new->cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL || if( ( new->cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL ||
@ -790,6 +801,7 @@ sni_entry *sni_parse( char *sni_string )
goto error; goto error;
} }
#if defined(MBEDTLS_X509_CRL_PARSE_C)
if( strcmp( crl_file, "-" ) != 0 ) if( strcmp( crl_file, "-" ) != 0 )
{ {
if( ( new->crl = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ) ) == NULL ) if( ( new->crl = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ) ) == NULL )
@ -800,6 +812,7 @@ sni_entry *sni_parse( char *sni_string )
if( mbedtls_x509_crl_parse_file( new->crl, crl_file ) != 0 ) if( mbedtls_x509_crl_parse_file( new->crl, crl_file ) != 0 )
goto error; goto error;
} }
#endif
if( strcmp( auth_str, "-" ) != 0 ) if( strcmp( auth_str, "-" ) != 0 )
{ {