mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 17:15:42 +01:00
- Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error
This commit is contained in:
parent
a17bcc3033
commit
6c0ceb3f9a
@ -35,6 +35,9 @@ Changes
|
||||
* Changed the used random function pointer to more flexible format. Renamed
|
||||
havege_rand() to havege_random() to prevent mistakes. Lots of changes as
|
||||
a consequence in library code and programs
|
||||
* Added permissive certificate parsing to x509parse_crt() and
|
||||
x509parse_crtfile(). With permissive parsing the parsing does not stop on
|
||||
encountering a parse-error
|
||||
|
||||
Bugfix
|
||||
* Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes
|
||||
|
@ -58,7 +58,7 @@
|
||||
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x2800 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
|
||||
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x2880 /**< Unsupported RSA key version */
|
||||
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x2900 /**< Invalid RSA key tag or value. */
|
||||
#define POLARSSL_ERR_X509_POINT_ERROR -0x2980 /**< Not used. */
|
||||
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT -0x2980 /**< Format not recognized as DER or PEM. */
|
||||
#define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x2A00 /**< Not used. */
|
||||
/* \} name */
|
||||
|
||||
@ -220,6 +220,17 @@
|
||||
|
||||
#define EXT_NS_CERT_TYPE (1 << 16)
|
||||
|
||||
/*
|
||||
* Storage format identifiers
|
||||
* Recognized formats: PEM and DER
|
||||
*/
|
||||
#define X509_FORMAT_DER 1
|
||||
#define X509_FORMAT_PEM 2
|
||||
|
||||
#define X509_NON_PERMISSIVE 0
|
||||
#define X509_PERMISSIVE 1
|
||||
|
||||
|
||||
/**
|
||||
* \addtogroup x509_module
|
||||
* \{ */
|
||||
@ -409,27 +420,34 @@ extern "C" {
|
||||
/** \ingroup x509_module */
|
||||
/**
|
||||
* \brief Parse one or more certificates and add them
|
||||
* to the chained list
|
||||
* to the chained list. With permissive parsing enabled
|
||||
* all certificates that cannot be parsed are ignored.
|
||||
* If none complete correctly, the first error is returned.
|
||||
*
|
||||
* \param chain points to the start of the chain
|
||||
* \param buf buffer holding the certificate data
|
||||
* \param buflen size of the buffer
|
||||
* \param permissive X509_PERMISSIVE or X509_NON_PERMISSIVE
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
*/
|
||||
int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen );
|
||||
int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen,
|
||||
int permissive );
|
||||
|
||||
/** \ingroup x509_module */
|
||||
/**
|
||||
* \brief Load one or more certificates and add them
|
||||
* to the chained list
|
||||
* to the chained list. With permissive parsing enabled
|
||||
* all certificates that cannot be parsed are ignored.
|
||||
* If none complete correctly, the first error is returned.
|
||||
*
|
||||
* \param chain points to the start of the chain
|
||||
* \param path filename to read the certificates from
|
||||
* \param permissive X509_PERMISSIVE or X509_NON_PERMISSIVE
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
*/
|
||||
int x509parse_crtfile( x509_cert *chain, const char *path );
|
||||
int x509parse_crtfile( x509_cert *chain, const char *path, int permissive );
|
||||
|
||||
/** \ingroup x509_module */
|
||||
/**
|
||||
|
@ -297,8 +297,8 @@ void error_strerror( int ret, char *buf, size_t buflen )
|
||||
snprintf( buf, buflen, "X509 - Unsupported RSA key version" );
|
||||
if( use_ret == -(POLARSSL_ERR_X509_KEY_INVALID_FORMAT) )
|
||||
snprintf( buf, buflen, "X509 - Invalid RSA key tag or value" );
|
||||
if( use_ret == -(POLARSSL_ERR_X509_POINT_ERROR) )
|
||||
snprintf( buf, buflen, "X509 - Not used" );
|
||||
if( use_ret == -(POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT) )
|
||||
snprintf( buf, buflen, "X509 - Format not recognized as DER or PEM" );
|
||||
if( use_ret == -(POLARSSL_ERR_X509_VALUE_TO_LENGTH) )
|
||||
snprintf( buf, buflen, "X509 - Not used" );
|
||||
#endif /* POLARSSL_X509_PARSE_C */
|
||||
|
@ -345,6 +345,8 @@ void pem_free( pem_context *ctx )
|
||||
|
||||
if( ctx->info )
|
||||
free( ctx->info );
|
||||
|
||||
memset( ctx, 0, sizeof( pem_context ) );
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -1401,7 +1401,8 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
|
||||
}
|
||||
|
||||
ret = x509parse_crt( ssl->peer_cert, ssl->in_msg + i, n );
|
||||
ret = x509parse_crt( ssl->peer_cert, ssl->in_msg + i, n,
|
||||
X509_NON_PERMISSIVE );
|
||||
if( ret != 0 )
|
||||
{
|
||||
SSL_DEBUG_RET( 1, " x509parse_crt", ret );
|
||||
|
@ -1006,20 +1006,13 @@ static int x509_get_sig_alg( const x509_buf *sig_oid, int *sig_alg )
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse one or more certificates and add them to the chained list
|
||||
* Parse and fill a single X.509 certificate in DER format
|
||||
*/
|
||||
int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
|
||||
int x509parse_crt_der( x509_cert *crt, const unsigned char *buf, size_t buflen )
|
||||
{
|
||||
int ret;
|
||||
size_t len;
|
||||
unsigned char *p, *end;
|
||||
x509_cert *crt;
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_context pem;
|
||||
size_t use_len;
|
||||
#endif
|
||||
|
||||
crt = chain;
|
||||
|
||||
/*
|
||||
* Check for valid input
|
||||
@ -1027,59 +1020,6 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
|
||||
if( crt == NULL || buf == NULL )
|
||||
return( 1 );
|
||||
|
||||
while( crt->version != 0 && crt->next != NULL )
|
||||
crt = crt->next;
|
||||
|
||||
/*
|
||||
* Add new certificate on the end of the chain if needed.
|
||||
*/
|
||||
if ( crt->version != 0 && crt->next == NULL)
|
||||
{
|
||||
crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
|
||||
|
||||
if( crt->next == NULL )
|
||||
{
|
||||
x509_free( crt );
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
crt = crt->next;
|
||||
memset( crt, 0, sizeof( x509_cert ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_init( &pem );
|
||||
ret = pem_read_buffer( &pem,
|
||||
"-----BEGIN CERTIFICATE-----",
|
||||
"-----END CERTIFICATE-----",
|
||||
buf, NULL, 0, &use_len );
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
/*
|
||||
* Was PEM encoded
|
||||
*/
|
||||
buflen -= use_len;
|
||||
buf += use_len;
|
||||
|
||||
/*
|
||||
* Steal PEM buffer
|
||||
*/
|
||||
p = pem.buf;
|
||||
pem.buf = NULL;
|
||||
len = pem.buflen;
|
||||
pem_free( &pem );
|
||||
}
|
||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
|
||||
{
|
||||
pem_free( &pem );
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
{
|
||||
/*
|
||||
* nope, copy the raw DER data
|
||||
*/
|
||||
p = (unsigned char *) malloc( len = buflen );
|
||||
|
||||
if( p == NULL )
|
||||
@ -1088,17 +1028,6 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
|
||||
memcpy( p, buf, buflen );
|
||||
|
||||
buflen = 0;
|
||||
}
|
||||
#else
|
||||
p = (unsigned char *) malloc( len = buflen );
|
||||
|
||||
if( p == NULL )
|
||||
return( 1 );
|
||||
|
||||
memcpy( p, buf, buflen );
|
||||
|
||||
buflen = 0;
|
||||
#endif
|
||||
|
||||
crt->raw.p = p;
|
||||
crt->raw.len = len;
|
||||
@ -1324,23 +1253,154 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
|
||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||
}
|
||||
|
||||
if( buflen > 0 )
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse one or more PEM certificates from a buffer and add them to the chained list
|
||||
*/
|
||||
int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen,
|
||||
int permissive )
|
||||
{
|
||||
int ret, success = 0, first_error = 0;
|
||||
x509_cert *crt, *prev = NULL;
|
||||
int buf_format = X509_FORMAT_DER;
|
||||
|
||||
crt = chain;
|
||||
|
||||
/*
|
||||
* Check for valid input
|
||||
*/
|
||||
if( crt == NULL || buf == NULL )
|
||||
return( 1 );
|
||||
|
||||
while( crt->version != 0 && crt->next != NULL )
|
||||
{
|
||||
prev = crt;
|
||||
crt = crt->next;
|
||||
}
|
||||
|
||||
/*
|
||||
* Add new certificate on the end of the chain if needed.
|
||||
*/
|
||||
if ( crt->version != 0 && crt->next == NULL)
|
||||
{
|
||||
crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
|
||||
|
||||
if( crt->next == NULL )
|
||||
{
|
||||
x509_free( crt );
|
||||
return( 1 );
|
||||
}
|
||||
|
||||
prev = crt;
|
||||
crt = crt->next;
|
||||
memset( crt, 0, sizeof( x509_cert ) );
|
||||
|
||||
return( x509parse_crt( crt, buf, buflen ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Determine buffer content. Buffer contains either one DER certificate or
|
||||
* one or more PEM certificates.
|
||||
*/
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
if( strstr( (char *) buf, "-----BEGIN CERTIFICATE-----" ) != NULL )
|
||||
buf_format = X509_FORMAT_PEM;
|
||||
#endif
|
||||
|
||||
if( buf_format == X509_FORMAT_DER )
|
||||
return x509parse_crt_der( crt, buf, buflen );
|
||||
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
if( buf_format == X509_FORMAT_PEM )
|
||||
{
|
||||
pem_context pem;
|
||||
|
||||
while( buflen > 0 )
|
||||
{
|
||||
size_t use_len;
|
||||
pem_init( &pem );
|
||||
|
||||
ret = pem_read_buffer( &pem,
|
||||
"-----BEGIN CERTIFICATE-----",
|
||||
"-----END CERTIFICATE-----",
|
||||
buf, NULL, 0, &use_len );
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
/*
|
||||
* Was PEM encoded
|
||||
*/
|
||||
buflen -= use_len;
|
||||
buf += use_len;
|
||||
}
|
||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
|
||||
{
|
||||
pem_free( &pem );
|
||||
|
||||
if( first_error == 0 )
|
||||
first_error = ret;
|
||||
|
||||
continue;
|
||||
}
|
||||
else
|
||||
break;
|
||||
|
||||
ret = x509parse_crt_der( crt, pem.buf, pem.buflen );
|
||||
|
||||
pem_free( &pem );
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
/*
|
||||
* quit parsing on a memory error or if in non-permissive parsing mode
|
||||
*/
|
||||
if( ret == 1 || permissive != 1 )
|
||||
{
|
||||
if( prev )
|
||||
prev->next = NULL;
|
||||
|
||||
if( crt != chain )
|
||||
free( crt );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( first_error == 0 )
|
||||
first_error = ret;
|
||||
|
||||
memset( crt, 0, sizeof( x509_cert ) );
|
||||
continue;
|
||||
}
|
||||
|
||||
success = 1;
|
||||
|
||||
/*
|
||||
* Add new certificate to the list
|
||||
*/
|
||||
crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
|
||||
|
||||
if( crt->next == NULL )
|
||||
return( 1 );
|
||||
|
||||
prev = crt;
|
||||
crt = crt->next;
|
||||
memset( crt, 0, sizeof( x509_cert ) );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if( crt->version == 0 )
|
||||
{
|
||||
if( prev )
|
||||
prev->next = NULL;
|
||||
|
||||
if( crt != chain )
|
||||
free( crt );
|
||||
}
|
||||
|
||||
if( success )
|
||||
return( 0 );
|
||||
else if( first_error )
|
||||
return( first_error );
|
||||
else
|
||||
return( POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT );
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1667,7 +1727,7 @@ int load_file( const char *path, unsigned char **buf, size_t *n )
|
||||
/*
|
||||
* Load one or more certificates and add them to the chained list
|
||||
*/
|
||||
int x509parse_crtfile( x509_cert *chain, const char *path )
|
||||
int x509parse_crtfile( x509_cert *chain, const char *path, int permissive )
|
||||
{
|
||||
int ret;
|
||||
size_t n;
|
||||
@ -1676,7 +1736,7 @@ int x509parse_crtfile( x509_cert *chain, const char *path )
|
||||
if ( load_file( path, &buf, &n ) )
|
||||
return( 1 );
|
||||
|
||||
ret = x509parse_crt( chain, buf, n );
|
||||
ret = x509parse_crt( chain, buf, n, permissive );
|
||||
|
||||
memset( buf, 0, n + 1 );
|
||||
free( buf );
|
||||
@ -3099,7 +3159,7 @@ int x509_self_test( int verbose )
|
||||
memset( &clicert, 0, sizeof( x509_cert ) );
|
||||
|
||||
ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
|
||||
strlen( test_cli_crt ) );
|
||||
strlen( test_cli_crt ), X509_NON_PERMISSIVE );
|
||||
if( ret != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
@ -3111,7 +3171,7 @@ int x509_self_test( int verbose )
|
||||
memset( &cacert, 0, sizeof( x509_cert ) );
|
||||
|
||||
ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
|
||||
strlen( test_ca_crt ) );
|
||||
strlen( test_ca_crt ), X509_NON_PERMISSIVE );
|
||||
if( ret != 0 )
|
||||
{
|
||||
if( verbose != 0 )
|
||||
|
@ -224,12 +224,12 @@ int main( int argc, char *argv[] )
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
if( strlen( opt.ca_file ) )
|
||||
ret = x509parse_crtfile( &cacert, opt.ca_file );
|
||||
ret = x509parse_crtfile( &cacert, opt.ca_file, X509_NON_PERMISSIVE );
|
||||
else
|
||||
#endif
|
||||
#if defined(POLARSSL_CERTS_C)
|
||||
ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
|
||||
strlen( test_ca_crt ) );
|
||||
strlen( test_ca_crt ), X509_NON_PERMISSIVE );
|
||||
#else
|
||||
{
|
||||
ret = 1;
|
||||
@ -254,12 +254,12 @@ int main( int argc, char *argv[] )
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
if( strlen( opt.crt_file ) )
|
||||
ret = x509parse_crtfile( &clicert, opt.crt_file );
|
||||
ret = x509parse_crtfile( &clicert, opt.crt_file, X509_NON_PERMISSIVE );
|
||||
else
|
||||
#endif
|
||||
#if defined(POLARSSL_CERTS_C)
|
||||
ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
|
||||
strlen( test_cli_crt ) );
|
||||
strlen( test_cli_crt ), X509_NON_PERMISSIVE );
|
||||
#else
|
||||
{
|
||||
ret = 1;
|
||||
|
@ -230,7 +230,7 @@ int main( int argc, char *argv[] )
|
||||
* server and CA certificates, as well as x509parse_keyfile().
|
||||
*/
|
||||
ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
|
||||
strlen( test_srv_crt ) );
|
||||
strlen( test_srv_crt ), X509_NON_PERMISSIVE );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
|
||||
@ -238,7 +238,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
|
||||
ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
|
||||
strlen( test_ca_crt ) );
|
||||
strlen( test_ca_crt ), X509_NON_PERMISSIVE );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
|
||||
|
@ -476,12 +476,12 @@ int main( int argc, char *argv[] )
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
if( strlen( opt.ca_file ) )
|
||||
ret = x509parse_crtfile( &cacert, opt.ca_file );
|
||||
ret = x509parse_crtfile( &cacert, opt.ca_file, X509_NON_PERMISSIVE );
|
||||
else
|
||||
#endif
|
||||
#if defined(POLARSSL_CERTS_C)
|
||||
ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
|
||||
strlen( test_ca_crt ) );
|
||||
strlen( test_ca_crt ), X509_NON_PERMISSIVE );
|
||||
#else
|
||||
{
|
||||
ret = 1;
|
||||
@ -506,12 +506,12 @@ int main( int argc, char *argv[] )
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
if( strlen( opt.crt_file ) )
|
||||
ret = x509parse_crtfile( &clicert, opt.crt_file );
|
||||
ret = x509parse_crtfile( &clicert, opt.crt_file, X509_NON_PERMISSIVE );
|
||||
else
|
||||
#endif
|
||||
#if defined(POLARSSL_CERTS_C)
|
||||
ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
|
||||
strlen( test_cli_crt ) );
|
||||
strlen( test_cli_crt ), X509_NON_PERMISSIVE );
|
||||
#else
|
||||
{
|
||||
ret = 1;
|
||||
|
@ -216,7 +216,7 @@ int main( int argc, char *argv[] )
|
||||
* server and CA certificates, as well as x509parse_keyfile().
|
||||
*/
|
||||
ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
|
||||
strlen( test_srv_crt ) );
|
||||
strlen( test_srv_crt ), X509_NON_PERMISSIVE );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
|
||||
@ -224,7 +224,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
|
||||
ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
|
||||
strlen( test_ca_crt ) );
|
||||
strlen( test_ca_crt ), X509_NON_PERMISSIVE );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
|
||||
|
@ -100,7 +100,7 @@ int main( int argc, char *argv[] )
|
||||
* Alternatively, you may load the CA certificates from a .pem or
|
||||
* .crt file by calling x509parse_crtfile( &cacert, "myca.crt" ).
|
||||
*/
|
||||
ret = x509parse_crtfile( &cacert, "ssl/test-ca/test-ca.crt" );
|
||||
ret = x509parse_crtfile( &cacert, "ssl/test-ca/test-ca.crt", X509_NON_PERMISSIVE );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_crtfile returned %d\n\n", ret );
|
||||
@ -148,7 +148,7 @@ int main( int argc, char *argv[] )
|
||||
printf( " . Loading the client certificate %s...", name );
|
||||
fflush( stdout );
|
||||
|
||||
ret = x509parse_crtfile( &clicert, name );
|
||||
ret = x509parse_crtfile( &clicert, name, X509_NON_PERMISSIVE );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " failed\n ! x509parse_crt returned %d\n\n", ret );
|
||||
|
@ -203,7 +203,7 @@ static int ssl_test( struct options *opt )
|
||||
goto exit;
|
||||
#else
|
||||
ret = x509parse_crt( &srvcert, (unsigned char *) test_srv_crt,
|
||||
strlen( test_srv_crt ) );
|
||||
strlen( test_srv_crt ), X509_NON_PERMISSIVE );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " ! x509parse_crt returned %d\n\n", ret );
|
||||
@ -211,7 +211,7 @@ static int ssl_test( struct options *opt )
|
||||
}
|
||||
|
||||
ret = x509parse_crt( &srvcert, (unsigned char *) test_ca_crt,
|
||||
strlen( test_ca_crt ) );
|
||||
strlen( test_ca_crt ), X509_NON_PERMISSIVE );
|
||||
if( ret != 0 )
|
||||
{
|
||||
printf( " ! x509parse_crt returned %d\n\n", ret );
|
||||
|
@ -47,6 +47,7 @@
|
||||
#define DFL_SERVER_NAME "localhost"
|
||||
#define DFL_SERVER_PORT 4433
|
||||
#define DFL_DEBUG_LEVEL 0
|
||||
#define DFL_PERMISSIVE 0
|
||||
|
||||
/*
|
||||
* global options
|
||||
@ -58,6 +59,7 @@ struct options
|
||||
char *server_name; /* hostname of the server (client only) */
|
||||
int server_port; /* port on which the ssl service runs */
|
||||
int debug_level; /* level of debugging */
|
||||
int permissive; /* permissive parsing */
|
||||
} opt;
|
||||
|
||||
void my_debug( void *ctx, int level, const char *str )
|
||||
@ -77,6 +79,7 @@ void my_debug( void *ctx, int level, const char *str )
|
||||
" server_name=%%s default: localhost\n" \
|
||||
" server_port=%%d default: 4433\n" \
|
||||
" debug_level=%%d default: 0 (disabled)\n" \
|
||||
" permissive=%%d default: 0 (disabled)\n" \
|
||||
"\n"
|
||||
|
||||
#if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_HAVEGE_C) || \
|
||||
@ -128,6 +131,7 @@ int main( int argc, char *argv[] )
|
||||
opt.server_name = DFL_SERVER_NAME;
|
||||
opt.server_port = DFL_SERVER_PORT;
|
||||
opt.debug_level = DFL_DEBUG_LEVEL;
|
||||
opt.permissive = DFL_PERMISSIVE;
|
||||
|
||||
for( i = 1; i < argc; i++ )
|
||||
{
|
||||
@ -169,6 +173,12 @@ int main( int argc, char *argv[] )
|
||||
if( opt.debug_level < 0 || opt.debug_level > 65535 )
|
||||
goto usage;
|
||||
}
|
||||
else if( strcmp( p, "permissive" ) == 0 )
|
||||
{
|
||||
opt.permissive = atoi( q );
|
||||
if( opt.permissive < 0 || opt.permissive > 1 )
|
||||
goto usage;
|
||||
}
|
||||
else
|
||||
goto usage;
|
||||
}
|
||||
@ -185,7 +195,7 @@ int main( int argc, char *argv[] )
|
||||
printf( "\n . Loading the certificate(s) ..." );
|
||||
fflush( stdout );
|
||||
|
||||
ret = x509parse_crtfile( &crt, opt.filename );
|
||||
ret = x509parse_crtfile( &crt, opt.filename, opt.permissive );
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
|
@ -35,7 +35,7 @@ debug_print_crt:crt_file:file:line:prefix:result_str
|
||||
|
||||
ssl_set_dbg(&ssl, string_debug, &buffer);
|
||||
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file}, X509_NON_PERMISSIVE ) == 0 );
|
||||
debug_print_crt( &ssl, 0, {file}, {line}, {prefix}, &crt);
|
||||
|
||||
TEST_ASSERT( strcmp( buffer.buf, {result_str} ) == 0 );
|
||||
|
@ -38,7 +38,7 @@ x509_cert_info:crt_file:result_str
|
||||
memset( &crt, 0, sizeof( x509_cert ) );
|
||||
memset( buf, 0, 2000 );
|
||||
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file}, X509_NON_PERMISSIVE ) == 0 );
|
||||
res = x509parse_cert_info( buf, 2000, "", &crt );
|
||||
|
||||
TEST_ASSERT( res != -1 );
|
||||
@ -81,8 +81,8 @@ x509_verify:crt_file:ca_file:crl_file:cn_name:result:flags:verify_callback
|
||||
memset( &ca, 0, sizeof( x509_cert ) );
|
||||
memset( &crl, 0, sizeof( x509_crl ) );
|
||||
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
|
||||
TEST_ASSERT( x509parse_crtfile( &ca, {ca_file} ) == 0 );
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file}, X509_NON_PERMISSIVE ) == 0 );
|
||||
TEST_ASSERT( x509parse_crtfile( &ca, {ca_file}, X509_NON_PERMISSIVE ) == 0 );
|
||||
TEST_ASSERT( x509parse_crlfile( &crl, {crl_file} ) == 0 );
|
||||
|
||||
res = x509parse_verify( &crt, &ca, &crl, {cn_name}, &flags, {verify_callback}, NULL );
|
||||
@ -102,7 +102,7 @@ x509_dn_gets:crt_file:entity:result_str
|
||||
memset( &crt, 0, sizeof( x509_cert ) );
|
||||
memset( buf, 0, 2000 );
|
||||
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file}, X509_NON_PERMISSIVE ) == 0 );
|
||||
res = x509parse_dn_gets( buf, 2000, &crt.{entity} );
|
||||
|
||||
TEST_ASSERT( res != -1 );
|
||||
@ -119,7 +119,7 @@ x509_time_expired:crt_file:entity:result
|
||||
|
||||
memset( &crt, 0, sizeof( x509_cert ) );
|
||||
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
|
||||
TEST_ASSERT( x509parse_crtfile( &crt, {crt_file}, X509_NON_PERMISSIVE ) == 0 );
|
||||
TEST_ASSERT( x509parse_time_expired( &crt.{entity} ) == {result} );
|
||||
}
|
||||
END_CASE
|
||||
@ -176,7 +176,7 @@ x509parse_crt:crt_data:result_str:result
|
||||
|
||||
data_len = unhexify( buf, {crt_data} );
|
||||
|
||||
TEST_ASSERT( x509parse_crt( &crt, buf, data_len ) == ( {result} ) );
|
||||
TEST_ASSERT( x509parse_crt( &crt, buf, data_len, X509_NON_PERMISSIVE ) == ( {result} ) );
|
||||
if( ( {result} ) == 0 )
|
||||
{
|
||||
res = x509parse_cert_info( (char *) output, 2000, "", &crt );
|
||||
|
Loading…
Reference in New Issue
Block a user