mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 06:54:15 +01:00
ssl_client2: Extract peer CRT info from verification callback
So far, `ssl_client2` printed the CRT info for the peer's CRT by requesting the latter through `mbedtls_ssl_get_peer_cert()` at the end of the handshake, and printing it via `mbedtls_x509_crt_info()`. When `MBEDTLS_SSL_KEEP_PEER_CERTIFICATE` is disabled, this does no longer work because the peer's CRT isn't stored beyond the handshake. This makes some tests in `ssl-opt.sh` fail which rely on the CRT info output for the peer certificate. This commit modifies `ssl_client2` to extract the peer CRT info from the verification callback, which is always called at a time when the peer's CRT is available. This way, the peer's CRT info is still printed if `MBEDTLS_SSL_KEEP_PEER_CERTIFICATE` is disabled.
This commit is contained in:
parent
24bc570814
commit
975c463b3f
@ -494,6 +494,8 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len )
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
|
static unsigned char peer_crt_info[1024] = { 0 };
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Enabled if debug_level > 1 in code below
|
* Enabled if debug_level > 1 in code below
|
||||||
*/
|
*/
|
||||||
@ -506,8 +508,14 @@ static int my_verify( void *data, mbedtls_x509_crt *crt,
|
|||||||
((void) data);
|
((void) data);
|
||||||
|
|
||||||
#if !defined(MBEDTLS_X509_REMOVE_INFO)
|
#if !defined(MBEDTLS_X509_REMOVE_INFO)
|
||||||
mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
|
|
||||||
mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
|
mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
|
||||||
|
if( depth == 0 )
|
||||||
|
memcpy( peer_crt_info, buf, sizeof( buf ) );
|
||||||
|
|
||||||
|
if( opt.debug_level == 0 )
|
||||||
|
return( 0 );
|
||||||
|
|
||||||
|
mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
|
||||||
mbedtls_printf( "%s", buf );
|
mbedtls_printf( "%s", buf );
|
||||||
#else
|
#else
|
||||||
((void) crt);
|
((void) crt);
|
||||||
@ -1641,8 +1649,7 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
|
mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( opt.debug_level > 0 )
|
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
|
||||||
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
|
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
@ -2021,13 +2028,8 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_printf( " ok\n" );
|
mbedtls_printf( " ok\n" );
|
||||||
|
|
||||||
#if !defined(MBEDTLS_X509_REMOVE_INFO)
|
#if !defined(MBEDTLS_X509_REMOVE_INFO)
|
||||||
if( mbedtls_ssl_get_peer_cert( &ssl ) != NULL )
|
mbedtls_printf( " . Peer certificate information ...\n" );
|
||||||
{
|
mbedtls_printf( "%s\n", peer_crt_info );
|
||||||
mbedtls_printf( " . Peer certificate information ...\n" );
|
|
||||||
mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
|
|
||||||
mbedtls_ssl_get_peer_cert( &ssl ) );
|
|
||||||
mbedtls_printf( "%s\n", buf );
|
|
||||||
}
|
|
||||||
#endif /* !MBEDTLS_X509_REMOVE_INFO */
|
#endif /* !MBEDTLS_X509_REMOVE_INFO */
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user