From fdc16f36b4c8b1dfb9d21ee2080c8eac6f5b2cea Mon Sep 17 00:00:00 2001 From: Jonathan Bennett Date: Fri, 24 Jan 2020 09:12:03 -0600 Subject: [PATCH 1/2] Allow loading symlinked certificates When mbedtls_x509_crt_parse_path() checks each object in the supplied path, it only processes regular files. This change makes it also accept a symlink to a file. Fixes #3005. This was observed to be a problem on Fedora/CentOS/RHEL systems, where the ca-bundle in the default location is actually a symlink. --- library/x509_crt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 38e69cc55..ca60011f7 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1613,7 +1613,7 @@ cleanup: goto cleanup; } - if( !S_ISREG( sb.st_mode ) ) + if( !( S_ISREG( sb.st_mode ) || S_ISLNK( sb.st_mode ) ) ) continue; // Ignore parse errors From 62236d7651b4993a09a487996de2db22c63420bb Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 24 Jan 2020 18:20:22 +0000 Subject: [PATCH 2/2] Add ChangeLog entry Add a ChangeLog entry for Jonathan Bennett's contribution which allows loading symlinked certificates. --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1d3917221..4a4d628ac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS X.X.X branch released XXXX-XX-XX + +Bugfix + * Allow loading symlinked certificates. Fixes #3005. Reported and fixed + by Jonathan Bennett via #3008. + = mbed TLS 2.20.0 branch released 2020-01-15 Bugfix