ssl_client2: Zeroize peer CRT info buffer when reconnecting

This commit is contained in:
Hanno Becker 2019-02-26 11:38:29 +00:00
parent 890d7ee4cb
commit f9ca30d042

View File

@ -494,7 +494,7 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len )
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
static unsigned char peer_crt_info[1024] = { 0 }; static unsigned char peer_crt_info[1024];
/* /*
* Enabled if debug_level > 1 in code below * Enabled if debug_level > 1 in code below
@ -1650,6 +1650,7 @@ int main( int argc, char *argv[] )
} }
mbedtls_ssl_conf_verify( &conf, my_verify, NULL ); mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@ -2513,6 +2514,8 @@ reconnect:
mbedtls_printf( " . Reconnecting with saved session..." ); mbedtls_printf( " . Reconnecting with saved session..." );
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 ) if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",