yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-26 21:21:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/pr/2498' into mbedtls-2.7

Browse source 
* origin/pr/2498:
  Adapt ChangeLog
  ssl_server2: Fail gracefully if no PEM-encoded CRTs are available
  ssl_server2: Skip CA setup if `ca_path` or `ca_file` argument "none"
  ssl_client2: Fail gracefully if no PEM-encoded CRTs are available
  ssl_client2: Skip CA setup if `ca_path` or `ca_file` argument "none"
This commit is contained in:
Jaeden Amero 2019-06-14 08:48:10 +01:00
parent c06b6e0bd2 0f1e53f6fe
commit 334ab9b7cb
3 changed files with 55 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ChangeLog
View file

@ -47,6 +47,9 @@ Changes
Contributed by Peter Kolbus (Garmin). Contributed by Peter Kolbus (Garmin).
* Change wording in the `mbedtls_ssl_conf_max_frag_len()`'s documentation to * Change wording in the `mbedtls_ssl_conf_max_frag_len()`'s documentation to
improve clarity. Fixes #2258. improve clarity. Fixes #2258.
* Improve debug output of ssl_client2 and ssl_server2 in case suitable
test CRTs are available because MBEDTLS_PEM_PARSE_C is disabled.
Fixes #2254.
= mbed TLS 2.7.10 branch released 2019-03-19 = mbed TLS 2.7.10 branch released 2019-03-19

62
programs/ssl/ssl_client2.c
View file

@ -1072,20 +1072,20 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Loading the CA root certificate ..." ); mbedtls_printf( " . Loading the CA root certificate ..." );
fflush( stdout ); fflush( stdout );
if( strcmp( opt.ca_path, "none" ) == 0 ||
strcmp( opt.ca_file, "none" ) == 0 )
{
ret = 0;
}
else
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
if( strlen( opt.ca_path ) ) if( strlen( opt.ca_path ) )
if( strcmp( opt.ca_path, "none" ) == 0 ) ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
ret = 0;
else
ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
else if( strlen( opt.ca_file ) ) else if( strlen( opt.ca_file ) )
if( strcmp( opt.ca_file, "none" ) == 0 ) ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
ret = 0;
else
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
else else
#endif #endif
#if defined(MBEDTLS_CERTS_C) #if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C)
for( i = 0; mbedtls_test_cas[i] != NULL; i++ ) for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
{ {
ret = mbedtls_x509_crt_parse( &cacert, ret = mbedtls_x509_crt_parse( &cacert,
@ -1097,9 +1097,13 @@ int main( int argc, char *argv[] )
#else #else
{ {
ret = 1; ret = 1;
mbedtls_printf("MBEDTLS_CERTS_C not defined."); #if !defined(MBEDTLS_CERTS_C)
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
#else
mbedtls_printf( "All test CRTs loaded via MBEDTLS_CERTS_C are PEM-encoded, but MBEDTLS_PEM_PARSE_C is disabled." );
} }
#endif #endif /* MBEDTLS_CERTS_C */
#endif /* MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C */
if( ret < 0 ) if( ret < 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
@ -1116,46 +1120,54 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Loading the client cert. and key..." ); mbedtls_printf( " . Loading the client cert. and key..." );
fflush( stdout ); fflush( stdout );
if( strcmp( opt.crt_file, "none" ) == 0 )
ret = 0;
else
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
if( strlen( opt.crt_file ) ) if( strlen( opt.crt_file ) )
if( strcmp( opt.crt_file, "none" ) == 0 ) ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
ret = 0;
else
ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
else else
#endif #endif
#if defined(MBEDTLS_CERTS_C) #if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C)
ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt, ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
mbedtls_test_cli_crt_len ); mbedtls_test_cli_crt_len );
#else #else
{ {
ret = 1; ret = 1;
mbedtls_printf("MBEDTLS_CERTS_C not defined."); #if !defined(MBEDTLS_CERTS_C)
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
#else
mbedtls_printf( "All test CRTs loaded via MBEDTLS_CERTS_C are PEM-encoded, but MBEDTLS_PEM_PARSE_C is disabled." );
} }
#endif #endif /* MBEDTLS_CERTS_C */
#endif /* MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C */
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
goto exit; goto exit;
} }
if( strcmp( opt.key_file, "none" ) == 0 )
ret = 0;
else
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
if( strlen( opt.key_file ) ) if( strlen( opt.key_file ) )
if( strcmp( opt.key_file, "none" ) == 0 ) ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
ret = 0;
else
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
else else
#endif #endif
#if defined(MBEDTLS_CERTS_C) #if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C)
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key, ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len, NULL, 0 ); mbedtls_test_cli_key_len, NULL, 0 );
#else #else
{ {
ret = 1; ret = 1;
mbedtls_printf("MBEDTLS_CERTS_C not defined."); #if !defined(MBEDTLS_CERTS_C)
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
#else
mbedtls_printf( "All test keys loaded via MBEDTLS_CERTS_C are PEM-encoded, but MBEDTLS_PEM_PARSE_C is disabled." );
} }
#endif #endif /* MBEDTLS_CERTS_C */
#endif /* MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C */
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret );

26
programs/ssl/ssl_server2.c
View file

@ -1595,20 +1595,20 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Loading the CA root certificate ..." ); mbedtls_printf( " . Loading the CA root certificate ..." );
fflush( stdout ); fflush( stdout );
if( strcmp( opt.ca_path, "none" ) == 0 ||
strcmp( opt.ca_file, "none" ) == 0 )
{
ret = 0;
}
else
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
if( strlen( opt.ca_path ) ) if( strlen( opt.ca_path ) )
if( strcmp( opt.ca_path, "none" ) == 0 ) ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
ret = 0;
else
ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
else if( strlen( opt.ca_file ) ) else if( strlen( opt.ca_file ) )
if( strcmp( opt.ca_file, "none" ) == 0 ) ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
ret = 0;
else
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
else else
#endif #endif
#if defined(MBEDTLS_CERTS_C) #if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C)
for( i = 0; mbedtls_test_cas[i] != NULL; i++ ) for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
{ {
ret = mbedtls_x509_crt_parse( &cacert, ret = mbedtls_x509_crt_parse( &cacert,
@ -1620,9 +1620,13 @@ int main( int argc, char *argv[] )
#else #else
{ {
ret = 1; ret = 1;
mbedtls_printf("MBEDTLS_CERTS_C not defined."); #if !defined(MBEDTLS_CERTS_C)
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
#else
mbedtls_printf( "All test CRTs loaded via MBEDTLS_CERTS_C are PEM-encoded, but MBEDTLS_PEM_PARSE_C is disabled." );
} }
#endif #endif /* MBEDTLS_CERTS_C */
#endif /* MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C */
if( ret < 0 ) if( ret < 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );