ssl_client2: Zeroize peer CRT info buffer when reconnecting

This commit is contained in:
Hanno Becker 2019-02-26 11:38:29 +00:00
parent 890d7ee4cb
commit f9ca30d042

View file

@ -494,7 +494,7 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len )
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
static unsigned char peer_crt_info[1024] = { 0 };
static unsigned char peer_crt_info[1024];
/*
* Enabled if debug_level > 1 in code below
@ -1650,6 +1650,7 @@ int main( int argc, char *argv[] )
}
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@ -2513,6 +2514,8 @@ reconnect:
mbedtls_printf( " . Reconnecting with saved session..." );
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",