Hanno Becker
7b8abee4f5
Add test case exercising verification of valid MD2 CRT
...
The X.509 parsing test suite test_suite_x509parse contains a test
exercising X.509 verification for a valid MD4/MD5 certificate in a
profile which doesn't allow MD4/MD5. This commit adds an analogous
test for MD2.
2019-06-03 14:45:16 +01:00
Hanno Becker
1c1f046804
Replace 'ingoing' -> 'incoming' in CID debug messages
2019-06-03 14:43:16 +01:00
Hanno Becker
c5f2422116
Document behaviour of mbedtls_ssl_get_peer_cid() for empty CIDs
2019-06-03 14:43:16 +01:00
Hanno Becker
5a29990367
Improve structure of client-side CID extension parsing
...
Group configuring CID values together.
2019-06-03 14:43:16 +01:00
Hanno Becker
2262648b69
Improve debugging output of client-side CID extension parsing
2019-06-03 14:43:16 +01:00
Hanno Becker
08556bf8fb
Improve structure of ssl_parse_cid_ext()
...
Group configuring CID values together.
2019-06-03 14:43:16 +01:00
Hanno Becker
064b732d11
Use unused extension ID as tentative ID for CID extension
2019-06-03 14:43:16 +01:00
Hanno Becker
554b6ea30a
Correct compile-time guard around unhexify() in ssl_server2
2019-06-03 14:43:16 +01:00
Hanno Becker
a34ff5b9a2
Correct compile-time guard around CID extension writing func on srv
2019-06-03 14:43:16 +01:00
Hanno Becker
b7ee0cf3f9
Make integer truncation explicit in mbedtls_ssl_set_cid()
2019-06-03 14:43:16 +01:00
Hanno Becker
fcffdccb85
Grep for dbug msgs witnessing use of CID in ssl_client2/ssl_server2
2019-06-03 14:43:16 +01:00
Hanno Becker
dec2552a92
Change formating of CID debug output in ssl_client2/ssl_server2
2019-06-03 14:43:16 +01:00
Hanno Becker
b1f89cd602
Implement mbedtls_ssl_get_peer_cid()
2019-06-03 14:43:16 +01:00
Hanno Becker
9ecb6c676c
Grep for dbg msg witnessing copying of CIDs to SSL transform
2019-06-03 14:43:16 +01:00
Hanno Becker
4bf7465840
Copy CIDs into SSL transform if use of CID has been negotiated
2019-06-03 14:43:16 +01:00
Hanno Becker
1327fa7d14
Add fields holding in/out CIDs to SSL record transformation struct
...
These will be copied from the CID fields in mbedtls_ssl_handshake_params
(outgoing CID) and mbedtls_ssl_context (incoming CID) when the transformation
is set up at the end of the handshake.
2019-06-03 14:43:16 +01:00
Hanno Becker
a6a4c7623c
Grep for dbg msg witnessing parsing of CID extension in ServerHello
2019-06-03 14:43:16 +01:00
Hanno Becker
a8373a11c0
Implement parsing of CID extension in ServerHello
2019-06-03 14:43:16 +01:00
Hanno Becker
4bc9e9d3f6
Grep for dbg msg witnessing writing of CID extension in ServerHello
2019-06-03 14:43:16 +01:00
Hanno Becker
51de2d3f69
Implement writing of CID extension in ServerHello
2019-06-03 14:43:16 +01:00
Hanno Becker
7dee2c6369
Grep for dbg msg witnessing parsing of CID extension in ClientHello
2019-06-03 14:43:16 +01:00
Hanno Becker
89dcc881d4
Implement parsing of CID extension in ClientHello
2019-06-03 14:43:16 +01:00
Hanno Becker
6b78c83829
Grep for dbg msg witnessing writing of CID extension in ClientHello
2019-06-03 14:43:16 +01:00
Hanno Becker
49770ffd93
Implement writing of CID extension in ClientHello
2019-06-03 14:43:16 +01:00
Hanno Becker
189a01309f
Check static bounds of CID lengths in check_config.h
2019-06-03 14:43:16 +01:00
Hanno Becker
0652bc50c7
Add identifier for CID extension
...
Note: The current draft
https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-04
does not yet specify the extension value, so we
use a temporary value of 42.
2019-06-03 14:43:16 +01:00
Hanno Becker
f157a97b75
Modify CID tests in ssl-opt.sh to grep for CID config debug msgs
2019-06-03 14:43:16 +01:00
Hanno Becker
ca092246a7
Allow configuring own CID fields through mbedtls_ssl_get_peer_cid()
2019-06-03 14:43:16 +01:00
Hanno Becker
2f28c1031f
Add fields to SSL structures describing state and config of CID ext
...
* mbedtls_ssl_context gets fields indicating whether the CID extension
should be negotiated in the next handshake, and, if yes, which CID
the user wishes the peer to use.
This information does not belong to mbedtls_ssl_handshake_params
because (a) it is configured prior to the handshake, and (b) it
applies to all subsequent handshakes.
* mbedtls_ssl_handshake_params gets fields indicating the state of CID
negotiation during the handshake. Specifically, it indicates if the
use of the CID extension has been negotiated, and if so, which CID
the peer wishes us to use for outgoing messages.
2019-06-03 14:43:16 +01:00
Hanno Becker
35c36a6760
Guard CID implementations by MBEDTLS_SSL_CID
2019-06-03 14:42:08 +01:00
Hanno Becker
5f925be378
Indicate ssl-opt.sh CID tests only test the stub CID code
2019-06-03 14:42:08 +01:00
Hanno Becker
f1f9a82320
Add warnings about status of implementation of CID API
2019-06-03 14:42:08 +01:00
Hanno Becker
9bae30d00d
Fix use of requires_config_enabled in ssl-opt.sh
...
requires_config_enabled doesn't support multiple config options.
Tests having multiple configuration dependencies must be prefixed
with multiple invocations of requires_config_enabled instead.
2019-06-03 14:42:08 +01:00
Hanno Becker
d029a2b57f
Fix typo in CID test in ssl-opt.sh
2019-06-03 14:42:08 +01:00
Hanno Becker
957dd921f1
Print peer CID from ssl_client2
2019-06-03 14:42:08 +01:00
Hanno Becker
735c716e2a
Print peer CID from ssl_server2
2019-06-03 14:42:08 +01:00
Hanno Becker
982182f342
Improve wording of CID debug msg in ssl_server2 example application
2019-06-03 14:42:08 +01:00
Hanno Becker
4f664cbb5c
Clarify that mbedtls_ssl_set_cid() applies to all subsequent HSs
2019-06-03 14:42:08 +01:00
Hanno Becker
318a87b336
Document that the use of CID is disabled by default.
...
(Even if MBEDTLS_SSL_CID is set in config.h)
2019-06-03 14:42:08 +01:00
Hanno Becker
9742809531
Reference CID Draft in Connection ID documentation in config.h
2019-06-03 14:42:08 +01:00
Hanno Becker
7cf463e3cc
Add basic Connection ID tests to ssl-opt.sh
2019-06-03 14:42:08 +01:00
Hanno Becker
a7d2542248
ssl_server2: Add cmd line options to configure use of CID extension
2019-06-03 14:42:08 +01:00
Hanno Becker
90cb359cf0
ssl_client2: Add cmd line options to configure use of CID extension
2019-06-03 14:42:08 +01:00
Hanno Becker
1f583eecd8
ssl_client2: Add helper to unhexify binary command line data
2019-06-03 14:42:08 +01:00
Hanno Becker
f8542cf620
Add dummy implementations for CID API
2019-06-03 14:42:08 +01:00
Hanno Becker
f8c10269d1
Update version_features.c
2019-06-03 14:42:08 +01:00
Hanno Becker
ebafe8b7cc
Update query_config.c
2019-06-03 14:42:08 +01:00
Hanno Becker
bb47cd906f
Add dep of MBEDTLS_SSL_CID on MBEDTLS_SSL_PROTO_DTLS to config check
2019-06-03 14:42:08 +01:00
Hanno Becker
019f4b58de
Add API for the use of the DTLS Connection ID extension
2019-06-03 14:42:08 +01:00
Hanno Becker
2234e650f7
Add new configuration option controlling CID extension
2019-06-03 14:42:08 +01:00