MatrixSSL 3.9.1
This commit is contained in:
Arto Niemi
@@ -3406,6 +3406,7 @@ SKIP_CERT_CHAIN_INIT:
|
||||
if ((parseLen = psX509ParseCert(ssl->hsPool, c, certLen, &cert, certFlags))
|
||||
< 0)
|
||||
{
|
||||
psTraceInfo("Parsing of the peer certificate failed\n");
|
||||
psX509FreeCert(cert);
|
||||
if (parseLen == PS_MEM_FAIL)
|
||||
{
|
||||
@@ -3426,7 +3427,7 @@ SKIP_CERT_CHAIN_INIT:
|
||||
trusted due to missing Basic Constraints, etc. */
|
||||
if (cert->version != 2)
|
||||
{
|
||||
psX509FreeCert(cert);
|
||||
psTraceInfo("Version 1 peer certificates not allowed\n");
|
||||
ssl->err = SSL_ALERT_BAD_CERTIFICATE;
|
||||
}
|
||||
# endif /* ALLOW_VERSION_1_ROOT_CERT_PARSE */
|
||||
|
||||
@@ -47,8 +47,11 @@ static const psCipher16_t cipherlist_default[] = { 47 };
|
||||
|
||||
# define logMessage(l, t, ...) do { printf(#l " " #t ": " __VA_ARGS__); printf("\n"); } while (0) /* Log_Verbose, TAG, "Wrote %d bytes", transferred */
|
||||
|
||||
/* This function should be specifiable as a callback. */
|
||||
int32 ssl_cert_auth(ssl_t *ssl, psX509Cert_t *cert, int32 alert);
|
||||
/* The MatrixSSL certificate validation callback. */
|
||||
static int32 ssl_cert_auth_default(ssl_t *ssl, psX509Cert_t *cert, int32 alert)
|
||||
{
|
||||
return MATRIXSSL_SUCCESS;
|
||||
}
|
||||
|
||||
# ifdef USE_CLIENT_SIDE_SSL
|
||||
static int32 extensionCb(ssl_t *ssl, uint16_t extType, uint8_t extLen, void *e)
|
||||
@@ -101,6 +104,7 @@ static int init_client_tls(psSocket_t *sock, const char *capath, int tls)
|
||||
int32 extLen;
|
||||
ssl_t *ssl = NULL;
|
||||
const char *host = (const char *) node_global;
|
||||
int32 (*ssl_cert_auth_cb)(ssl_t *ssl, psX509Cert_t *cert, int32 alert);
|
||||
|
||||
memset(&options, 0x0, sizeof(sslSessOpts_t));
|
||||
set_tls_options_version(&options, tls);
|
||||
@@ -151,10 +155,16 @@ static int init_client_tls(psSocket_t *sock, const char *capath, int tls)
|
||||
psFree(ext, NULL);
|
||||
}
|
||||
|
||||
ssl_cert_auth_cb = sock->extra.tls->ssl_socket_cert_auth;
|
||||
if (ssl_cert_auth_cb == NULL)
|
||||
{
|
||||
ssl_cert_auth_cb = &ssl_cert_auth_default;
|
||||
}
|
||||
|
||||
rc = matrixSslNewClientSession(&ssl, keys, sid,
|
||||
sock->extra.tls->cipherlist,
|
||||
sock->extra.tls->ciphers,
|
||||
ssl_cert_auth, NULL,
|
||||
ssl_cert_auth_cb, NULL,
|
||||
extension,
|
||||
extensionCb, &options);
|
||||
matrixSslDeleteHelloExtension(extension);
|
||||
@@ -223,6 +233,16 @@ static const char *getCapath(psSocket_t *sock)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void setSocketTlsCertAuthCb(
|
||||
psSocket_t *sock,
|
||||
int32 (*ssl_cert_auth_cb)(ssl_t *ssl, psX509Cert_t *cert, int32 alert))
|
||||
{
|
||||
if (sock && sock->type == PS_SOCKET_TLS && sock->extra.tls)
|
||||
{
|
||||
sock->extra.tls->ssl_socket_cert_auth = ssl_cert_auth_cb;
|
||||
}
|
||||
}
|
||||
|
||||
static int getTlsVersion(psSocket_t *sock)
|
||||
{
|
||||
if (sock && sock->type == PS_SOCKET_TLS && sock->extra.tls)
|
||||
|
||||
@@ -41,8 +41,14 @@ struct psSocketTls
|
||||
int nested_call;
|
||||
int handshaked;
|
||||
matrixSslInteract_t msi;
|
||||
int32 (*ssl_socket_cert_auth)(ssl_t *ssl, psX509Cert_t *cert, int32 alert);
|
||||
};
|
||||
|
||||
/* Set certificate callback for psSockets of TLS type. */
|
||||
void setSocketTlsCertAuthCb(
|
||||
psSocket_t *sock,
|
||||
int32 (*ssl_cert_auth_cb)(ssl_t *ssl, psX509Cert_t *cert, int32 alert));
|
||||
|
||||
#endif /* USE_PS_NETWORKING */
|
||||
|
||||
#endif /* INCLUDE_GUARD_MATRIXSSLSOCKET_H */
|
||||
|
||||
@@ -8,10 +8,10 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define MATRIXSSL_VERSION "3.9.0-OPEN"
|
||||
#define MATRIXSSL_VERSION "3.9.1-OPEN"
|
||||
#define MATRIXSSL_VERSION_MAJOR 3
|
||||
#define MATRIXSSL_VERSION_MINOR 9
|
||||
#define MATRIXSSL_VERSION_PATCH 0
|
||||
#define MATRIXSSL_VERSION_PATCH 1
|
||||
#define MATRIXSSL_VERSION_CODE "OPEN"
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
Reference in New Issue
Block a user