cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-31 03:30:35 -04:00
Code Issues Packages Projects Releases Wiki Activity

Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.

Browse Source 
Add a reference to the relevant RFC, adapt ChangeLog.
This commit is contained in:
Hanno Becker 2017-04-07 13:02:16 +01:00 committed by Simon Butcher
parent 0446a39744
commit 1a9a51c7cf
4 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -198,6 +198,8 @@ Security
team. #569 CVE-2017-2784 team. #569 CVE-2017-2784
Bugfix Bugfix
* Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
Found by jethrogb, #836.
* Fix output certificate verification flags set by x509_crt_verify_top() when * Fix output certificate verification flags set by x509_crt_verify_top() when
traversing a chain of trusted CA. The issue would cause both flags, traversing a chain of trusted CA. The issue would cause both flags,
MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be

5
include/mbedtls/ssl.h
View File

@ -1804,13 +1804,12 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
* \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
* *
* \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
* allocation failure, MBEDTLS_ERR_BAD_INPUT_DATA on * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
* too long input hostname. * too long input hostname.
* *
* \post Hostname set to the one provided on success (cleared * Hostname set to the one provided on success (cleared
* when NULL). On allocation failure hostname is cleared. * when NULL). On allocation failure hostname is cleared.
* On too long input failure, old hostname is unchanged. * On too long input failure, old hostname is unchanged.
*
*/ */
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */

8
library/ssl_cli.c
View File

@ -80,6 +80,13 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
} }
/* /*
* Sect. 3, RFC 6066 (TLS Extensions Definitions)
*
* In order to provide any of the server names, clients MAY include an
* extension of type "server_name" in the (extended) client hello. The
* "extension_data" field of this extension SHALL contain
* "ServerNameList" where:
*
* struct { * struct {
* NameType name_type; * NameType name_type;
* select (name_type) { * select (name_type) {
@ -96,6 +103,7 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
* struct { * struct {
* ServerName server_name_list<1..2^16-1> * ServerName server_name_list<1..2^16-1>
* } ServerNameList; * } ServerNameList;
*
*/ */
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF );

2
library/ssl_tls.c
View File

@ -6225,7 +6225,7 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
return( 0 ); return( 0 );
} }
#endif #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,