- Fixed bug resulting in failure to send the last certificate in the chain in ssl_write_certificate() and ssl_write_certificate_request()

2025-11-03 20:22:59 -05:00 · 2010-02-18 18:16:31 +00:00 · 2010-02-18 18:16:31 +00:00 · 1f76115340
commit 1f76115340
parent 361e6382db
7 changed files with 51 additions and 3 deletions
--- a/6
+++ b/6
@ -1,5 +1,11 @@
 PolarSSL ChangeLog

+= Version 0.12.2 released on XXXXXXXX
+Bug fixes
+   * Fixed bug resulting in failure to send the last
+     certificate in the chain in ssl_write_certificate() and
+	 ssl_write_certificate_request() (Found by fatbob)
+
 = Version 0.12.1 released on 2009-10-04
 Changes
   * Coverage test definitions now support 'depends_on'
--- a/library/debug.c
+++ b/library/debug.c
@ -182,7 +182,7 @@ void debug_print_crt( ssl_context *ssl, int level,
    prefix[maxlen] = '\0';
    maxlen = sizeof( str ) - 1;

-    while( crt != NULL && crt->next != NULL )
+    while( crt != NULL && crt->version != 0 )
    {
        char buf[1024];
        x509parse_cert_info( buf, sizeof( buf ) - 1, prefix, crt );
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -485,7 +485,7 @@ static int ssl_write_certificate_request( ssl_context *ssl )
    p += 2;
    crt = ssl->ca_chain;

-    while( crt != NULL && crt->next != NULL )
+    while( crt != NULL && crt->version != 0 )
    {
        if( p - buf > 4096 )
            break;
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -1160,7 +1160,7 @@ int ssl_write_certificate( ssl_context *ssl )
    i = 7;
    crt = ssl->own_cert;

-    while( crt != NULL && crt->next != NULL )
+    while( crt != NULL && crt->version != 0 )
    {
        n = crt->raw.len;
        if( i + 3 + n > SSL_MAX_CONTENT_LEN )
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@ -25,3 +25,4 @@ add_test_suite(rsa)
 add_test_suite(xtea)
 add_test_suite(dhm)
 add_test_suite(x509parse)
+add_test_suite(debug)
--- a/tests/suites/test_suite_debug.data
+++ b/tests/suites/test_suite_debug.data
@ -0,0 +1,3 @@
+Debug print certificate #1
+debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name   \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name  \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued  on    \: 2009-02-09 21\:12\:35\nMyFile(0999)\: expires on    \: 2011-02-09 21\:12\:35\nMyFile(0999)\: signed using  \: RSA+SHA1\nMyFile(0999)\: RSA key size  \: 2048 bits\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\:  ae 92 63 59 74 68 a4 aa 89 50 42 f2 e7 27 09 2c\nMyFile(0999)\:  a5 86 99 09 28 52 5d 6e 32 f5 93 18 35 0e 2b 28\nMyFile(0999)\:  6d 11 20 49 f2 21 0d d6 fc e6 dc de 40 93 7b 29\nMyFile(0999)\:  ee 4b 4c 28 4f e4 8c 38 12 de 10 69 f7 ba 40 e8\nMyFile(0999)\:  74 80 a6 19 36 63 e0 37 93 39 f6 00 8e 3c 5a fd\nMyFile(0999)\:  dc 8e 50 c1 41 7c bf ff c9 bb e2 ad 7c 8d b1 a4\nMyFile(0999)\:  1a 8b 3e 1f 1a 28 9b e6 93 4b 74 c3 e9 ab 2c c8\nMyFile(0999)\:  93 cf f6 02 a1 c9 4b 9e f9 f6 fa a6 95 98 6c 32\nMyFile(0999)\:  85 c0 f4 e7 b0 ec 50 af 17 52 49 21 80 9f 0d c8\nMyFile(0999)\:  37 73 74 42 3e 06 7f 29 29 1d 6a 9a 71 0f 70 ea\nMyFile(0999)\:  c8 49 0d d7 3b 7e c2 ed 9b 33 dd 64 e9 8f df 85\nMyFile(0999)\:  81 c3 b1 c5 50 b6 55 2c c8 88 ed fd c4 cf 14 4f\nMyFile(0999)\:  49 d8 76 5c 1d 95 ef 34 e8 d7 74 aa 1e d2 ff 1d\nMyFile(0999)\:  19 27 19 de af b5 7a 71 c3 fb 38 11 ca da 78 2c\nMyFile(0999)\:  9b 32 3e 5f 31 eb c9 6e 43 eb 3d a5 c1 36 e2 86\nMyFile(0999)\:  49 1c 68 d7 5b f1 01 d0 29 16 d0 3a 44 36 5c 77\nMyFile(0999)\: value of 'crt->rsa.E' (32 bits) is\:\nMyFile(0999)\:  00 01 00 01\n"
+
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@ -0,0 +1,38 @@
+BEGIN_HEADER
+#include <polarssl/debug.h>
+
+struct buffer_data
+{
+    char buf[2000];
+    char *ptr;
+};
+
+void string_debug(void *data, int level, char *str)
+{
+    struct buffer_data *buffer = (struct buffer_data *) data;
+
+    memcpy(buffer->ptr, str, strlen(str));
+    buffer->ptr += strlen(str);
+}
+END_HEADER
+
+BEGIN_CASE
+debug_print_crt:crt_file:file:line:prefix:result_str
+{
+    x509_cert   crt;
+    ssl_context ssl;
+    struct buffer_data buffer;
+
+    memset( &crt, 0, sizeof( x509_cert ) );
+    memset( &ssl, 0, sizeof( ssl_context ) );
+    memset( buffer.buf, 0, 2000 );
+    buffer.ptr = buffer.buf; 
+
+    ssl_set_dbg(&ssl, string_debug, &buffer);
+
+    TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 );
+    debug_print_crt( &ssl, 0, {file}, {line}, {prefix}, &crt);
+
+    TEST_ASSERT( strcmp( buffer.buf, {result_str} ) == 0 );
+}
+END_CASE