ssl_client2: Zeroize peer CRT info buffer when reconnecting

2025-11-03 12:11:27 -05:00 · 2019-02-26 11:38:29 +00:00 · 2019-02-26 11:38:29 +00:00 · a1051b4e9a
commit a1051b4e9a
parent fe9aec4cb1
1 changed files with 4 additions and 1 deletions
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@ -478,7 +478,7 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len )
 }

 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-static unsigned char peer_crt_info[1024] = { 0 };
+static unsigned char peer_crt_info[1024];

 /*
 * Enabled if debug_level > 1 in code below
@ -1512,6 +1512,7 @@ int main( int argc, char *argv[] )
    }

    mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
+    memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
 #endif /* MBEDTLS_X509_CRT_PARSE_C */

    if( opt.auth_mode != DFL_AUTH_MODE )
@ -2217,6 +2218,8 @@ reconnect:

        mbedtls_printf( "  . Reconnecting with saved session..." );

+        memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
+
        if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
        {
            mbedtls_printf( " failed\n  ! mbedtls_ssl_session_reset returned -0x%x\n\n",