cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-12-11 08:18:49 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix typo and changelog entry issues

Browse Source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2022-07-23 11:31:51 +08:00
parent 72a858517b
commit eec4f03c60
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog.d/fix-rsa-pss-rsae-compitable-issue.txt → ChangeLog.d/add-rsa-pss-rsae-support-for-tls12.txt
View File

@ -1,7 +1,8 @@
Bugfix Features
* When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate
declaring an RSA public key and Mbed TLS is configured in hybrid mode, if declaring an RSA public key and Mbed TLS is configured in hybrid mode, if
`rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then
the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm
for its signature in the key exchange message. As Mbed TLS 1.2 does not for its signature in the key exchange message. As Mbed TLS 1.2 does not
support them, the handshake fails. support them, the handshake fails. Add `rsa_pss_rsae_*` support for TLS 1.2
to resolve the compitablity issue.

4
tests/ssl-opt.sh
View File

@ -12730,7 +12730,7 @@ requires_openssl_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.2: Check rsa_pss_rsae compitable issue, m->O" \ run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->O" \
"$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key
-msg -tls1_2 -msg -tls1_2
-Verify 10 " \ -Verify 10 " \
@ -12746,7 +12746,7 @@ requires_gnutls_tls1_3
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_CLI_C
run_test "TLS 1.2: Check rsa_pss_rsae compitable issue, m->G" \ run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->G" \
"$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key
-d 4 -d 4
--priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \