mirror/mongoose
1
0
Fork 0
mirror of https://github.com/cesanta/mongoose.git synced 2024-11-24 19:19:00 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Fix parsing of SSL cipher suite specs for mbedtls

Browse Source 
The list of cipher suites must be retained while the context is alive.

PUBLISHED_FROM=a3a82e42c1214c54ae1a40fbc49bc26bca32c053
This commit is contained in:
Deomid Ryabkov 2017-01-10 14:21:02 +01:00 committed by Cesanta Bot
parent 67626d49c9
commit 20370e65d6
1 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
mongoose.c
View File

@ -4354,6 +4354,7 @@ struct mg_ssl_if_ctx {
mbedtls_x509_crt *cert; mbedtls_x509_crt *cert;
mbedtls_pk_context *key; mbedtls_pk_context *key;
mbedtls_x509_crt *ca_cert; mbedtls_x509_crt *ca_cert;
struct mbuf cipher_suites;
}; };
/* Must be provided by the platform. ctx is struct mg_connection. */ /* Must be provided by the platform. ctx is struct mg_connection. */
@ -4399,6 +4400,7 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
} }
nc->ssl_if_data = ctx; nc->ssl_if_data = ctx;
ctx->conf = MG_CALLOC(1, sizeof(*ctx->conf)); ctx->conf = MG_CALLOC(1, sizeof(*ctx->conf));
mbuf_init(&ctx->cipher_suites, 0);
mbedtls_ssl_config_init(ctx->conf); mbedtls_ssl_config_init(ctx->conf);
mbedtls_ssl_conf_dbg(ctx->conf, mg_ssl_mbed_log, nc); mbedtls_ssl_conf_dbg(ctx->conf, mg_ssl_mbed_log, nc);
if (mbedtls_ssl_config_defaults( if (mbedtls_ssl_config_defaults(
@ -4561,6 +4563,7 @@ void mg_ssl_if_conn_free(struct mg_connection *nc) {
mbedtls_ssl_config_free(ctx->conf); mbedtls_ssl_config_free(ctx->conf);
MG_FREE(ctx->conf); MG_FREE(ctx->conf);
} }
mbuf_free(&ctx->cipher_suites);
memset(ctx, 0, sizeof(*ctx)); memset(ctx, 0, sizeof(*ctx));
MG_FREE(ctx); MG_FREE(ctx);
} }
@ -4630,21 +4633,26 @@ static const int mg_s_cipher_list[] = {
static enum mg_ssl_if_result mg_set_cipher_list(struct mg_ssl_if_ctx *ctx, static enum mg_ssl_if_result mg_set_cipher_list(struct mg_ssl_if_ctx *ctx,
const char *ciphers) { const char *ciphers) {
if (ciphers != NULL) { if (ciphers != NULL) {
int ids[50], n = 0, l, id; int l, id;
const char *s = ciphers; const char *s = ciphers;
char *e, tmp[50]; char *e, tmp[50];
while (s != NULL && n < (int) (sizeof(ids) / sizeof(ids[0])) - 1) { while (s != NULL) {
e = strchr(s, ':'); e = strchr(s, ':');
l = (e != NULL ? (e - s) : (int) strlen(s)); l = (e != NULL ? (e - s) : (int) strlen(s));
strncpy(tmp, s, l); strncpy(tmp, s, l);
tmp[l] = '\0';
id = mbedtls_ssl_get_ciphersuite_id(tmp); id = mbedtls_ssl_get_ciphersuite_id(tmp);
DBG(("%s -> %d", tmp, id)); DBG(("%s -> %04x", tmp, id));
if (id != 0) ids[n++] = id; if (id != 0) {
mbuf_append(&ctx->cipher_suites, &id, sizeof(id));
}
s = (e != NULL ? e + 1 : NULL); s = (e != NULL ? e + 1 : NULL);
} }
if (n == 0) return MG_SSL_ERROR; if (ctx->cipher_suites.len == 0) return MG_SSL_ERROR;
ids[n] = 0; id = 0;
mbedtls_ssl_conf_ciphersuites(ctx->conf, ids); mbuf_append(&ctx->cipher_suites, &id, sizeof(id));
mbedtls_ssl_conf_ciphersuites(ctx->conf,
(const int *) ctx->cipher_suites.buf);
} else { } else {
mbedtls_ssl_conf_ciphersuites(ctx->conf, mg_s_cipher_list); mbedtls_ssl_conf_ciphersuites(ctx->conf, mg_s_cipher_list);
} }