Commit 20370e65 authored by Deomid Ryabkov's avatar Deomid Ryabkov Committed by Cesanta Bot

Fix parsing of SSL cipher suite specs for mbedtls

The list of cipher suites must be retained while the context is alive.

PUBLISHED_FROM=a3a82e42c1214c54ae1a40fbc49bc26bca32c053
parent 67626d49
...@@ -4354,6 +4354,7 @@ struct mg_ssl_if_ctx { ...@@ -4354,6 +4354,7 @@ struct mg_ssl_if_ctx {
mbedtls_x509_crt *cert; mbedtls_x509_crt *cert;
mbedtls_pk_context *key; mbedtls_pk_context *key;
mbedtls_x509_crt *ca_cert; mbedtls_x509_crt *ca_cert;
struct mbuf cipher_suites;
}; };
/* Must be provided by the platform. ctx is struct mg_connection. */ /* Must be provided by the platform. ctx is struct mg_connection. */
...@@ -4399,6 +4400,7 @@ enum mg_ssl_if_result mg_ssl_if_conn_init( ...@@ -4399,6 +4400,7 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
} }
nc->ssl_if_data = ctx; nc->ssl_if_data = ctx;
ctx->conf = MG_CALLOC(1, sizeof(*ctx->conf)); ctx->conf = MG_CALLOC(1, sizeof(*ctx->conf));
mbuf_init(&ctx->cipher_suites, 0);
mbedtls_ssl_config_init(ctx->conf); mbedtls_ssl_config_init(ctx->conf);
mbedtls_ssl_conf_dbg(ctx->conf, mg_ssl_mbed_log, nc); mbedtls_ssl_conf_dbg(ctx->conf, mg_ssl_mbed_log, nc);
if (mbedtls_ssl_config_defaults( if (mbedtls_ssl_config_defaults(
...@@ -4561,6 +4563,7 @@ void mg_ssl_if_conn_free(struct mg_connection *nc) { ...@@ -4561,6 +4563,7 @@ void mg_ssl_if_conn_free(struct mg_connection *nc) {
mbedtls_ssl_config_free(ctx->conf); mbedtls_ssl_config_free(ctx->conf);
MG_FREE(ctx->conf); MG_FREE(ctx->conf);
} }
mbuf_free(&ctx->cipher_suites);
memset(ctx, 0, sizeof(*ctx)); memset(ctx, 0, sizeof(*ctx));
MG_FREE(ctx); MG_FREE(ctx);
} }
...@@ -4630,21 +4633,26 @@ static const int mg_s_cipher_list[] = { ...@@ -4630,21 +4633,26 @@ static const int mg_s_cipher_list[] = {
static enum mg_ssl_if_result mg_set_cipher_list(struct mg_ssl_if_ctx *ctx, static enum mg_ssl_if_result mg_set_cipher_list(struct mg_ssl_if_ctx *ctx,
const char *ciphers) { const char *ciphers) {
if (ciphers != NULL) { if (ciphers != NULL) {
int ids[50], n = 0, l, id; int l, id;
const char *s = ciphers; const char *s = ciphers;
char *e, tmp[50]; char *e, tmp[50];
while (s != NULL && n < (int) (sizeof(ids) / sizeof(ids[0])) - 1) { while (s != NULL) {
e = strchr(s, ':'); e = strchr(s, ':');
l = (e != NULL ? (e - s) : (int) strlen(s)); l = (e != NULL ? (e - s) : (int) strlen(s));
strncpy(tmp, s, l); strncpy(tmp, s, l);
tmp[l] = '\0';
id = mbedtls_ssl_get_ciphersuite_id(tmp); id = mbedtls_ssl_get_ciphersuite_id(tmp);
DBG(("%s -> %d", tmp, id)); DBG(("%s -> %04x", tmp, id));
if (id != 0) ids[n++] = id; if (id != 0) {
mbuf_append(&ctx->cipher_suites, &id, sizeof(id));
}
s = (e != NULL ? e + 1 : NULL); s = (e != NULL ? e + 1 : NULL);
} }
if (n == 0) return MG_SSL_ERROR; if (ctx->cipher_suites.len == 0) return MG_SSL_ERROR;
ids[n] = 0; id = 0;
mbedtls_ssl_conf_ciphersuites(ctx->conf, ids); mbuf_append(&ctx->cipher_suites, &id, sizeof(id));
mbedtls_ssl_conf_ciphersuites(ctx->conf,
(const int *) ctx->cipher_suites.buf);
} else { } else {
mbedtls_ssl_conf_ciphersuites(ctx->conf, mg_s_cipher_list); mbedtls_ssl_conf_ciphersuites(ctx->conf, mg_s_cipher_list);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment