diff options
author | Dirk Engling <erdgeist@erdgeist.org> | 2022-05-20 14:55:01 +0200 |
---|---|---|
committer | Dirk Engling <erdgeist@erdgeist.org> | 2022-05-20 14:55:01 +0200 |
commit | 7632890682859f37c873e7cd779fe28fcbe4ef3d (patch) | |
tree | 0d2a4305e907adb08b24973d9933266551eadfa3 | |
parent | 1f52c6f3e0c8117aee9faa983b735e8df5e32ef6 (diff) |
Add cert and key match check
-rwxr-xr-x | vchat-tls.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/vchat-tls.c b/vchat-tls.c index 21a694f..bb139f1 100755 --- a/vchat-tls.c +++ b/vchat-tls.c | |||
@@ -509,7 +509,7 @@ int vc_tls_connect( int serverfd, vc_x509store_t *vc_store ) | |||
509 | char password_buf[1024]; | 509 | char password_buf[1024]; |
510 | while (1) { | 510 | while (1) { |
511 | ret = mbedtls_pk_parse_keyfile(&s->_key, vc_store->keyfile, password | 511 | ret = mbedtls_pk_parse_keyfile(&s->_key, vc_store->keyfile, password |
512 | #if MBEDTLS_SSL_MAJOR_VERSION_3 >= 3 | 512 | #if MBEDTLS_VERSION_MAJOR >= 3 |
513 | , mbedtls_ctr_drbg_random, &s->_ctr_drbg | 513 | , mbedtls_ctr_drbg_random, &s->_ctr_drbg |
514 | #endif | 514 | #endif |
515 | ); | 515 | ); |
@@ -526,12 +526,19 @@ int vc_tls_connect( int serverfd, vc_x509store_t *vc_store ) | |||
526 | } | 526 | } |
527 | memset_s(password_buf, sizeof(password_buf), 0, sizeof(password_buf)); | 527 | memset_s(password_buf, sizeof(password_buf), 0, sizeof(password_buf)); |
528 | 528 | ||
529 | #if 0 | 529 | #if MBEDTLS_VERSION_MAJOR == 3 && MBEDTLS_VERSION_MINOR == 0 |
530 | /* pk member made private in mbedtls 3 */ | 530 | if ((ret = mbedtls_pk_check_pair(&(s->_cert.MBEDTLS_PRIVATE(pk)), &s->_key |
531 | if (mbedtls_pk_check_pair(&(s->_cert.pk), &s->_key)) { | 531 | #else |
532 | fprintf(stderr, "KEYPAIR MISSMATCH\n"); | 532 | if ((ret = mbedtls_pk_check_pair(&(s->_cert.pk), &s->_key |
533 | } | 533 | #endif |
534 | #if MBEDTLS_VERSION_MAJOR >= 3 | ||
535 | , mbedtls_ctr_drbg_random, &s->_ctr_drbg | ||
534 | #endif | 536 | #endif |
537 | ))) { | ||
538 | vc_tls_report_error(ret, "ERROR: Cert and key mismatch, mbedtls reports: "); | ||
539 | return 1; | ||
540 | } | ||
541 | |||
535 | if ((ret = mbedtls_ssl_conf_own_cert(conf, &s->_cert, &s->_key)) != 0) { | 542 | if ((ret = mbedtls_ssl_conf_own_cert(conf, &s->_cert, &s->_key)) != 0) { |
536 | vc_tls_report_error(ret, "Setting key and cert to tls session fails, mbedtls reports: "); | 543 | vc_tls_report_error(ret, "Setting key and cert to tls session fails, mbedtls reports: "); |
537 | return -1; | 544 | return -1; |