From 1f761153408c1be3773009c64b41f34d85ea199b Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Thu, 18 Feb 2010 18:16:31 +0000 Subject: [PATCH] - Fixed bug resulting in failure to send the last certificate in the chain in ssl_write_certificate() and ssl_write_certificate_request() --- ChangeLog | 6 ++++ library/debug.c | 2 +- library/ssl_srv.c | 2 +- library/ssl_tls.c | 2 +- tests/CMakeLists.txt | 1 + tests/suites/test_suite_debug.data | 3 ++ tests/suites/test_suite_debug.function | 38 ++++++++++++++++++++++++++ 7 files changed, 51 insertions(+), 3 deletions(-) create mode 100644 tests/suites/test_suite_debug.data create mode 100644 tests/suites/test_suite_debug.function diff --git a/ChangeLog b/ChangeLog index 1002e9d8d9..560f552266 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ PolarSSL ChangeLog += Version 0.12.2 released on XXXXXXXX +Bug fixes + * Fixed bug resulting in failure to send the last + certificate in the chain in ssl_write_certificate() and + ssl_write_certificate_request() (Found by fatbob) + = Version 0.12.1 released on 2009-10-04 Changes * Coverage test definitions now support 'depends_on' diff --git a/library/debug.c b/library/debug.c index c263e49bab..843b9f5ce7 100644 --- a/library/debug.c +++ b/library/debug.c @@ -182,7 +182,7 @@ void debug_print_crt( ssl_context *ssl, int level, prefix[maxlen] = '\0'; maxlen = sizeof( str ) - 1; - while( crt != NULL && crt->next != NULL ) + while( crt != NULL && crt->version != 0 ) { char buf[1024]; x509parse_cert_info( buf, sizeof( buf ) - 1, prefix, crt ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 157a909934..57fe82dc8a 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -485,7 +485,7 @@ static int ssl_write_certificate_request( ssl_context *ssl ) p += 2; crt = ssl->ca_chain; - while( crt != NULL && crt->next != NULL ) + while( crt != NULL && crt->version != 0 ) { if( p - buf > 4096 ) break; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 17279ee7ee..edd1b8e25e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1160,7 +1160,7 @@ int ssl_write_certificate( ssl_context *ssl ) i = 7; crt = ssl->own_cert; - while( crt != NULL && crt->next != NULL ) + while( crt != NULL && crt->version != 0 ) { n = crt->raw.len; if( i + 3 + n > SSL_MAX_CONTENT_LEN ) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index a5af621dc9..5f7311276e 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -25,3 +25,4 @@ add_test_suite(rsa) add_test_suite(xtea) add_test_suite(dhm) add_test_suite(x509parse) +add_test_suite(debug) diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data new file mode 100644 index 0000000000..96bb063dd9 --- /dev/null +++ b/tests/suites/test_suite_debug.data @@ -0,0 +1,3 @@ +Debug print certificate #1 +debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2009-02-09 21\:12\:35\nMyFile(0999)\: expires on \: 2011-02-09 21\:12\:35\nMyFile(0999)\: signed using \: RSA+SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: ae 92 63 59 74 68 a4 aa 89 50 42 f2 e7 27 09 2c\nMyFile(0999)\: a5 86 99 09 28 52 5d 6e 32 f5 93 18 35 0e 2b 28\nMyFile(0999)\: 6d 11 20 49 f2 21 0d d6 fc e6 dc de 40 93 7b 29\nMyFile(0999)\: ee 4b 4c 28 4f e4 8c 38 12 de 10 69 f7 ba 40 e8\nMyFile(0999)\: 74 80 a6 19 36 63 e0 37 93 39 f6 00 8e 3c 5a fd\nMyFile(0999)\: dc 8e 50 c1 41 7c bf ff c9 bb e2 ad 7c 8d b1 a4\nMyFile(0999)\: 1a 8b 3e 1f 1a 28 9b e6 93 4b 74 c3 e9 ab 2c c8\nMyFile(0999)\: 93 cf f6 02 a1 c9 4b 9e f9 f6 fa a6 95 98 6c 32\nMyFile(0999)\: 85 c0 f4 e7 b0 ec 50 af 17 52 49 21 80 9f 0d c8\nMyFile(0999)\: 37 73 74 42 3e 06 7f 29 29 1d 6a 9a 71 0f 70 ea\nMyFile(0999)\: c8 49 0d d7 3b 7e c2 ed 9b 33 dd 64 e9 8f df 85\nMyFile(0999)\: 81 c3 b1 c5 50 b6 55 2c c8 88 ed fd c4 cf 14 4f\nMyFile(0999)\: 49 d8 76 5c 1d 95 ef 34 e8 d7 74 aa 1e d2 ff 1d\nMyFile(0999)\: 19 27 19 de af b5 7a 71 c3 fb 38 11 ca da 78 2c\nMyFile(0999)\: 9b 32 3e 5f 31 eb c9 6e 43 eb 3d a5 c1 36 e2 86\nMyFile(0999)\: 49 1c 68 d7 5b f1 01 d0 29 16 d0 3a 44 36 5c 77\nMyFile(0999)\: value of 'crt->rsa.E' (32 bits) is\:\nMyFile(0999)\: 00 01 00 01\n" + diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function new file mode 100644 index 0000000000..c21bab659a --- /dev/null +++ b/tests/suites/test_suite_debug.function @@ -0,0 +1,38 @@ +BEGIN_HEADER +#include + +struct buffer_data +{ + char buf[2000]; + char *ptr; +}; + +void string_debug(void *data, int level, char *str) +{ + struct buffer_data *buffer = (struct buffer_data *) data; + + memcpy(buffer->ptr, str, strlen(str)); + buffer->ptr += strlen(str); +} +END_HEADER + +BEGIN_CASE +debug_print_crt:crt_file:file:line:prefix:result_str +{ + x509_cert crt; + ssl_context ssl; + struct buffer_data buffer; + + memset( &crt, 0, sizeof( x509_cert ) ); + memset( &ssl, 0, sizeof( ssl_context ) ); + memset( buffer.buf, 0, 2000 ); + buffer.ptr = buffer.buf; + + ssl_set_dbg(&ssl, string_debug, &buffer); + + TEST_ASSERT( x509parse_crtfile( &crt, {crt_file} ) == 0 ); + debug_print_crt( &ssl, 0, {file}, {line}, {prefix}, &crt); + + TEST_ASSERT( strcmp( buffer.buf, {result_str} ) == 0 ); +} +END_CASE