moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-10 19:45:04 -05:00
Code Issues Releases Wiki Activity
d58ba66eec
curl/lib/vtls
History
Jay Satiro d58ba66eec mbedtls: Fix pinned key return value on fail 
- Switch from verifying a pinned public key in a callback during the
certificate verification to inline after the certificate verification.

The callback method had three problems:

1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH
was not returned.

2. If peer certificate verification was disabled the pinned key
verification did not take place as it should.

3. (related to #2) If there was no certificate of depth 0 the callback
would not have checked the pinned public key.

Though all those problems could have been fixed it would have made the
code more complex. Instead we now verify inline after the certificate
verification in mbedtls_connect_step2.

Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html
Ref: https://github.com/bagder/curl/pull/601
2016-01-18 03:48:10 -05:00
..
axtls.c axtls: add timeout within Curl_axtls_connect 2015-03-31 02:04:22 +02:00
axtls.h vtls: Removed unimplemented overrides of curlssl_close_all() 2015-01-17 16:41:03 +00:00
cyassl.c cyassl: deal with lack of *get_peer_certificate 2015-12-16 10:27:18 +01:00
cyassl.h cyassl: fixed mismatched sha256sum function prototype 2015-07-02 08:29:22 +02:00
darwinssl.c darwinsssl: add support for TLS False Start 2015-03-21 12:22:56 -05:00
darwinssl.h darwinsssl: add support for TLS False Start 2015-03-21 12:22:56 -05:00
gskit.c ssl: add server cert's "sha256//" hash to verbose 2015-09-19 23:17:39 +02:00
gskit.h gskit.h: Code policing of function pointer arguments 2015-01-17 17:02:01 +00:00
gtls.c http: add libcurl option to allow HTTP/2 for HTTPS only 2015-12-13 09:24:51 +01:00
gtls.h SSL: Pinned public key hash support 2015-07-01 19:43:47 +02:00
mbedtls.c mbedtls: Fix pinned key return value on fail 2016-01-18 03:48:10 -05:00
mbedtls.h mbedtls: implement CURLOPT_PINNEDPUBLICKEY 2016-01-10 00:17:26 +01:00
nss.c http: add libcurl option to allow HTTP/2 for HTTPS only 2015-12-13 09:24:51 +01:00
nssg.h SSL: Pinned public key hash support 2015-07-01 19:43:47 +02:00
openssl.c openssl: improved error detection/reporting 2016-01-14 21:25:30 +01:00
openssl.h openssl: build with < 0.9.8 2015-09-17 08:54:04 +02:00
polarssl_threadlock.c polarssl/mbedtls: fix name space pollution 2015-10-23 16:14:29 +02:00
polarssl_threadlock.h polarssl/mbedtls: fix name space pollution 2015-10-23 16:14:29 +02:00
polarssl.c http: add libcurl option to allow HTTP/2 for HTTPS only 2015-12-13 09:24:51 +01:00
polarssl.h polarssl/mbedtls: fix name space pollution 2015-10-23 16:14:29 +02:00
schannel.c schannel: Corrected copy/paste error in commit 8d17117683 2015-11-21 02:54:44 +00:00
schannel.h schannel: schannel_recv overhaul 2015-06-17 00:17:03 -04:00
vtls.c vtls: fix compiler warning for TLS backends without sha256 2015-10-20 08:12:44 +02:00
vtls.h vtls: added support for mbedTLS 2015-10-20 07:57:24 +02:00