summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDirk Engling <erdgeist@erdgeist.org>2022-05-20 14:55:01 +0200
committerDirk Engling <erdgeist@erdgeist.org>2022-05-20 14:55:01 +0200
commit7632890682859f37c873e7cd779fe28fcbe4ef3d (patch)
tree0d2a4305e907adb08b24973d9933266551eadfa3
parent1f52c6f3e0c8117aee9faa983b735e8df5e32ef6 (diff)
Add cert and key match check
-rwxr-xr-xvchat-tls.c19
1 files changed, 13 insertions, 6 deletions
diff --git a/vchat-tls.c b/vchat-tls.c
index 21a694f..bb139f1 100755
--- a/vchat-tls.c
+++ b/vchat-tls.c
@@ -509,7 +509,7 @@ int vc_tls_connect( int serverfd, vc_x509store_t *vc_store )
509 char password_buf[1024]; 509 char password_buf[1024];
510 while (1) { 510 while (1) {
511 ret = mbedtls_pk_parse_keyfile(&s->_key, vc_store->keyfile, password 511 ret = mbedtls_pk_parse_keyfile(&s->_key, vc_store->keyfile, password
512#if MBEDTLS_SSL_MAJOR_VERSION_3 >= 3 512#if MBEDTLS_VERSION_MAJOR >= 3
513 , mbedtls_ctr_drbg_random, &s->_ctr_drbg 513 , mbedtls_ctr_drbg_random, &s->_ctr_drbg
514#endif 514#endif
515 ); 515 );
@@ -526,12 +526,19 @@ int vc_tls_connect( int serverfd, vc_x509store_t *vc_store )
526 } 526 }
527 memset_s(password_buf, sizeof(password_buf), 0, sizeof(password_buf)); 527 memset_s(password_buf, sizeof(password_buf), 0, sizeof(password_buf));
528 528
529#if 0 529#if MBEDTLS_VERSION_MAJOR == 3 && MBEDTLS_VERSION_MINOR == 0
530 /* pk member made private in mbedtls 3 */ 530 if ((ret = mbedtls_pk_check_pair(&(s->_cert.MBEDTLS_PRIVATE(pk)), &s->_key
531 if (mbedtls_pk_check_pair(&(s->_cert.pk), &s->_key)) { 531#else
532 fprintf(stderr, "KEYPAIR MISSMATCH\n"); 532 if ((ret = mbedtls_pk_check_pair(&(s->_cert.pk), &s->_key
533 } 533#endif
534#if MBEDTLS_VERSION_MAJOR >= 3
535 , mbedtls_ctr_drbg_random, &s->_ctr_drbg
534#endif 536#endif
537 ))) {
538 vc_tls_report_error(ret, "ERROR: Cert and key mismatch, mbedtls reports: ");
539 return 1;
540 }
541
535 if ((ret = mbedtls_ssl_conf_own_cert(conf, &s->_cert, &s->_key)) != 0) { 542 if ((ret = mbedtls_ssl_conf_own_cert(conf, &s->_cert, &s->_key)) != 0) {
536 vc_tls_report_error(ret, "Setting key and cert to tls session fails, mbedtls reports: "); 543 vc_tls_report_error(ret, "Setting key and cert to tls session fails, mbedtls reports: ");
537 return -1; 544 return -1;