Flag certificate verification functions with MBEDTLS_X509_CRT_PARSE_C. #8465
Conversation
There was a problem hiding this comment.
This line (183) tries to access struct member hostname which is not there with this setup
/* Start the handshake, the rest will be done in onReceive() */ tr_info("Starting TLS handshake with %s", _ssl.hostname);
The same on line (195):
/* It also means the handshake is done, time to print info */ tr_info("TLS connection to %s established\r\n", _ssl.hostname);
The struct mbedtls_ssl_context in ssl.h has the following macro check:
#if defined(MBEDTLS_X509_CRT_PARSE_C) char *hostname; /*!< expected peer CN for verification (and SNI if available) */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
If Mbed TLS support for X509 is not compiled in, this class would not compile anymore. However, there might be other uses for it, even if certificates are not used. Therefore add flagging for X509 only on specific functions.
SeppoTakalo
force-pushed
the
secure_socket
branch
from
9c3f877 to
c7643ea
Compare
|
Good catch. Thank you. I don't know why it did not break the build. Fixed now. |
|
Looks good now. (seems I can not change my review anymore) |
...Huh. Thanks for the heads up. |
|
/morph build |
Build : SUCCESSBuild number : 3420 Triggering tests/morph test |
Exporter Build : SUCCESSBuild number : 3044 |
Test : SUCCESSBuild number : 3214 |
|
This functionality is not coming in until 5.11 thus updating the release for this PR |
Description
If Mbed TLS support for X509 is not compiled in,
TLSSocketWrapperclass wouldnot compile anymore. However, there might be other uses for it, even
if certificates are not used. Therefore add flagging for X509 only
on specific functions.
It has been reported to me, that this issue might became visible if somebody tries to create minimal Mbed TLS configuration file, for example Client Lite does it.
@juhoeskeli Please review.
Pull request type