feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Multicast

Browse Source 
1. Add haveMcast as an exception case for needing a signing key along
   with havePSK and haveAnon.
This commit is contained in:
John Safranek
2017-01-03 09:40:57 -08:00
parent 41638b437b
commit 30a54a4860
2 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/internal.c
View File

@ -3725,6 +3725,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
byte haveAnon = 0; byte haveAnon = 0;
byte newSSL; byte newSSL;
byte haveRSA = 0; byte haveRSA = 0;
byte haveMcast = 0;
(void) haveAnon; /* Squash unused var warnings */ (void) haveAnon; /* Squash unused var warnings */
if (!ssl || !ctx) if (!ssl || !ctx)
@ -3751,6 +3752,9 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
#ifdef HAVE_ANON #ifdef HAVE_ANON
haveAnon = ctx->haveAnon; haveAnon = ctx->haveAnon;
#endif /* HAVE_ANON*/ #endif /* HAVE_ANON*/
#ifdef WOLFSSL_MULTICAST
haveMcast = ctx->haveMcast;
#endif /* WOLFSSL_MULTICAST */
/* decrement previous CTX reference count if exists. /* decrement previous CTX reference count if exists.
* This should only happen if switching ctxs!*/ * This should only happen if switching ctxs!*/
@ -3885,11 +3889,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
ssl->options.haveStaticECC, ssl->options.side); ssl->options.haveStaticECC, ssl->options.side);
#if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT) #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
/* make sure server has cert and key unless using PSK or Anon /* make sure server has cert and key unless using PSK, Anon, or
* This should be true even if just switching ssl ctx */ * Multicast. This should be true even if just switching ssl ctx */
if (ssl->options.side == WOLFSSL_SERVER_END && !havePSK && !haveAnon) if (ssl->options.side == WOLFSSL_SERVER_END &&
!havePSK && !haveAnon && !haveMcast)
if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer
|| !ssl->buffers.key || !ssl->buffers.key->buffer) { || !ssl->buffers.key || !ssl->buffers.key->buffer) {
WOLFSSL_MSG("Server missing certificate and/or private key"); WOLFSSL_MSG("Server missing certificate and/or private key");
return NO_PRIVATE_KEY; return NO_PRIVATE_KEY;
} }

8
src/ssl.c
View File

@ -8746,12 +8746,12 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
{ {
word16 havePSK = 0; word16 havePSK = 0;
word16 haveAnon = 0; word16 haveAnon = 0;
word16 haveMcast = 0;
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
if (ssl->options.tls1_3) if (ssl->options.tls1_3)
return wolfSSL_accept_TLSv13(ssl); return wolfSSL_accept_TLSv13(ssl);
#endif #endif
WOLFSSL_ENTER("SSL_accept()"); WOLFSSL_ENTER("SSL_accept()");
#ifdef HAVE_ERRNO_H #ifdef HAVE_ERRNO_H
@ -8768,6 +8768,10 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#endif #endif
(void)haveAnon; (void)haveAnon;
#ifdef WOLFSSL_MULTICAST
haveMcast = ssl->options.haveMcast;
#endif
if (ssl->options.side != WOLFSSL_SERVER_END) { if (ssl->options.side != WOLFSSL_SERVER_END) {
WOLFSSL_ERROR(ssl->error = SIDE_ERROR); WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
return SSL_FATAL_ERROR; return SSL_FATAL_ERROR;
@ -8775,7 +8779,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
#ifndef NO_CERTS #ifndef NO_CERTS
/* in case used set_accept_state after init */ /* in case used set_accept_state after init */
if (!havePSK && !haveAnon && if (!havePSK && !haveAnon && !haveMcast &&
(!ssl->buffers.certificate || (!ssl->buffers.certificate ||
!ssl->buffers.certificate->buffer || !ssl->buffers.certificate->buffer ||
!ssl->buffers.key || !ssl->buffers.key ||