From 9840c215f3f1ee40b906b4c15a7393cf3bca9d40 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 4 Apr 2019 15:02:01 +0300 Subject: [PATCH] Add guards for MBEDTLS_X509_CRL_PARSE_C in sample Add checks in `ssl_server2` that `MBEDTLS_X509_CRL_PARSE_C` is defined to fix compilation issue. Fixes #560. --- ChangeLog | 2 ++ programs/ssl/ssl_server2.c | 21 +++++++++++++++++---- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2c031a1890d6..40d89abce356 100644 --- a/ChangeLog +++ b/ChangeLog @@ -50,6 +50,8 @@ Bugfix extensions in CSRs and CRTs that caused these bitstrings to not be encoded correctly as trailing zeroes were not accounted for as unused bits in the leading content octet. Fixes #1610. + * Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl + sni entry parameter. Reported by inestlerode in #560. Changes * Include configuration file in all header files that use configuration, diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index ec23c8a85c0d..e8e5cd1b6fee 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -229,8 +229,14 @@ int main( void ) #endif /* MBEDTLS_SSL_CACHE_C */ #if defined(SNI_OPTION) +#if defined(MBEDTLS_X509_CRL_PARSE_C) +#define SNI_CRL ",crl" +#else +#define SNI_CRL "" +#endif + #define USAGE_SNI \ - " sni=%%s name1,cert1,key1,ca1,crl1,auth1[,...]\n" \ + " sni=%%s name1,cert1,key1,ca1"SNI_CRL",auth1[,...]\n" \ " default: disabled\n" #else #define USAGE_SNI "" @@ -565,10 +571,10 @@ void sni_free( sni_entry *head ) mbedtls_x509_crt_free( cur->ca ); mbedtls_free( cur->ca ); - +#if defined(MBEDTLS_X509_CRL_PARSE_C) mbedtls_x509_crl_free( cur->crl ); mbedtls_free( cur->crl ); - +#endif next = cur->next; mbedtls_free( cur ); cur = next; @@ -587,7 +593,10 @@ sni_entry *sni_parse( char *sni_string ) sni_entry *cur = NULL, *new = NULL; char *p = sni_string; char *end = p; - char *crt_file, *key_file, *ca_file, *crl_file, *auth_str; + char *crt_file, *key_file, *ca_file, *auth_str; +#if defined(MBEDTLS_X509_CRL_PARSE_C) + char *crl_file; +#endif while( *end != '\0' ) ++end; @@ -605,7 +614,9 @@ sni_entry *sni_parse( char *sni_string ) GET_ITEM( crt_file ); GET_ITEM( key_file ); GET_ITEM( ca_file ); +#if defined(MBEDTLS_X509_CRL_PARSE_C) GET_ITEM( crl_file ); +#endif GET_ITEM( auth_str ); if( ( new->cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL || @@ -630,6 +641,7 @@ sni_entry *sni_parse( char *sni_string ) goto error; } +#if defined(MBEDTLS_X509_CRL_PARSE_C) if( strcmp( crl_file, "-" ) != 0 ) { if( ( new->crl = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ) ) == NULL ) @@ -640,6 +652,7 @@ sni_entry *sni_parse( char *sni_string ) if( mbedtls_x509_crl_parse_file( new->crl, crl_file ) != 0 ) goto error; } +#endif if( strcmp( auth_str, "-" ) != 0 ) {