[En-Nut-Discussion] Problem with new TLS

Ole Reinhardt ole.reinhardt at embedded-it.de
Fri Jul 11 16:08:57 CEST 2014


Hi Harald,

Am 11.07.2014 15:21, schrieb Harald Kipp:
> the following part of tls1.c:add_cert() looks weird:

:-) I will have a look on it ASAP, as I'm using the library in the
current project any way...

>  while (ssl_ctx->certs[i].buf && i < TLS_SSL_MAX_CERTS)
>    i++;
>  if (i == TLS_SSL_MAX_CERTS) /* too many certs */
> 
> It first accesses certs[TLS_SSL_MAX_CERTS], which doesn't exist and then
> checks, whether this access may have been illegal. Not really the code
> quality I'd expect from security sensitive routines. :-(

Indeed. I found another issue, which I fixed recently. The code itself
is from the axtls project, as you know.

> Btw. I'd consider TLS being a protocol and I'm wondering, why it hasn't
> been stored in nut/pro/tls.

My thought was, that is is much more than a protocol. It contains
several code to check and handle certificates, etc...
The second thought was to not blow up the nutpro library for all people
that do not want to use TLS.

But if you think it should be better located there, we can move it...

Best regards,

Ole

-- 
kernel concepts GmbH            Tel: +49-271-771091-14
Sieghuetter Hauptweg 48         Mob: +49-177-7420433
D-57072 Siegen
http://www.embedded-it.de
http://www.kernelconcepts.de


More information about the En-Nut-Discussion mailing list