You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I did run tests locally, but it seems like the test did not run locally due to stunnel not being installed on my system.
(Side note: that test also never failed on CI test builds, are tests only ran with a single backend or why was it never caught during the PR?)
I had a look into the failing test, the problem is that mbedtls_x509_crt_parse of mbedTLS requires the terminating null-byte to be part of the data, while the passed length does not include the null-byte.
CURLOPT_SSLCERT_BLOB support was already added before my PR, so I had a look how this discrepancy was dealt with there, but it seems like it was not handled either. No tests seem to exist for this API, so I assume the same issue happens there, but was just never detected.
There are some issues about this null-termination requirement for mbedTLS:
Since CURLOPT_CAINFO_BLOB only supports PEM format certs, an easy fix would be to simply append the buffer with a null byte and increment the buffer length before calling mbedtls_x509_crt_parse.
@bagder What do you think about the proposed fix? If that seems fine then I'll work on creating PR for it.
Test 678 seems to fail in mebdtls builds: https://curl.zuul.vexxhost.dev/build/a9732e2c883a4672aabd1c89dc4e40bd
The exact error output is:
Originally posted by @bagder in #8071 (comment)
/cc @Floni
The text was updated successfully, but these errors were encountered: