cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] mbedtls: Implement CURLOPT_PINNEDPUBLICKEY

From: Thomas Glanzmann <thomas_at_glanzmann.de>
Date: Mon, 4 Jan 2016 17:18:16 +0100

Hello,

> At a quick glance it looks good to me, except it only supports DER/PEM
> as is, if you want to also support the new sha256// hashes you need to
> define curlssl_sha256sum in mbedtls, that *should* be fairly easy to do
> I'd hope.

I'm using this patch with sha256// on mbedtls since the time I posted it
in production. I defined the sha256sum function in the headerfile. It
works for me on mingw-win32 and Linux. I also tested it by supplying a
wrong hash and extensive debugging during development. But I removed
the debugging code once it worked correctly:

diff --git a/lib/vtls/mbedtls.h b/lib/vtls/mbedtls.h
index b930c10..3cb0dec 100644
--- a/lib/vtls/mbedtls.h
+++ b/lib/vtls/mbedtls.h
@@ -63,6 +63,7 @@ int Curl_mbedtls_shutdown(struct connectdata *conn, int sockindex);
 #define curlssl_check_cxn(x) (x=x, -1)
 #define curlssl_data_pending(x,y) (x=x, y=y, 0)
 #define CURL_SSL_BACKEND CURLSSLBACKEND_MBEDTLS
+#define curlssl_sha256sum(a,b,c,d) mbedtls_sha256(a,b,c,0)

 /* This might cause libcurl to use a weeker random!
    TODO: implement proper use of Polarssl's CTR-DRBG or HMAC-DRBG and use that

I was about to create a pull request on github because I did not get any
feedback for a week, but I would like to see patch merged, so if I
should change something, let me know. For me it works perfectly fine.

Cheers,
        Thomas
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2016-01-04