diff options
author | Denis Kenzior <denkenz@gmail.com> | 2022-07-11 14:27:22 -0500 |
---|---|---|
committer | Denis Kenzior <denkenz@gmail.com> | 2022-07-26 20:44:00 -0500 |
commit | 36167628f27d11b58bdc3cc23bd6efcad8b368a7 (patch) | |
tree | a96e496e03ceb05b47e4de59d7dfc42f765f97c0 | |
parent | db27694d05db7e3f216759b3e7950526576d2d94 (diff) |
tls: Support peer certificates that use ECDSA
-rw-r--r-- | ell/tls.c | 24 |
1 files changed, 19 insertions, 5 deletions
@@ -2028,12 +2028,22 @@ static void tls_handle_certificate(struct l_tls *tls, return; } - if (!l_key_get_info(tls->peer_pubkey, L_KEY_RSA_PKCS1_V1_5, - L_CHECKSUM_NONE, &tls->peer_pubkey_size, - &dummy)) { + switch (l_cert_get_pubkey_type(tls->peer_cert)) { + case L_CERT_KEY_RSA: + if (!l_key_get_info(tls->peer_pubkey, L_KEY_RSA_PKCS1_V1_5, + L_CHECKSUM_NONE, + &tls->peer_pubkey_size, &dummy)) + goto pubkey_unsupported; + break; + case L_CERT_KEY_ECC: + if (!l_key_get_info(tls->peer_pubkey, L_KEY_ECDSA_X962, + L_CHECKSUM_SHA1, + &tls->peer_pubkey_size, &dummy)) + goto pubkey_unsupported; + break; + case L_CERT_KEY_UNKNOWN: TLS_DISCONNECT(TLS_ALERT_INTERNAL_ERROR, 0, - "Can't l_key_get_info for peer public key"); - + "Unknown public key type"); return; } @@ -2047,6 +2057,10 @@ static void tls_handle_certificate(struct l_tls *tls, return; +pubkey_unsupported: + TLS_DISCONNECT(TLS_ALERT_INTERNAL_ERROR, 0, + "Can't l_key_get_info for peer public key"); + return; decode_error: TLS_DISCONNECT(TLS_ALERT_DECODE_ERROR, 0, "TLS_CERTIFICATE decode error"); |