Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions examples/tls_backend_testcases.sh
Original file line number Diff line number Diff line change
Expand Up @@ -1583,6 +1583,34 @@ run_pki_cn_fallback () {
fi
}

run_pki_bad_cn_or_san () {
case_name=pki_bad_cn_or_san
echo -n "PKI bad returned CN or SAN - "
pki_dir=$LOGDIR/pki

if ! generate_pki_files "$case_name"; then
fail_case "$case_name" "certificate generation failed"
return
fi
if ! start_pki_server "$case_name" "$pki_dir/alt_server.pem" \
"$pki_dir/alt_server.key"; then
fail_case "$case_name" "server did not start"
return
fi

run_pki_client "$case_name" "$pki_dir/ca.pem" "$CLIENT_TIMEOUT"

if assert_not_contains "$LOGDIR/$case_name.client" "COAP_EVENT_DTLS_CONNECTED" &&
assert_not_contains "$LOGDIR/$case_name.client" "2\\.05" &&
assert_contains "$LOGDIR/$case_name.client" "CN 'default.invalid' presented by server" &&
assert_not_contains "$LOGDIR/$case_name.server" "call handler for pseudo resource '.well-known/core'"; then
pass_case
else
fail_case "$case_name" "PKI CN or SAN not rejected"
fi
}


run_pki_sni () {
case_name=pki_sni
echo -n "PKI SNI certificate selection - "
Expand Down Expand Up @@ -1671,6 +1699,7 @@ run_psk_pki_dual_mode
run_pki_missing_client_cert
run_pki_san_preferred_over_cn
run_pki_cn_fallback
run_pki_bad_cn_or_san
run_pki_sni
run_wrong_pki_ca

Expand Down
2 changes: 1 addition & 1 deletion src/coap_netif.c
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ coap_netif_strm_read(coap_session_t *session, uint8_t *data, size_t datalen) {
int keep_errno = errno;

if (bytes_read >= 0) {
coap_log_debug("* %s: netif: recv %4" PRIdS " bytes\n",
coap_log_debug("* %s: netif: read %4" PRIdS " bytes\n",
coap_session_str(session), bytes_read);
} else if (bytes_read == -1 && errno != EAGAIN) {
coap_log_debug("* %s: netif: failed to receive any bytes (%s) state %d\n",
Expand Down
7 changes: 7 additions & 0 deletions src/coap_openssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -1003,6 +1003,11 @@ coap_dtls_info_callback(const SSL *ssl, int where, int ret) {
coap_session_str(session), ERR_reason_error_string(e),
ssl_function_definition(e));
}
} else {
long e;

while ((e = ERR_get_error())) {
}
}
}
}
Expand Down Expand Up @@ -1042,6 +1047,7 @@ coap_sock_read(BIO *a, char *out, int outl) {
if (ret == 0) {
BIO_set_retry_read(a);
ret = -1;
errno = EAGAIN;
} else {
BIO_clear_retry_flags(a);
}
Expand Down Expand Up @@ -1073,6 +1079,7 @@ coap_sock_write(BIO *a, const char *in, int inl) {
if (ret == 0) {
BIO_set_retry_read(a);
ret = -1;
errno = EAGAIN;
} else {
BIO_clear_retry_flags(a);
if (ret == -1) {
Expand Down
3 changes: 3 additions & 0 deletions src/coap_wolfssl.c
Original file line number Diff line number Diff line change
Expand Up @@ -2119,6 +2119,9 @@ setup_client_ssl_session(coap_session_t *session, WOLFSSL *ssl) {
#endif /* !COAP_DISABLE_TCP */
coap_log_debug("CoAP Client restricted to (D)TLS1.2 with Identity Hint callback\n");
}
if (COAP_PROTO_NOT_RELIABLE(session->proto)) {
set_ciphersuites(ssl, COAP_ENC_PSK);
}

/* Issue SNI if requested */
if (setup_data->client_sni &&
Expand Down
Loading