diff --git a/ChangeLog b/ChangeLog index f155a02f1..f37634166 100644 --- a/ChangeLog +++ b/ChangeLog @@ -47,6 +47,9 @@ Changes Contributed by Peter Kolbus (Garmin). * Change wording in the `mbedtls_ssl_conf_max_frag_len()`'s documentation to improve clarity. Fixes #2258. + * Improve debug output of ssl_client2 and ssl_server2 in case suitable + test CRTs are available because MBEDTLS_PEM_PARSE_C is disabled. + Fixes #2254. = mbed TLS 2.7.10 branch released 2019-03-19 diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 81514321f..c63c4f75a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1072,20 +1072,20 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Loading the CA root certificate ..." ); fflush( stdout ); + if( strcmp( opt.ca_path, "none" ) == 0 || + strcmp( opt.ca_file, "none" ) == 0 ) + { + ret = 0; + } + else #if defined(MBEDTLS_FS_IO) if( strlen( opt.ca_path ) ) - if( strcmp( opt.ca_path, "none" ) == 0 ) - ret = 0; - else - ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path ); + ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path ); else if( strlen( opt.ca_file ) ) - if( strcmp( opt.ca_file, "none" ) == 0 ) - ret = 0; - else - ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ); + ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ); else #endif -#if defined(MBEDTLS_CERTS_C) +#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C) for( i = 0; mbedtls_test_cas[i] != NULL; i++ ) { ret = mbedtls_x509_crt_parse( &cacert, @@ -1097,9 +1097,13 @@ int main( int argc, char *argv[] ) #else { ret = 1; - mbedtls_printf("MBEDTLS_CERTS_C not defined."); +#if !defined(MBEDTLS_CERTS_C) + mbedtls_printf( "MBEDTLS_CERTS_C not defined." ); +#else + mbedtls_printf( "All test CRTs loaded via MBEDTLS_CERTS_C are PEM-encoded, but MBEDTLS_PEM_PARSE_C is disabled." ); } -#endif +#endif /* MBEDTLS_CERTS_C */ +#endif /* MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C */ if( ret < 0 ) { mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); @@ -1116,46 +1120,54 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Loading the client cert. and key..." ); fflush( stdout ); + if( strcmp( opt.crt_file, "none" ) == 0 ) + ret = 0; + else #if defined(MBEDTLS_FS_IO) if( strlen( opt.crt_file ) ) - if( strcmp( opt.crt_file, "none" ) == 0 ) - ret = 0; - else - ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file ); + ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file ); else #endif -#if defined(MBEDTLS_CERTS_C) +#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C) ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt, mbedtls_test_cli_crt_len ); #else { ret = 1; - mbedtls_printf("MBEDTLS_CERTS_C not defined."); +#if !defined(MBEDTLS_CERTS_C) + mbedtls_printf( "MBEDTLS_CERTS_C not defined." ); +#else + mbedtls_printf( "All test CRTs loaded via MBEDTLS_CERTS_C are PEM-encoded, but MBEDTLS_PEM_PARSE_C is disabled." ); } -#endif +#endif /* MBEDTLS_CERTS_C */ +#endif /* MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C */ if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); goto exit; } + if( strcmp( opt.key_file, "none" ) == 0 ) + ret = 0; + else #if defined(MBEDTLS_FS_IO) if( strlen( opt.key_file ) ) - if( strcmp( opt.key_file, "none" ) == 0 ) - ret = 0; - else - ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ); + ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ); else #endif -#if defined(MBEDTLS_CERTS_C) +#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C) ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key, mbedtls_test_cli_key_len, NULL, 0 ); #else { ret = 1; - mbedtls_printf("MBEDTLS_CERTS_C not defined."); +#if !defined(MBEDTLS_CERTS_C) + mbedtls_printf( "MBEDTLS_CERTS_C not defined." ); +#else + mbedtls_printf( "All test keys loaded via MBEDTLS_CERTS_C are PEM-encoded, but MBEDTLS_PEM_PARSE_C is disabled." ); } -#endif +#endif /* MBEDTLS_CERTS_C */ +#endif /* MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C */ if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", -ret ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index e8e5cd1b6..ae57f1fda 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1595,20 +1595,20 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Loading the CA root certificate ..." ); fflush( stdout ); + if( strcmp( opt.ca_path, "none" ) == 0 || + strcmp( opt.ca_file, "none" ) == 0 ) + { + ret = 0; + } + else #if defined(MBEDTLS_FS_IO) if( strlen( opt.ca_path ) ) - if( strcmp( opt.ca_path, "none" ) == 0 ) - ret = 0; - else - ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path ); + ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path ); else if( strlen( opt.ca_file ) ) - if( strcmp( opt.ca_file, "none" ) == 0 ) - ret = 0; - else - ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ); + ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file ); else #endif -#if defined(MBEDTLS_CERTS_C) +#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_PEM_PARSE_C) for( i = 0; mbedtls_test_cas[i] != NULL; i++ ) { ret = mbedtls_x509_crt_parse( &cacert, @@ -1620,9 +1620,13 @@ int main( int argc, char *argv[] ) #else { ret = 1; - mbedtls_printf("MBEDTLS_CERTS_C not defined."); +#if !defined(MBEDTLS_CERTS_C) + mbedtls_printf( "MBEDTLS_CERTS_C not defined." ); +#else + mbedtls_printf( "All test CRTs loaded via MBEDTLS_CERTS_C are PEM-encoded, but MBEDTLS_PEM_PARSE_C is disabled." ); } -#endif +#endif /* MBEDTLS_CERTS_C */ +#endif /* MBEDTLS_CERTS_C && MBEDTLS_PEM_PARSE_C */ if( ret < 0 ) { mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );