diff options
| author | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2019-08-21 23:59:25 +0200 |
|---|---|---|
| committer | Fabio Alessandrelli <fabio.alessandrelli@gmail.com> | 2019-08-22 00:14:01 +0200 |
| commit | b223b207c4a1d0854a60e03910c9fd39bbfb252f (patch) | |
| tree | 69a330c88c3003d483f1e50645c0fee2bf02deb1 | |
| parent | 3bd49dabfa909187d514e018ff7c60339e343c71 (diff) | |
Fix regression in StreamPeerSSL
Validate that base stream is valid before accepting/connecting.
Also remove unnecessary includes.
| -rw-r--r-- | modules/mbedtls/ssl_context_mbedtls.h | 1 | ||||
| -rwxr-xr-x | modules/mbedtls/stream_peer_mbedtls.cpp | 4 | ||||
| -rwxr-xr-x | modules/mbedtls/stream_peer_mbedtls.h | 9 |
3 files changed, 4 insertions, 10 deletions
diff --git a/modules/mbedtls/ssl_context_mbedtls.h b/modules/mbedtls/ssl_context_mbedtls.h index 8a072fd6eb..b78ee37b03 100644 --- a/modules/mbedtls/ssl_context_mbedtls.h +++ b/modules/mbedtls/ssl_context_mbedtls.h @@ -41,7 +41,6 @@ #include <mbedtls/ctr_drbg.h> #include <mbedtls/debug.h> #include <mbedtls/entropy.h> -#include <mbedtls/net.h> #include <mbedtls/ssl.h> class SSLContextMbedTLS : public Reference { diff --git a/modules/mbedtls/stream_peer_mbedtls.cpp b/modules/mbedtls/stream_peer_mbedtls.cpp index a9acfbef02..e2eb19fc74 100755 --- a/modules/mbedtls/stream_peer_mbedtls.cpp +++ b/modules/mbedtls/stream_peer_mbedtls.cpp @@ -108,6 +108,8 @@ Error StreamPeerMbedTLS::_do_handshake() { Error StreamPeerMbedTLS::connect_to_stream(Ref<StreamPeer> p_base, bool p_validate_certs, const String &p_for_hostname, Ref<X509Certificate> p_ca_certs) { + ERR_FAIL_COND_V(p_base.is_null(), ERR_INVALID_PARAMETER); + base = p_base; int ret = 0; int authmode = p_validate_certs ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE; @@ -130,6 +132,8 @@ Error StreamPeerMbedTLS::connect_to_stream(Ref<StreamPeer> p_base, bool p_valida Error StreamPeerMbedTLS::accept_stream(Ref<StreamPeer> p_base, Ref<CryptoKey> p_key, Ref<X509Certificate> p_cert, Ref<X509Certificate> p_ca_chain) { + ERR_FAIL_COND_V(p_base.is_null(), ERR_INVALID_PARAMETER); + Error err = ssl_ctx->init_server(MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_VERIFY_NONE, p_key, p_cert); ERR_FAIL_COND_V(err != OK, err); diff --git a/modules/mbedtls/stream_peer_mbedtls.h b/modules/mbedtls/stream_peer_mbedtls.h index 179d1d37e1..060e76b4f3 100755 --- a/modules/mbedtls/stream_peer_mbedtls.h +++ b/modules/mbedtls/stream_peer_mbedtls.h @@ -34,15 +34,6 @@ #include "core/io/stream_peer_ssl.h" #include "ssl_context_mbedtls.h" -#include <mbedtls/config.h> -#include <mbedtls/ctr_drbg.h> -#include <mbedtls/debug.h> -#include <mbedtls/entropy.h> -#include <mbedtls/ssl.h> - -#include <stdio.h> -#include <stdlib.h> - class StreamPeerMbedTLS : public StreamPeerSSL { private: Status status; |