SSL async callback: cert is not always from mbedtls_ssl_conf_own_cert

The certificate passed to async callbacks may not be the one set by
mbedtls_ssl_conf_own_cert. For example, when using an SNI callback,
it's whatever the callback is using. Document this, and add a test
case (and code sample) with SNI.
This commit is contained in:
Gilles Peskine 2018-04-30 10:30:49 +02:00
parent 0b53e24c6b
commit 807d74a062
3 changed files with 46 additions and 7 deletions

View file

@ -601,9 +601,12 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
* \param ssl The SSL connection instance. It should not be
* modified other than via mbedtls_ssl_async_set_data().
* \param cert Certificate containing the public key.
* This is one of the pointers passed to
* In simple cases, this is one of the pointers passed to
* mbedtls_ssl_conf_own_cert() when configuring the SSL
* connection.
* connection. However, if other callbacks are used, this
* property may not hold. For example, if an SNI callback
* is registered with mbedtls_ssl_conf_sni(), then
* this callback determines what certificate is used.
* \param md_alg Hash algorithm.
* \param hash Buffer containing the hash. This buffer is
* no longer valid when the function returns.
@ -665,9 +668,12 @@ typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl,
* \param ssl The SSL connection instance. It should not be
* modified other than via mbedtls_ssl_async_set_data().
* \param cert Certificate containing the public key.
* This is one of the pointers passed to
* In simple cases, this is one of the pointers passed to
* mbedtls_ssl_conf_own_cert() when configuring the SSL
* connection.
* connection. However, if other callbacks are used, this
* property may not hold. For example, if an SNI callback
* is registered with mbedtls_ssl_conf_sni(), then
* this callback determines what certificate is used.
* \param input Buffer containing the input ciphertext. This buffer
* is no longer valid when the function returns.
* \param input_len Size of the \p input buffer in bytes.