mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-20 04:02:15 +02:00
[OA-14] mbedTLS: relax x509 date/time format check
some CA provides certificates that do not fully follow the RFC in terms of date format. This patch relaxes the constrains in mbedTLS so that also not sully compliant certificates can be accepted. Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
This commit is contained in:
parent
f3cf64516f
commit
19e33c4ebe
8
deps/mbedtls/build-mbedtls
vendored
8
deps/mbedtls/build-mbedtls
vendored
@ -31,6 +31,11 @@ else
|
||||
|
||||
# enable MD4 (needed for NTLM auth)
|
||||
perl -pi -e 's/^\/\/// if /#define MBEDTLS_MD4_C/' include/mbedtls/config.h
|
||||
|
||||
# apply pre-generated patches
|
||||
for file in $O3/core/deps/mbedtls/patches/*.patch; do
|
||||
patch -p1 <$file
|
||||
done
|
||||
fi
|
||||
|
||||
# compiler vars
|
||||
@ -48,7 +53,8 @@ SRC=$(pwd)
|
||||
cd library
|
||||
rm -f *.o
|
||||
for c in *.c ; do
|
||||
CMD="$CC -I../include $PLATFORM_FLAGS $OTHER_COMPILER_FLAGS $LIB_OPT_LEVEL $LIB_FPIC -c $c"
|
||||
CMD="$CC -I../include -DMBEDTLS_RELAXED_X509_DATE \
|
||||
$PLATFORM_FLAGS $OTHER_COMPILER_FLAGS $LIB_OPT_LEVEL $LIB_FPIC -c $c"
|
||||
echo $CMD
|
||||
$CMD
|
||||
done
|
||||
|
41
deps/mbedtls/patches/0001-mbedtls-relaxed-x509-date-format.patch
vendored
Normal file
41
deps/mbedtls/patches/0001-mbedtls-relaxed-x509-date-format.patch
vendored
Normal file
@ -0,0 +1,41 @@
|
||||
diff -urw mbedtls-2.6.0.orig/library/x509.c mbedtls-2.6.0/library/x509.c
|
||||
--- mbedtls-2.6.0.orig/library/x509.c 2017-11-03 11:46:21.403848065 +0800
|
||||
+++ mbedtls-2.6.0/library/x509.c 2017-11-03 11:58:46.259817520 +0800
|
||||
@@ -559,13 +559,20 @@
|
||||
/*
|
||||
* Parse seconds if present
|
||||
*/
|
||||
- if ( len >= 2 )
|
||||
+ if ( len >= 2 && **p >= '0' && **p <= '9' )
|
||||
{
|
||||
CHECK( x509_parse_int( p, 2, &tm->sec ) );
|
||||
len -= 2;
|
||||
}
|
||||
else
|
||||
+ {
|
||||
+#if defined(MBEDTLS_RELAXED_X509_DATE)
|
||||
+ /* if relaxed mode, allow seconds to be absent */
|
||||
+ tm->sec = 0;
|
||||
+#else
|
||||
return ( MBEDTLS_ERR_X509_INVALID_DATE );
|
||||
+#endif
|
||||
+ }
|
||||
|
||||
/*
|
||||
* Parse trailing 'Z' if present
|
||||
@@ -575,6 +582,15 @@
|
||||
(*p)++;
|
||||
len--;
|
||||
}
|
||||
+#if defined(MBEDTLS_RELAXED_X509_DATE)
|
||||
+ else if ( len == 5 && **p == '+' )
|
||||
+ {
|
||||
+ int tz; /* throwaway timezone */
|
||||
+ (*p)++;
|
||||
+ CHECK( x509_parse_int( p, 4, &tz ) );
|
||||
+ return 0;
|
||||
+ }
|
||||
+#endif
|
||||
|
||||
/*
|
||||
* We should have parsed all characters at this point
|
Loading…
Reference in New Issue
Block a user