- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I try ssl connection and every thing looks good, but when I tested correct certification I saw that Wiced doesn't check the hostname form public serwer certificate with lookup domain.
In wiced_tls_init_simple_context we set peer_cn e.g "mydomain.com"
context->context.peer_cn = peer_cn;
In wiced_tcp_enable_tls context pointer is assigned to socket.
socket->tls_context = context;
And until this moment everything looks great but next, in wiced_tcp_connect() when we socket->tls_context != NULL runs wiced_tcp_start_tls() next wiced_tcp_start_tls_with_ciphers() and first line we have
memset( &tls_context->context, 0, sizeof(wiced_tls_context_t) );
Probably in ssl_init performs zeroing of context too
And now my question, is any idea to repair this problem with Wiced function or I must write myself function whitch compare mydomain with decrypted public server certificate because we have this in
tls_context->context.peer_cert->subject.val.p
at the and on wiced_tcp_start_tls_with_ciphers()?
I use SDK 3.1.1.
Best regards
- Labels:
-
RegulatoryCertification
-
SDK 3.x
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Is this still an issue for you or you have a workaround already in place.
Seyhan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I didn't make my function because it's not a most critical for safety, but if you can it's very nice to see in next SDK.
Adam