-
Notifications
You must be signed in to change notification settings - Fork 145
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Complete implementation of MbedTLS as backend #528
base: master
Are you sure you want to change the base?
Conversation
@huitema How is this going? |
I think this PR is ready. It allows using MbedTLS as a self-sufficient back end, including for functions like certificate verification. I would like review of the code that derives the server's public key from the list of certificates. In all the tests, the size of the list is 1, so the assumption that the first certificate is good works. But if the list contains more certificates, we probably have some extra work to do. |
@kazuho in the test assets, do we have example of certificate chains containing more than 1 certificate? |
@kazuho |
The patch works for me (tested in production). Some issues: a) Memory leak, this is never free'd:
b) Unused variable: c) Maybe a typo ( |
Patch to fix the memory-leak:
|
Update: Server fails: Line 346 in bad0e50
b) After increasing buffer, curl --http3-only reports "bad signature"
|
@huitema That doesn't look right: psa_verify_message(..., alg=PSA_ALG_NONE, data.base=NULL, ....); |
I am sorry. I should really close and abandon this PR. Or someone else could take it over. Since it was never checked in, I developed the corresponding code inside picoquic, see If someone wants to update the picotls code based on the port shipping in picoquic, they are welcome to do so, and I promise to help them. |
No description provided.