eclipse/tinydtls
1
0
Fork 0
mirror of https://github.com/eclipse/tinydtls.git synced 2025-10-14 03:10:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

dtls.c: support empty client certificate.

Browse Source 
Use empty client certificate, if a certificate is requested but no
certificate is available.

Issue #186

Signed-off-by: Achim Kraus <achim.kraus@cloudcoap.net>
This commit is contained in:
Achim Kraus
2024-08-25 09:38:13 +02:00
parent f7ced4e426
commit 11c5c53719
1 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
dtls.c
View File

@@ -2607,6 +2607,18 @@ dtls_send_server_hello(dtls_context_t *ctx, dtls_peer_t *peer)
#ifdef DTLS_ECC
#define DTLS_EC_SUBJECTPUBLICKEY_SIZE (2 * DTLS_EC_KEY_SIZE + sizeof(cert_asn1_header))
static int
dtls_send_certificate_empty(dtls_context_t *ctx, dtls_peer_t *peer)
{
uint8 buf[sizeof(uint24)];
/* length of this certificate */
dtls_int_to_uint24(buf, 0);
return dtls_send_handshake_msg(ctx, peer, DTLS_HT_CERTIFICATE,
buf, sizeof(buf));
}
static int
dtls_send_certificate_ecdsa(dtls_context_t *ctx, dtls_peer_t *peer,
const dtls_ecdsa_key_t *key)
@@ -3699,12 +3711,12 @@ check_server_hellodone(dtls_context_t *ctx,
res = CALL(ctx, get_ecdsa_key, &peer->session, &ecdsa_key);
if (res < 0) {
dtls_crit("no ecdsa certificate to send in certificate\n");
return res;
dtls_warn("no ecdsa certificate to send in certificate\n");
res = dtls_send_certificate_empty(ctx, peer);
handshake->do_client_auth = 0;
} else {
res = dtls_send_certificate_ecdsa(ctx, peer, ecdsa_key);
}
res = dtls_send_certificate_ecdsa(ctx, peer, ecdsa_key);
if (res < 0) {
dtls_debug("dtls_server_hello: cannot prepare Certificate record\n");
return res;