Merge remote-tracking branch 'upstream/mbedtls-3.6' into pre-3.6.3-upstream-merge
diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt
new file mode 100644
index 0000000..cb61ed1
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ssl_set_hostname.txt
@@ -0,0 +1,18 @@
+Default behavior changes
+ * In TLS clients, if mbedtls_ssl_set_hostname() has not been called,
+ mbedtls_ssl_handshake() now fails with
+ MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ if certificate-based authentication of the server is attempted.
+ This is because authenticating a server without knowing what name
+ to expect is usually insecure. To restore the old behavior, either
+ call mbedtls_ssl_set_hostname() with NULL as the hostname, or
+ enable the new compile-time option
+ MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
+
+Security
+ * Note that TLS clients should generally call mbedtls_ssl_set_hostname()
+ if they use certificate authentication (i.e. not pre-shared keys).
+ Otherwise, in many scenarios, the server could be impersonated.
+ The library will now prevent the handshake and return
+ MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ if mbedtls_ssl_set_hostname() has not been called.
diff --git a/ChangeLog.d/psa-zeroize.txt b/ChangeLog.d/psa-zeroize.txt
new file mode 100644
index 0000000..6bdaa00
--- /dev/null
+++ b/ChangeLog.d/psa-zeroize.txt
@@ -0,0 +1,4 @@
+Security
+ * Zeroize a temporary heap buffer used in psa_key_derivation_output_key()
+ when deriving an ECC key pair.
+ * Zeroize temporary heap buffers used in PSA operations.
diff --git a/ChangeLog.d/tls12-check-finished-calc.txt b/ChangeLog.d/tls12-check-finished-calc.txt
new file mode 100644
index 0000000..cd52d32
--- /dev/null
+++ b/ChangeLog.d/tls12-check-finished-calc.txt
@@ -0,0 +1,6 @@
+Security
+ * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed
+ or there was a cryptographic hardware failure when calculating the
+ Finished message, it could be calculated incorrectly. This would break
+ the security guarantees of the TLS handshake.
+ CVE-2025-27810
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 186589a..635f7cd 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -81,7 +81,7 @@
* MD 5 5
* HKDF 5 1 (Started from top)
* PKCS7 5 12 (Started from 0x5300)
- * SSL 5 2 (Started from 0x5F00)
+ * SSL 5 3 (Started from 0x5F00)
* CIPHER 6 8 (Started from 0x6080)
* SSL 6 22 (Started from top, plus 0x6000)
* SSL 7 20 (Started from 0x7000, gaps at
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index e16f31a..45feb5e 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1622,6 +1622,46 @@
*/
//#define MBEDTLS_SSL_ASYNC_PRIVATE
+/** \def MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ *
+ * In TLS clients, when a client authenticates a server through its
+ * certificate, the client normally checks three things:
+ * - the certificate chain must be valid;
+ * - the chain must start from a trusted CA;
+ * - the certificate must cover the server name that is expected by the client.
+ *
+ * Omitting any of these checks is generally insecure, and can allow a
+ * malicious server to impersonate a legitimate server.
+ *
+ * The third check may be safely skipped in some unusual scenarios,
+ * such as networks where eavesdropping is a risk but not active attacks,
+ * or a private PKI where the client equally trusts all servers that are
+ * accredited by the root CA.
+ *
+ * You should call mbedtls_ssl_set_hostname() with the expected server name
+ * before starting a TLS handshake on a client (unless the client is
+ * set up to only use PSK-based authentication, which does not rely on the
+ * host name). This configuration option controls what happens if a TLS client
+ * is configured with the authentication mode #MBEDTLS_SSL_VERIFY_REQUIRED
+ * (default), certificate authentication is enabled and the client does not
+ * call mbedtls_ssl_set_hostname():
+ *
+ * - If this option is unset (default), the connection attempt is aborted
+ * with the error #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
+ * - If this option is set, the TLS library does not check the server name
+ * that the certificate is valid for. This is the historical behavior
+ * of Mbed TLS, but may be insecure as explained above.
+ *
+ * Enable this option for strict backward compatibility if you have
+ * determined that it is secure in the scenario where you are using
+ * Mbed TLS.
+ *
+ * \deprecated This option exists only for backward compatibility and will
+ * be removed in the next major version of Mbed TLS.
+ *
+ */
+//#define MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+
/**
* \def MBEDTLS_SSL_CONTEXT_SERIALIZATION
*
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 97b0dcb..f9b103e 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -166,6 +166,42 @@
#define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00
/** Invalid value in SSL config */
#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
+/* Error space gap */
+/** Attempt to verify a certificate without an expected hostname.
+ * This is usually insecure.
+ *
+ * In TLS clients, when a client authenticates a server through its
+ * certificate, the client normally checks three things:
+ * - the certificate chain must be valid;
+ * - the chain must start from a trusted CA;
+ * - the certificate must cover the server name that is expected by the client.
+ *
+ * Omitting any of these checks is generally insecure, and can allow a
+ * malicious server to impersonate a legitimate server.
+ *
+ * The third check may be safely skipped in some unusual scenarios,
+ * such as networks where eavesdropping is a risk but not active attacks,
+ * or a private PKI where the client equally trusts all servers that are
+ * accredited by the root CA.
+ *
+ * You should call mbedtls_ssl_set_hostname() with the expected server name
+ * before starting a TLS handshake on a client (unless the client is
+ * set up to only use PSK-based authentication, which does not rely on the
+ * host name). If you have determined that server name verification is not
+ * required for security in your scenario, call mbedtls_ssl_set_hostname()
+ * with \p NULL as the server name.
+ *
+ * This error is raised if all of the following conditions are met:
+ *
+ * - A TLS client is configured with the authentication mode
+ * #MBEDTLS_SSL_VERIFY_REQUIRED (default).
+ * - Certificate authentication is enabled.
+ * - The client does not call mbedtls_ssl_set_hostname().
+ * - The configuration option
+ * #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ * is not enabled.
+ */
+#define MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME -0x5D80
/*
* Constants from RFC 8446 for TLS 1.3 PSK modes
@@ -1893,8 +1929,35 @@
* User settings
*/
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification
- (and SNI if available) */
+ /** Expected peer CN for verification.
+ *
+ * Also used on clients for SNI,
+ * and for TLS 1.3 session resumption using tickets.
+ *
+ * The value of this field can be:
+ * - \p NULL in a newly initialized or reset context.
+ * - A heap-allocated copy of the last value passed to
+ * mbedtls_ssl_set_hostname(), if the last call had a non-null
+ * \p hostname argument.
+ * - A special value to indicate that mbedtls_ssl_set_hostname()
+ * was called with \p NULL (as opposed to never having been called).
+ * See `mbedtls_ssl_get_hostname_pointer()` in `ssl_tls.c`.
+ *
+ * If this field contains the value \p NULL and the configuration option
+ * #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ * is unset, on a TLS client, attempting to verify a server certificate
+ * results in the error
+ * #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
+ *
+ * If this field contains the special value described above, or if
+ * the value is \p NULL and the configuration option
+ * #MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ * is set, then the peer name verification is skipped, which may be
+ * insecure, especially on a client. Furthermore, on a client, the
+ * server_name extension is not sent, and the server name is ignored
+ * in TLS 1.3 session resumption using tickets.
+ */
+ char *MBEDTLS_PRIVATE(hostname);
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_ALPN)
@@ -2002,6 +2065,14 @@
* Calling mbedtls_ssl_setup again is not supported, even
* if no session is active.
*
+ * \warning After setting up a client context, if certificate-based
+ * authentication is enabled, you should call
+ * mbedtls_ssl_set_hostname() to specifiy the expected
+ * name of the server. Without this, in most scenarios,
+ * the TLS connection is insecure. See
+ * #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ * for more information.
+ *
* \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
* subsystem must have been initialized by calling
* psa_crypto_init() before calling this function.
@@ -3976,16 +4047,29 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
* \brief Set or reset the hostname to check against the received
- * server certificate. It sets the ServerName TLS extension,
- * too, if that extension is enabled. (client-side only)
+ * peer certificate. On a client, this also sets the
+ * ServerName TLS extension, if that extension is enabled.
+ * On a TLS 1.3 client, this also sets the server name in
+ * the session resumption ticket, if that feature is enabled.
*
* \param ssl SSL context
- * \param hostname the server hostname, may be NULL to clear hostname
-
- * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
+ * \param hostname The server hostname. This may be \c NULL to clear
+ * the hostname.
*
- * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
- * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
+ * \note Maximum hostname length #MBEDTLS_SSL_MAX_HOST_NAME_LEN.
+ *
+ * \note If the hostname is \c NULL on a client, then the server
+ * is not authenticated: it only needs to have a valid
+ * certificate, not a certificate matching its name.
+ * Therefore you should always call this function on a client,
+ * unless the connection is set up to only allow
+ * pre-shared keys, or in scenarios where server
+ * impersonation is not a concern. See the documentation of
+ * #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ * for more details.
+ *
+ * \return 0 if successful, #MBEDTLS_ERR_SSL_ALLOC_FAILED on
+ * allocation failure, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
* too long input hostname.
*
* Hostname set to the one provided on success (cleared
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 3ec92cc..348c79c 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -6316,7 +6316,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t m;
- size_t m_bytes;
+ size_t m_bytes = 0;
mbedtls_mpi_init(&k);
mbedtls_mpi_init(&diff_N_2);
@@ -6389,7 +6389,7 @@
status = mbedtls_to_psa_error(ret);
}
if (status != PSA_SUCCESS) {
- mbedtls_free(*data);
+ mbedtls_zeroize_and_free(*data, m_bytes);
*data = NULL;
}
mbedtls_mpi_free(&k);
@@ -6564,7 +6564,7 @@
}
exit:
- mbedtls_free(data);
+ mbedtls_zeroize_and_free(data, bytes);
return status;
}
@@ -9313,7 +9313,7 @@
return PSA_SUCCESS;
error:
- mbedtls_free(local_input->buffer);
+ mbedtls_zeroize_and_free(local_input->buffer, local_input->length);
local_input->buffer = NULL;
local_input->length = 0;
return status;
@@ -9321,7 +9321,7 @@
void psa_crypto_local_input_free(psa_crypto_local_input_t *local_input)
{
- mbedtls_free(local_input->buffer);
+ mbedtls_zeroize_and_free(local_input->buffer, local_input->length);
local_input->buffer = NULL;
local_input->length = 0;
}
@@ -9365,7 +9365,7 @@
return status;
}
- mbedtls_free(local_output->buffer);
+ mbedtls_zeroize_and_free(local_output->buffer, local_output->length);
local_output->buffer = NULL;
local_output->length = 0;
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 345e608..0bd00cd 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -29,19 +29,20 @@
size_t *olen)
{
unsigned char *p = buf;
+ const char *hostname = mbedtls_ssl_get_hostname_pointer(ssl);
size_t hostname_len;
*olen = 0;
- if (ssl->hostname == NULL) {
+ if (hostname == NULL) {
return 0;
}
MBEDTLS_SSL_DEBUG_MSG(3,
("client hello, adding server name extension: %s",
- ssl->hostname));
+ hostname));
- hostname_len = strlen(ssl->hostname);
+ hostname_len = strlen(hostname);
MBEDTLS_SSL_CHK_BUF_PTR(p, end, hostname_len + 9);
@@ -85,7 +86,7 @@
MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0);
p += 2;
- memcpy(p, ssl->hostname, hostname_len);
+ memcpy(p, hostname, hostname_len);
*olen = hostname_len + 9;
@@ -881,13 +882,14 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ const char *context_hostname = mbedtls_ssl_get_hostname_pointer(ssl);
if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
ssl->handshake->resume) {
- int hostname_mismatch = ssl->hostname != NULL ||
+ int hostname_mismatch = context_hostname != NULL ||
session_negotiate->hostname != NULL;
- if (ssl->hostname != NULL && session_negotiate->hostname != NULL) {
+ if (context_hostname != NULL && session_negotiate->hostname != NULL) {
hostname_mismatch = strcmp(
- ssl->hostname, session_negotiate->hostname) != 0;
+ context_hostname, session_negotiate->hostname) != 0;
}
if (hostname_mismatch) {
@@ -898,7 +900,7 @@
}
} else {
return mbedtls_ssl_session_set_hostname(session_negotiate,
- ssl->hostname);
+ context_hostname);
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 &&
MBEDTLS_SSL_SESSION_TICKETS &&
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 348c319..2afcaf9 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2900,6 +2900,18 @@
unsigned char *buf, unsigned char *end);
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+/** Get the host name from the SSL context.
+ *
+ * \param[in] ssl SSL context
+ *
+ * \return The \p hostname pointer from the SSL context.
+ * \c NULL if mbedtls_ssl_set_hostname() has never been called on
+ * \p ssl or if it was last called with \p NULL.
+ */
+const char *mbedtls_ssl_get_hostname_pointer(const mbedtls_ssl_context *ssl);
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7f74248..3633cd4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2769,6 +2769,51 @@
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
+
+/* A magic value for `ssl->hostname` indicating that
+ * mbedtls_ssl_set_hostname() has been called with `NULL`.
+ * If mbedtls_ssl_set_hostname() has never been called on `ssl`, then
+ * `ssl->hostname == NULL`. */
+static const char *const ssl_hostname_skip_cn_verification = "";
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+/** Whether mbedtls_ssl_set_hostname() has been called.
+ *
+ * \param[in] ssl SSL context
+ *
+ * \return \c 1 if mbedtls_ssl_set_hostname() has been called on \p ssl
+ * (including `mbedtls_ssl_set_hostname(ssl, NULL)`),
+ * otherwise \c 0.
+ */
+static int mbedtls_ssl_has_set_hostname_been_called(
+ const mbedtls_ssl_context *ssl)
+{
+ return ssl->hostname != NULL;
+}
+#endif
+
+/* Micro-optimization: don't export this function if it isn't needed outside
+ * of this source file. */
+#if !defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+static
+#endif
+const char *mbedtls_ssl_get_hostname_pointer(const mbedtls_ssl_context *ssl)
+{
+ if (ssl->hostname == ssl_hostname_skip_cn_verification) {
+ return NULL;
+ }
+ return ssl->hostname;
+}
+
+static void mbedtls_ssl_free_hostname(mbedtls_ssl_context *ssl)
+{
+ if (ssl->hostname != NULL &&
+ ssl->hostname != ssl_hostname_skip_cn_verification) {
+ mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname));
+ }
+ ssl->hostname = NULL;
+}
+
int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname)
{
/* Initialize to suppress unnecessary compiler warning */
@@ -2786,18 +2831,21 @@
/* Now it's clear that we will overwrite the old hostname,
* so we can free it safely */
-
- if (ssl->hostname != NULL) {
- mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname));
- }
-
- /* Passing NULL as hostname shall clear the old one */
+ mbedtls_ssl_free_hostname(ssl);
if (hostname == NULL) {
- ssl->hostname = NULL;
+ /* Passing NULL as hostname clears the old one, but leaves a
+ * special marker to indicate that mbedtls_ssl_set_hostname()
+ * has been called. */
+ /* ssl->hostname should be const, but isn't. We won't actually
+ * write to the buffer, so it's ok to cast away the const. */
+ ssl->hostname = (char *) ssl_hostname_skip_cn_verification;
} else {
ssl->hostname = mbedtls_calloc(1, hostname_len + 1);
if (ssl->hostname == NULL) {
+ /* mbedtls_ssl_set_hostname() has been called, but unsuccessfully.
+ * Leave ssl->hostname in the same state as if the function had
+ * not been called, i.e. a null pointer. */
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
}
@@ -5583,9 +5631,7 @@
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
- if (ssl->hostname != NULL) {
- mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname));
- }
+ mbedtls_ssl_free_hostname(ssl);
#endif
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
@@ -8323,6 +8369,7 @@
ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
+ return ret;
}
/*
@@ -8436,6 +8483,7 @@
ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1);
if (ret != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
+ return ret;
}
if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
@@ -9796,6 +9844,27 @@
return ret;
}
+static int get_hostname_for_verification(mbedtls_ssl_context *ssl,
+ const char **hostname)
+{
+ if (!mbedtls_ssl_has_set_hostname_been_called(ssl)) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("Certificate verification without having set hostname"));
+#if !defined(MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME)
+ if (mbedtls_ssl_conf_get_endpoint(ssl->conf) == MBEDTLS_SSL_IS_CLIENT &&
+ ssl->conf->authmode == MBEDTLS_SSL_VERIFY_REQUIRED) {
+ return MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME;
+ }
+#endif
+ }
+
+ *hostname = mbedtls_ssl_get_hostname_pointer(ssl);
+ if (*hostname == NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(2, ("Certificate verification without CN verification"));
+ }
+
+ return 0;
+}
+
int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl,
int authmode,
mbedtls_x509_crt *chain,
@@ -9821,7 +9890,13 @@
p_vrfy = ssl->conf->p_vrfy;
}
- int ret = 0;
+ const char *hostname = "";
+ int ret = get_hostname_for_verification(ssl, &hostname);
+ if (ret != 0) {
+ MBEDTLS_SSL_DEBUG_RET(1, "get_hostname_for_verification", ret);
+ return ret;
+ }
+
int have_ca_chain_or_callback = 0;
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
if (ssl->conf->f_ca_cb != NULL) {
@@ -9834,7 +9909,7 @@
ssl->conf->f_ca_cb,
ssl->conf->p_ca_cb,
ssl->conf->cert_profile,
- ssl->hostname,
+ hostname,
&ssl->session_negotiate->verify_result,
f_vrfy, p_vrfy);
} else
@@ -9861,7 +9936,7 @@
chain,
ca_chain, ca_crl,
ssl->conf->cert_profile,
- ssl->hostname,
+ hostname,
&ssl->session_negotiate->verify_result,
f_vrfy, p_vrfy, rs_ctx);
}
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index ec68730..425239e 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -68,6 +68,7 @@
#define DFL_MAX_VERSION -1
#define DFL_SHA1 -1
#define DFL_AUTH_MODE -1
+#define DFL_SET_HOSTNAME 1
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
#define DFL_TRUNC_HMAC -1
#define DFL_RECSPLIT -1
@@ -405,6 +406,9 @@
#define USAGE2 \
" auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \
+ " set_hostname=%%s call mbedtls_ssl_set_hostname()?" \
+ " options: no, server_name, NULL\n" \
+ " default: server_name (but ignored if certs disabled)\n" \
USAGE_IO \
USAGE_KEY_OPAQUE \
USAGE_CA_CALLBACK \
@@ -507,6 +511,8 @@
int max_version; /* maximum protocol version accepted */
int allow_sha1; /* flag for SHA-1 support */
int auth_mode; /* verify mode for connection */
+ int set_hostname; /* call mbedtls_ssl_set_hostname()? */
+ /* 0=no, 1=yes, -1=NULL */
unsigned char mfl_code; /* code for maximum fragment length */
int trunc_hmac; /* negotiate truncated hmac or not */
int recsplit; /* enable record splitting? */
@@ -962,6 +968,7 @@
opt.max_version = DFL_MAX_VERSION;
opt.allow_sha1 = DFL_SHA1;
opt.auth_mode = DFL_AUTH_MODE;
+ opt.set_hostname = DFL_SET_HOSTNAME;
opt.mfl_code = DFL_MFL_CODE;
opt.trunc_hmac = DFL_TRUNC_HMAC;
opt.recsplit = DFL_RECSPLIT;
@@ -1359,6 +1366,16 @@
} else {
goto usage;
}
+ } else if (strcmp(p, "set_hostname") == 0) {
+ if (strcmp(q, "no") == 0) {
+ opt.set_hostname = 0;
+ } else if (strcmp(q, "server_name") == 0) {
+ opt.set_hostname = 1;
+ } else if (strcmp(q, "NULL") == 0) {
+ opt.set_hostname = -1;
+ } else {
+ goto usage;
+ }
} else if (strcmp(p, "max_frag_len") == 0) {
if (strcmp(q, "512") == 0) {
opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
@@ -2073,10 +2090,24 @@
#endif /* MBEDTLS_SSL_DTLS_SRTP */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
- if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
- mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
- ret);
- goto exit;
+ switch (opt.set_hostname) {
+ case -1:
+ if ((ret = mbedtls_ssl_set_hostname(&ssl, NULL)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
+ ret);
+ goto exit;
+ }
+ break;
+ case 0:
+ /* Skip the call */
+ break;
+ default:
+ if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
+ ret);
+ goto exit;
+ }
+ break;
}
#endif
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 6d333e8..f634b3e 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -315,7 +315,7 @@
};
#endif /* MBEDTLS_X509_CRT_PARSE_C */
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
/** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function
* for more info.
*/
@@ -350,9 +350,7 @@
return (int) (size - n);
#endif /* MBEDTLS_X509_REMOVE_INFO */
}
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
static void mbedtls_print_supported_sig_algs(void)
{
mbedtls_printf("supported signature algorithms:\n");
diff --git a/scripts/config.py b/scripts/config.py
index 47d74ce..c266d89 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -229,6 +229,7 @@
DEPRECATED = frozenset([
'MBEDTLS_PSA_CRYPTO_SE_C',
+ 'MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME',
])
def no_deprecated_adapter(adapter):
"""Modify an adapter to disable deprecated symbols.
diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh
index a581e6b..72e7a86 100644
--- a/tests/scripts/components-configuration.sh
+++ b/tests/scripts/components-configuration.sh
@@ -175,6 +175,9 @@
msg "test: ensure that X509 has no direct dependency on BIGNUM_C"
not grep mbedtls_mpi library/libmbedx509.a
+
+ msg "test: ssl-opt.sh authentication, full_no_deprecated config" # ~ 10s
+ tests/ssl-opt.sh -f 'Default\|Authentication'
}
component_test_full_no_deprecated_deprecated_warning () {
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 3cb6175..9a3859d 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -855,6 +855,10 @@
ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf));
TEST_ASSERT(ret == 0);
+ if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) {
+ ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost");
+ }
+
#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) {
mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL);
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index fdbe0a9..361e7c2 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -491,6 +491,11 @@
esac
case " $CMD_LINE " in
+ *\ ca_callback=1\ *)
+ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK;;
+ esac
+
+ case " $CMD_LINE " in
*"programs/ssl/dtls_client "*|\
*"programs/ssl/ssl_client1 "*)
requires_config_enabled MBEDTLS_CTR_DRBG_C
@@ -2254,7 +2259,6 @@
"$P_CLI" \
0
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "CA callback on client" \
"$P_SRV debug_level=3" \
"$P_CLI ca_callback=1 debug_level=3 " \
@@ -2263,7 +2267,6 @@
-S "error" \
-C "error"
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_hash_alg SHA_256
run_test "CA callback on server" \
@@ -6072,6 +6075,271 @@
-C "X509 - Certificate verification failed" \
-C "SSL - No CA Chain is set, but required to operate"
+# The next few tests check what happens if the server has a valid certificate
+# that does not match its name (impersonation).
+
+run_test "Authentication: hostname match, client required" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=required server_name=localhost debug_level=2" \
+ 0 \
+ -C "does not match with the expected CN" \
+ -C "Certificate verification without having set hostname" \
+ -C "Certificate verification without CN verification" \
+ -C "x509_verify_cert() returned -" \
+ -C "! mbedtls_ssl_handshake returned" \
+ -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname match, client required, CA callback" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=required server_name=localhost debug_level=3 ca_callback=1" \
+ 0 \
+ -C "does not match with the expected CN" \
+ -C "Certificate verification without having set hostname" \
+ -C "Certificate verification without CN verification" \
+ -c "use CA callback for X.509 CRT verification" \
+ -C "x509_verify_cert() returned -" \
+ -C "! mbedtls_ssl_handshake returned" \
+ -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname mismatch (wrong), client required" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=required server_name=wrong-name debug_level=1" \
+ 1 \
+ -c "does not match with the expected CN" \
+ -c "x509_verify_cert() returned -" \
+ -c "! mbedtls_ssl_handshake returned" \
+ -c "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname mismatch (empty), client required" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=required server_name= debug_level=1" \
+ 1 \
+ -c "does not match with the expected CN" \
+ -c "x509_verify_cert() returned -" \
+ -c "! mbedtls_ssl_handshake returned" \
+ -c "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname mismatch (truncated), client required" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=required server_name=localhos debug_level=1" \
+ 1 \
+ -c "does not match with the expected CN" \
+ -c "x509_verify_cert() returned -" \
+ -c "! mbedtls_ssl_handshake returned" \
+ -c "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname mismatch (last char), client required" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=required server_name=localhoss debug_level=1" \
+ 1 \
+ -c "does not match with the expected CN" \
+ -c "x509_verify_cert() returned -" \
+ -c "! mbedtls_ssl_handshake returned" \
+ -c "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname mismatch (trailing), client required" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=required server_name=localhostt debug_level=1" \
+ 1 \
+ -c "does not match with the expected CN" \
+ -c "x509_verify_cert() returned -" \
+ -c "! mbedtls_ssl_handshake returned" \
+ -c "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname mismatch, client optional" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=optional server_name=wrong-name debug_level=2" \
+ 0 \
+ -c "does not match with the expected CN" \
+ -c "x509_verify_cert() returned -" \
+ -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname mismatch, client none" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=none server_name=wrong-name debug_level=2" \
+ 0 \
+ -C "does not match with the expected CN" \
+ -C "Certificate verification without having set hostname" \
+ -C "Certificate verification without CN verification" \
+ -C "x509_verify_cert() returned -" \
+ -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname null, client required" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=required set_hostname=NULL debug_level=2" \
+ 0 \
+ -C "does not match with the expected CN" \
+ -C "Certificate verification without having set hostname" \
+ -c "Certificate verification without CN verification" \
+ -C "x509_verify_cert() returned -" \
+ -C "! mbedtls_ssl_handshake returned" \
+ -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname null, client optional" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=optional set_hostname=NULL debug_level=2" \
+ 0 \
+ -C "does not match with the expected CN" \
+ -C "Certificate verification without having set hostname" \
+ -c "Certificate verification without CN verification" \
+ -C "x509_verify_cert() returned -" \
+ -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname null, client none" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=none set_hostname=NULL debug_level=2" \
+ 0 \
+ -C "does not match with the expected CN" \
+ -C "Certificate verification without having set hostname" \
+ -C "Certificate verification without CN verification" \
+ -C "x509_verify_cert() returned -" \
+ -C "X509 - Certificate verification failed"
+
+requires_config_disabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+run_test "Authentication: hostname unset, client required, secure config" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=required set_hostname=no debug_level=2" \
+ 1 \
+ -C "does not match with the expected CN" \
+ -c "Certificate verification without having set hostname" \
+ -C "Certificate verification without CN verification" \
+ -c "get_hostname_for_verification() returned -" \
+ -C "x509_verify_cert() returned -" \
+ -c "! mbedtls_ssl_handshake returned" \
+ -C "X509 - Certificate verification failed"
+
+requires_config_enabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+run_test "Authentication: hostname unset, client required, historical config" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=required set_hostname=no debug_level=2" \
+ 0 \
+ -C "does not match with the expected CN" \
+ -c "Certificate verification without having set hostname" \
+ -c "Certificate verification without CN verification" \
+ -C "get_hostname_for_verification() returned -" \
+ -C "x509_verify_cert() returned -" \
+ -C "! mbedtls_ssl_handshake returned" \
+ -C "X509 - Certificate verification failed"
+
+requires_config_disabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+run_test "Authentication: hostname unset, client required, secure config, CA callback" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=required set_hostname=no debug_level=3 ca_callback=1" \
+ 1 \
+ -C "does not match with the expected CN" \
+ -c "Certificate verification without having set hostname" \
+ -C "Certificate verification without CN verification" \
+ -c "get_hostname_for_verification() returned -" \
+ -C "use CA callback for X.509 CRT verification" \
+ -C "x509_verify_cert() returned -" \
+ -c "! mbedtls_ssl_handshake returned" \
+ -C "X509 - Certificate verification failed"
+
+requires_config_enabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+run_test "Authentication: hostname unset, client required, historical config, CA callback" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=required set_hostname=no debug_level=3 ca_callback=1" \
+ 0 \
+ -C "does not match with the expected CN" \
+ -c "Certificate verification without having set hostname" \
+ -c "Certificate verification without CN verification" \
+ -C "get_hostname_for_verification() returned -" \
+ -c "use CA callback for X.509 CRT verification" \
+ -C "x509_verify_cert() returned -" \
+ -C "! mbedtls_ssl_handshake returned" \
+ -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname unset, client optional" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=optional set_hostname=no debug_level=2" \
+ 0 \
+ -C "does not match with the expected CN" \
+ -c "Certificate verification without having set hostname" \
+ -c "Certificate verification without CN verification" \
+ -C "x509_verify_cert() returned -" \
+ -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname unset, client none" \
+ "$P_SRV" \
+ "$P_CLI auth_mode=none set_hostname=no debug_level=2" \
+ 0 \
+ -C "does not match with the expected CN" \
+ -C "Certificate verification without having set hostname" \
+ -C "Certificate verification without CN verification" \
+ -C "x509_verify_cert() returned -" \
+ -C "X509 - Certificate verification failed"
+
+requires_config_disabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+run_test "Authentication: hostname unset, client default, secure config, server picks cert, 1.2" \
+ "$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
+ 1 \
+ -C "does not match with the expected CN" \
+ -c "Certificate verification without having set hostname" \
+ -C "Certificate verification without CN verification" \
+ -c "get_hostname_for_verification() returned -" \
+ -C "x509_verify_cert() returned -" \
+ -C "X509 - Certificate verification failed"
+
+requires_config_disabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+run_test "Authentication: hostname unset, client default, secure config, server picks cert, 1.3" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral" \
+ "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
+ 1 \
+ -C "does not match with the expected CN" \
+ -c "Certificate verification without having set hostname" \
+ -C "Certificate verification without CN verification" \
+ -c "get_hostname_for_verification() returned -" \
+ -C "x509_verify_cert() returned -" \
+ -C "X509 - Certificate verification failed"
+
+requires_config_enabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+run_test "Authentication: hostname unset, client default, historical config, server picks cert, 1.2" \
+ "$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
+ 0 \
+ -C "does not match with the expected CN" \
+ -c "Certificate verification without having set hostname" \
+ -c "Certificate verification without CN verification" \
+ -C "get_hostname_for_verification() returned -" \
+ -C "x509_verify_cert() returned -" \
+ -C "X509 - Certificate verification failed"
+
+requires_config_enabled MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+run_test "Authentication: hostname unset, client default, historical config, server picks cert, 1.3" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral" \
+ "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
+ 0 \
+ -C "does not match with the expected CN" \
+ -c "Certificate verification without having set hostname" \
+ -c "Certificate verification without CN verification" \
+ -C "get_hostname_for_verification() returned -" \
+ -C "x509_verify_cert() returned -" \
+ -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" \
+ "$P_SRV force_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \
+ "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
+ 0 \
+ -C "does not match with the expected CN" \
+ -C "Certificate verification without having set hostname" \
+ -C "Certificate verification without CN verification" \
+ -C "x509_verify_cert() returned -" \
+ -C "X509 - Certificate verification failed"
+
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" \
+ "$P_SRV force_version=tls13 tls13_kex_modes=psk psk=73776f726466697368 psk_identity=foo" \
+ "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
+ 0 \
+ -C "does not match with the expected CN" \
+ -C "Certificate verification without having set hostname" \
+ -C "Certificate verification without CN verification" \
+ -C "x509_verify_cert() returned -" \
+ -C "X509 - Certificate verification failed"
+
# The purpose of the next two tests is to test the client's behaviour when receiving a server
# certificate with an unsupported elliptic curve. This should usually not happen because
# the client informs the server about the supported curves - it does, though, in the
@@ -6416,7 +6684,6 @@
# Tests for auth_mode, using CA callback, these are duplicated from the authentication tests
# When updating these tests, modify the matching authentication tests accordingly
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client required" \
"$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
key_file=$DATA_FILES_PATH/server5.key" \
@@ -6428,7 +6695,6 @@
-c "! mbedtls_ssl_handshake returned" \
-c "X509 - Certificate verification failed"
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client optional" \
"$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
key_file=$DATA_FILES_PATH/server5.key" \
@@ -6440,7 +6706,6 @@
-C "! mbedtls_ssl_handshake returned" \
-C "X509 - Certificate verification failed"
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server badcert, client none" \
"$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
key_file=$DATA_FILES_PATH/server5.key" \
@@ -6459,7 +6724,6 @@
# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a
# different means to have the server ignoring the client's supported curve list.
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
@@ -6470,7 +6734,6 @@
-c "! Certificate verification flags" \
-C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
"$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
@@ -6481,7 +6744,6 @@
-c "! Certificate verification flags"\
-c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client SHA384, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
@@ -6493,7 +6755,6 @@
-c "Supported Signature Algorithm found: 04 " \
-c "Supported Signature Algorithm found: 05 "
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
run_test "Authentication, CA callback: client SHA256, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
@@ -6505,7 +6766,6 @@
-c "Supported Signature Algorithm found: 04 " \
-c "Supported Signature Algorithm found: 05 "
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client badcert, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -6527,7 +6787,6 @@
# detect that its write end of the connection is closed and abort
# before reading the alert message.
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client cert not trusted, server required" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \
@@ -6545,7 +6804,6 @@
-s "! mbedtls_ssl_handshake returned" \
-s "X509 - Certificate verification failed"
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client badcert, server optional" \
"$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -6566,7 +6824,6 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int chain, client default" \
"$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \
key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \
@@ -6577,7 +6834,6 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client default" \
"$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
@@ -6588,7 +6844,6 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
"$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
@@ -6600,7 +6855,6 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \
"$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
@@ -6611,7 +6865,6 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int+1 chain, server required" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
@@ -6622,7 +6875,6 @@
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
run_test "Authentication, CA callback: client max_int chain, server required" \
"$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \
"$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \