Bug in tls_set_credential #23209

md-jamal · 2020-03-03T03:25:30Z

Hi Guys,

This is the code present in subsys/net/lib/sockets/sockets_tls.c

static int tls_set_credential(struct tls_context *tls,
			      struct tls_credential *cred)
{
	switch (cred->type) {
	case TLS_CREDENTIAL_CA_CERTIFICATE:
		return tls_add_ca_certificate(tls, cred);

	case TLS_CREDENTIAL_SERVER_CERTIFICATE:
	{
		struct tls_credential *priv_key =
			credential_get(cred->tag, TLS_CREDENTIAL_PRIVATE_KEY);
		if (!priv_key) {
			return -ENOENT;
		}

		return tls_set_own_cert(tls, cred, priv_key);
	}

	case TLS_CREDENTIAL_PRIVATE_KEY:
		/* Ignore private key - it will be used together
		 * with public certificate
		 */
		break;

Here in this you can see when it tries to set TLS_CREDENTIAL_SERVER_CERTIFICATE, it will always fail with ENOENT, because we are using the tag of TLS_CREDENTIAL_SERVER_CERTIFICATE and type of PRIVATE_KEY.

The text was updated successfully, but these errors were encountered:

rlubos · 2020-03-03T13:57:15Z

It's not a bug, TLS_CREDENTIAL_SERVER_CERTIFICATE has to be combined with a corresponding TLS_CREDENTIAL_PRIVATE_KEY. Such a pair is sharing the same tag, it's documented here:
https://docs.zephyrproject.org/latest/reference/networking/sockets.html#_CPPv49sec_tag_t
https://docs.zephyrproject.org/latest/reference/networking/sockets.html#_CPPv4N15tls_credentials33TLS_CREDENTIAL_SERVER_CERTIFICATEE

md-jamal added the bug The issue is a bug, or the PR is fixing a bug label Mar 3, 2020

carlescufi assigned rlubos Mar 3, 2020

carlescufi added the area: Networking label Mar 3, 2020

rlubos closed this as completed Mar 3, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bug in tls_set_credential #23209

Bug in tls_set_credential #23209

md-jamal commented Mar 3, 2020

rlubos commented Mar 3, 2020

Bug in tls_set_credential #23209

Bug in tls_set_credential #23209

Comments

md-jamal commented Mar 3, 2020

rlubos commented Mar 3, 2020