Skip to content

FIX: Some minor TLS bugs found along the way#3792

Merged
reneme merged 3 commits intomasterfrom
fix/minor_tls_bugs
Nov 1, 2023
Merged

FIX: Some minor TLS bugs found along the way#3792
reneme merged 3 commits intomasterfrom
fix/minor_tls_bugs

Conversation

@reneme
Copy link
Copy Markdown
Collaborator

@reneme reneme commented Nov 1, 2023

This fixes a few minor things I found while implementing RFC 7250 (#3771). Namely:

  • ./botan tls_server aborts when the provided certificate file doesn't contain any parsable certificates
  • TLS::Callbacks::tls_modify_extension() is called for each certificate_entry in TLS 1.3 (when creating a Certificate message), but the adaptions a use made were simply discarded
  • A -Wmaybe-uninitialized in msg_certificate_13.cpp that bugged for quite some time now

@reneme
FIX: Abort ./botan tls_server on failed cert load
24708b0 
For instance, if the provided certificate chain file does not
contain any certificates. In this case the server was started
regardless but segfaulted once the first client connected.
@reneme reneme added the bug label Nov 1, 2023
@reneme reneme added this to the Botan 3.3.0 milestone Nov 1, 2023
@reneme reneme requested a review from randombit November 1, 2023 10:33
@reneme reneme self-assigned this Nov 1, 2023
reneme added 2 commits November 1, 2023 11:34
@reneme
FIX: Callbacks::tls_modify_extensions() for TLS 1.3 cert entry
334a658 
Previously, TLS::Callbacks::tls_modify_extensions() was called
for an empty TLS::Extensions() object for each Certificate message
entry. The passed-in empty Extensions object was then discarded.
@reneme
FIX: compiler warning -Wmaybe-uninitialized
999fc82 
My best guess: when calling 'push_back(std::nullopt)' the compiler
somehow assumes that the wrapped (and uninitialized) OCSP::Response might
be accessible -- resulting in an uninitialized read. Using 'emplace_back()'
seems to not trigger this.
@reneme reneme force-pushed the fix/minor_tls_bugs branch from 00482b4 to 999fc82 Compare November 1, 2023 10:35
@coveralls
Copy link
Copy Markdown

coveralls commented Nov 1, 2023

Coverage Status

coverage: 91.714% (+0.009%) from 91.705% when pulling 999fc82 on fix/minor_tls_bugs into 98dfdc1 on master.

@reneme reneme mentioned this pull request Nov 1, 2023
Merged
@reneme reneme merged commit 5ffd732 into master Nov 1, 2023
@reneme reneme deleted the fix/minor_tls_bugs branch November 1, 2023 14:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@randombit randombit randombit approved these changes

Assignees

@reneme reneme

Labels

bug

Projects

None yet

Milestone

Botan 3.3.0

Development

Successfully merging this pull request may close these issues.

3 participants

@reneme @coveralls @randombit