diff options
author | m-gardet <m.gardet@overkiz.com> | 2015-10-21 09:30:31 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2015-10-22 15:28:57 +0200 |
commit | ace68fdc0cfed83dcfb5826cf0a047f6e8e966d3 (patch) | |
tree | 7dfb8a03caa26f768d69d19a79866620c861073f /lib/vtls | |
parent | 9744ef2289b606515b91f39c827a65f55c6ca909 (diff) |
mbedtls:new profile with RSA min key len = 1024.
Closes #502
Diffstat (limited to 'lib/vtls')
-rw-r--r-- | lib/vtls/mbedtls.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index b7d84cac6..fa2add78e 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -123,6 +123,24 @@ static void mbedtls_debug(void *context, int level, const char *line) # endif #endif + +/* + * profile + */ +const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_fr = +{ + /* Hashes from SHA-1 and above */ + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), + 0xFFFFFFF, /* Any PK alg */ + 0xFFFFFFF, /* Any curve */ + 1024, /* RSA min key len */ +}; + static Curl_recv mbedtls_recv; static Curl_send mbedtls_send; @@ -274,7 +292,6 @@ mbedtls_connect_step1(struct connectdata *conn, infof(data, "mbedTLS: Connecting to %s:%d\n", conn->host.name, conn->remote_port); - mbedtls_ssl_config_init(&connssl->config); mbedtls_ssl_init(&connssl->ssl); @@ -291,6 +308,10 @@ mbedtls_connect_step1(struct connectdata *conn, return CURLE_SSL_CONNECT_ERROR; } + /* new profile with RSA min key len = 1024 ... */ + mbedtls_ssl_conf_cert_profile( &connssl->config, + &mbedtls_x509_crt_profile_fr); + switch(data->set.ssl.version) { case CURL_SSLVERSION_SSLv3: mbedtls_ssl_conf_min_version(&connssl->config, MBEDTLS_SSL_MAJOR_VERSION_3, |