mbedtls/library
Janos Follath 088ce43ffe Implement optional CA list suppression in Certificate Request
According to RFC5246 the server can indicate the known Certificate
Authorities or can constrain the aurhorisation space by sending a
certificate list. This part of the message is optional and if omitted,
the client may send any certificate in the response.

The previous behaviour of mbed TLS was to always send the name of all the
CAs that are configured as root CAs. In certain cases this might cause
usability and privacy issues for example:
- If the list of the CA names is longer than the peers input buffer then
  the handshake will fail
- If the configured CAs belong to third parties, this message gives away
  information on the relations to these third parties

Therefore we introduce an option to suppress the CA list in the
Certificate Request message.

Providing this feature as a runtime option comes with a little cost in
code size and advantages in maintenance and flexibility.
2017-05-16 10:22:37 +01:00
..
.gitignore Split libs with make + general make cleanups 2015-06-25 10:59:56 +02:00
aes.c Fix unused variable in AES selftest when CBC and CFB disabled (#393) 2016-06-22 16:48:16 +01:00
aesni.c Fix build errors on x32 by using the generic 'add' instruction 2016-05-23 14:29:28 +01:00
arc4.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
asn1parse.c Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-13 13:54:14 +01:00
asn1write.c Add mbedtls_asn1_write_len() support for 3 and 4 byte lengths 2016-08-25 15:42:27 +01:00
base64.c Add comment to integer overflow fix in base64.c 2017-02-15 23:31:07 +02:00
bignum.c Fix buffer overflow in mbedtls_mpi_write_string() 2017-03-02 21:34:21 +00:00
blowfish.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
camellia.c Address user reported coverity issues. 2016-06-07 14:52:35 +01:00
ccm.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
certs.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
cipher_wrap.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
cipher.c Fix integer overflows in buffer bound checks 2017-02-15 23:31:07 +02:00
cmac.c Fix check-doxy-blocks.pl errors (cmac.c ecjpake.h) 2017-05-12 00:18:04 +01:00
CMakeLists.txt Update library version number to 2.4.1 2017-02-15 22:55:55 +02:00
ctr_drbg.c Fix integer overflows in buffer bound checks 2017-02-15 23:31:07 +02:00
debug.c Fix compiler warning in debug.c 2017-02-15 09:08:26 +00:00
des.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
dhm.c Corrected references for RSA and DHM 2016-01-20 00:44:42 +00:00
ecdh.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ecdsa.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
ecjpake.c Fix potential stack buffer overflow in ecjpake 2015-10-20 16:20:56 +02:00
ecp_curves.c ECP: Add module and function level replacement options. 2017-05-11 22:42:14 +01:00
ecp.c Fix cleanup label alignment 2017-05-11 22:42:14 +01:00
entropy_poll.c Renames null entropy source function for clarity 2016-06-12 00:31:33 +01:00
entropy.c Fix unused variable warnings for null entropy config 2016-09-15 18:57:34 +01:00
error.c Merge fix for IE Certificate Compatibility 2016-10-13 17:21:01 +01:00
gcm.c Fix documentation for mbedtls_gcm_finish() 2016-10-13 13:54:47 +01:00
havege.c Fixes warnings found by Clang static analyser 2016-05-23 23:18:26 +01:00
hmac_drbg.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Makefile Added cmac.o to libary/Makefile 2016-10-13 13:51:09 +01:00
md2.c Fix integer overflows in buffer bound checks 2017-02-15 23:31:07 +02:00
md4.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
md5.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
md_wrap.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
md.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
memory_buffer_alloc.c Fixes memory leak in memory_buffer_alloc.c debug 2016-05-23 14:29:29 +01:00
net_sockets.c Fix formatting issues in net_sockets.c 2017-02-15 09:08:26 +00:00
oid.c Removing in compile time unused entries from oid_ecp_grp list 2016-09-04 15:14:38 +01:00
padlock.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pem.c Fix unused variable/function compilation warnings 2017-02-15 22:54:42 +02:00
pk_wrap.c Fix data loss in unsigned int cast in PK 2017-05-11 21:55:17 +01:00
pk.c Fix data loss in unsigned int cast in PK 2017-05-11 21:55:17 +01:00
pkcs5.c Fix output of PKCS#5 and RIPEMD-160 self tests 2016-08-25 16:36:35 +01:00
pkcs11.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
pkcs12.c Shut up a few clang-analyze warnings about use of uninitialized variables 2016-05-23 14:29:28 +01:00
pkparse.c Clarify Comments and Fix Typos (#651) 2017-02-15 09:08:26 +00:00
pkwrite.c Fix other occurrences of same bounds check issue 2015-10-21 12:50:45 +02:00
platform.c Fix various compiler warnings with MSVC 2017-02-15 09:08:26 +00:00
ripemd160.c Fix output of PKCS#5 and RIPEMD-160 self tests 2016-08-25 16:36:35 +01:00
rsa.c Restore P>Q in RSA key generation (#558) 2016-10-13 13:54:48 +01:00
sha1.c Adds casts to zeroize functions to allow building as C++ 2016-05-23 14:29:32 +01:00
sha256.c Use allocated memory for SHA self tests 2016-10-13 15:10:14 +01:00
sha512.c Use allocated memory for SHA self tests 2016-10-13 15:10:14 +01:00
ssl_cache.c Puts platform time abstraction into its own header 2016-07-13 14:46:18 +01:00
ssl_ciphersuites.c Puts platform time abstraction into its own header 2016-07-13 14:46:18 +01:00
ssl_cli.c Merge fix for IE Certificate Compatibility 2016-10-13 17:21:01 +01:00
ssl_cookie.c Fix resource leak when using mutex and ssl_cookie 2017-03-02 12:26:11 +00:00
ssl_srv.c Implement optional CA list suppression in Certificate Request 2017-05-16 10:22:37 +01:00
ssl_ticket.c Puts platform time abstraction into its own header 2016-07-13 14:46:18 +01:00
ssl_tls.c Implement optional CA list suppression in Certificate Request 2017-05-16 10:22:37 +01:00
threading.c Apply review feedback on ECP interface 2017-05-11 22:42:14 +01:00
timing.c Give better error messages for semi-portable parts 2016-02-22 10:47:32 +01:00
version_features.c Update version features with ECP macros 2017-05-11 22:42:14 +01:00
version.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
x509_create.c Fix other occurrences of same bounds check issue 2015-10-21 12:50:45 +02:00
x509_crl.c Fix memory leak in mbedtls_x509_crl_parse() 2017-02-28 14:51:31 +00:00
x509_crt.c Merge branch 'iotssl-1071-ca-flags' 2017-02-27 19:06:05 +00:00
x509_csr.c Fix unused variable/function compilation warnings 2017-02-15 22:54:42 +02:00
x509.c Fix buffer overread in mbedtls_x509_get_time() 2017-02-28 14:23:12 +00:00
x509write_crt.c Add missing bounds check in X509 DER write funcs 2016-10-11 14:07:48 +01:00
x509write_csr.c Add missing bounds check in X509 DER write funcs 2016-10-11 14:07:48 +01:00
xtea.c Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00