asgardius/virtualx-engine
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Better error handling in SSLContext, Crypto

Browse source
This commit is contained in:
Fabio Alessandrelli 2019-08-22 16:40:43 +02:00
parent 99f657d89f
commit 17d5b471b9
2 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
modules/mbedtls/crypto_mbedtls.cpp
View file

@ -69,7 +69,7 @@ Error CryptoKeyMbedTLS::load(String p_path) {
int ret = mbedtls_pk_parse_key(&pkey, out.read().ptr(), out.size(), NULL, 0); int ret = mbedtls_pk_parse_key(&pkey, out.read().ptr(), out.size(), NULL, 0);
// We MUST zeroize the memory for safety! // We MUST zeroize the memory for safety!
mbedtls_platform_zeroize(out.write().ptr(), out.size()); mbedtls_platform_zeroize(out.write().ptr(), out.size());
ERR_FAIL_COND_V_MSG(ret, FAILED, "Error parsing some certificates: " + itos(ret)); ERR_FAIL_COND_V_MSG(ret, FAILED, "Error parsing private key: " + itos(ret));
return OK; return OK;
} }

11
modules/mbedtls/ssl_context_mbedtls.cpp
View file

@ -94,6 +94,9 @@ Error SSLContextMbedTLS::init_server(int p_transport, int p_authmode, Ref<Crypto
} }
Error SSLContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509CertificateMbedTLS> p_valid_cas) { Error SSLContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509CertificateMbedTLS> p_valid_cas) {
Error err = _setup(MBEDTLS_SSL_IS_CLIENT, p_transport, p_authmode);
ERR_FAIL_COND_V(err != OK, err);
X509CertificateMbedTLS *cas = NULL; X509CertificateMbedTLS *cas = NULL;
if (p_valid_cas.is_valid()) { if (p_valid_cas.is_valid()) {
@ -104,11 +107,11 @@ Error SSLContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509Ce
} else { } else {
// Fall back to default certificates (no need to lock those). // Fall back to default certificates (no need to lock those).
cas = CryptoMbedTLS::get_default_certificates(); cas = CryptoMbedTLS::get_default_certificates();
ERR_FAIL_COND_V(cas == NULL, ERR_UNCONFIGURED); if (cas == NULL) {
clear();
ERR_FAIL_V_MSG(ERR_UNCONFIGURED, "SSL module failed to initialize!");
}
} }
Error err = _setup(MBEDTLS_SSL_IS_CLIENT, p_transport, p_authmode);
ERR_FAIL_COND_V(err != OK, err);
// Set valid CAs // Set valid CAs
mbedtls_ssl_conf_ca_chain(&conf, &(cas->cert), NULL); mbedtls_ssl_conf_ca_chain(&conf, &(cas->cert), NULL);