Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server handshakes with mismatched public/private key pair #507

Closed
attilamolnar opened this issue Jun 14, 2016 · 2 comments · Fixed by #2134
Closed

Server handshakes with mismatched public/private key pair #507

attilamolnar opened this issue Jun 14, 2016 · 2 comments · Fixed by #2134
Labels
bug

Comments

@attilamolnar
Copy link
Contributor

attilamolnar commented Jun 14, 2016
edited
Loading

mbedTLS does not verify that the public/private key pair matches when doing a handshake, resulting in client side public key signature verification errors if they don't match. This was tested on 2.2.1.

If this is the desired behavior then the documentation of mbedtls_ssl_conf_own_cert() should be updated to mention this fact and also point to mbedtls_pk_check_pair().
@ciarmcom
Copy link

ARM Internal Ref: IOTSSL-821

simonbutcher added a commit that referenced this issue Sep 13, 2018
@simonbutcher
Merge pull request #507 from sbutcher-arm/mbedtls-version-2.1.15
c4a33d5 
Update library version number to 2.1.15
@mpg
Copy link
Contributor

mpg commented Oct 25, 2018

@attilamolnar Thanks for your report, and sorry for taking so long to reply!

We think the behaviour is as intended, since the check can be computationally expensive, which turned out to be a problem for some users depending on their workflow. So we're going to apply your suggestion and update the documentation to clarify that and reference mbedtls_pk_check_pair().

mpg added a commit to mpg/mbedtls that referenced this issue Oct 25, 2018
@mpg
Clarify documentation of ssl_set_own_cert()
0020b90 
fixes Mbed-TLS#507
@mpg mpg mentioned this issue Oct 25, 2018
Merged
mpg added a commit to mpg/mbedtls that referenced this issue Oct 29, 2018
@mpg
Clarify documentation of ssl_set_own_cert()
d8e3a1e 
fixes Mbed-TLS#507
mpg added a commit to mpg/mbedtls that referenced this issue Oct 29, 2018
@mpg
Clarify documentation of ssl_set_own_cert()
37f739f 
fixes Mbed-TLS#507
mpg added a commit to mpg/mbedtls that referenced this issue Oct 29, 2018
@mpg
Clarify documentation of ssl_set_own_cert()
3aed597 
fixes Mbed-TLS#507
mpg added a commit to mpg/mbedtls that referenced this issue Oct 29, 2018
@mpg
Clarify documentation of ssl_set_own_cert()
162f682 
fixes Mbed-TLS#507
iameli pushed a commit to livepeer/mbedtls that referenced this issue Dec 5, 2023
@pabuhler
Merge pull request Mbed-TLS#507 from Lastique/optimize_datatypes
398f299 
Add x86 SIMD optimizations to crypto datatypes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Clarify documentation of ssl_set_own_cert() mpg/mbedtls
4 participants
@mpg @attilamolnar @simonbutcher @ciarmcom