Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mbedTLS lockdown trust broken -- fix #1519

Open
lantis1008 opened this issue Jan 2, 2024 · 0 comments
Open

mbedTLS lockdown trust broken -- fix #1519

lantis1008 opened this issue Jan 2, 2024 · 0 comments

Comments

@lantis1008
Copy link

Hi @nikias
The mbedTLS SSL handshake process is producing certificates that are invalid, causing the device to have to trust the host on every connection.
mbedTLS (as opposed to OpenSSL and GnuTLS) strictly follows the RFC and requires an issuer name and subject name to be set for a certificate. It will happily generate certificates with these fields empty, but will not parse them.

I've produced a simple patchset which fixes this for the project I'm working on. I'd be happy to open a PR against your repo, but please provide guidance on what DN you want as the default. For this purpose I think it really is arbitrary and doesn't matter, but obviously the values I have in my patch are specific to our project and also the byproduct of frustration after finally discovering the issue after many hours.

https://github.com/ericpaulbishop/gargoyle/blob/base_on_openwrt_2305/package/libimobiledevice/patches/030-set_subject_and_issuer_name_certs.patch

Kind regards
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lantis1008