aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKishen Maloor <kishen.maloor@intel.com>2018-12-11 17:22:04 -0800
committerKishen Maloor <kishen.maloor@intel.com>2018-12-14 04:05:38 +0000
commitb0c990b2547de2082aa695c7b727d2a45eb38542 (patch)
treeee1fe689ee9d75367429d0c926e84b8291e938b0
parent4f045e4a0f6d05a564877a6413cf33a51173fe25 (diff)
oc_tls:fix logic in handling tracked cert chains
* Fixed logic of oc_tls_remove_identity_cert() which frees allocated mbedTLS resources pertaining to a cred entry. * Fix logic in oc_tls_populate_ssl_config() while picking whether to configure an identity cert or manufacturer cert based on ownership status. Change-Id: Icaa2d1dc3f594bf5341ae9753b88e4e0ec6b1b79 Signed-off-by: Kishen Maloor <kishen.maloor@intel.com> Reviewed-on: https://gerrit.iotivity.org/gerrit/27765
-rw-r--r--security/oc_tls.c10
-rw-r--r--security/oc_tls.h2
2 files changed, 6 insertions, 6 deletions
diff --git a/security/oc_tls.c b/security/oc_tls.c
index a16d062..9ef9a31 100644
--- a/security/oc_tls.c
+++ b/security/oc_tls.c
@@ -614,16 +614,16 @@ oc_tls_refresh_identity_certs(void)
}
void
-oc_tls_remove_identity_cert(oc_sec_cred_t *cred, size_t device)
+oc_tls_remove_identity_cert(oc_sec_cred_t *cred)
{
oc_x509_crt_t *cert = (oc_x509_crt_t *)oc_list_head(identity_certs);
- while (cert != NULL && cert->cred != cred && cert->device != device) {
+ while (cert != NULL && cert->cred != cred) {
cert = cert->next;
}
if (cert) {
+ oc_list_remove(identity_certs, cert);
mbedtls_x509_crt_free(&cert->cert);
mbedtls_pk_free(&cert->pk);
- oc_list_remove(identity_certs, cert);
oc_memb_free(&identity_certs_s, cert);
}
}
@@ -875,12 +875,12 @@ oc_tls_populate_ssl_config(mbedtls_ssl_config *conf, size_t device, int role,
* chain for this device based on device ownership status.
*/
if (doxm->owned &&
- oc_tls_load_identity_cert_chain(conf, device, selected_id_cred) != 0) {
- OC_WRN("could not configure identity cert chain");
+ oc_tls_load_identity_cert_chain(conf, device, selected_id_cred) == 0) {
} else if (oc_tls_load_mfg_cert_chain(conf, device, selected_mfg_cred) != 0) {
OC_WRN("could not configure mfg cert chain");
}
selected_mfg_cred = -1;
+ selected_id_cred = -1;
#endif /* OC_PKI */
return 0;
}
diff --git a/security/oc_tls.h b/security/oc_tls.h
index 11bdd62..b193357 100644
--- a/security/oc_tls.h
+++ b/security/oc_tls.h
@@ -56,7 +56,7 @@ void oc_tls_select_identity_cert_chain(int credid);
/* Internal interface for refreshing identity certficate chains */
void oc_tls_refresh_identity_certs(void);
-void oc_tls_remove_identity_cert(oc_sec_cred_t *cred, size_t device);
+void oc_tls_remove_identity_cert(oc_sec_cred_t *cred);
/* Internal interface for refreshing trust anchor credentials */
void oc_tls_refresh_trust_anchors(void);