SSL - Certificate subject does not match remote hostname

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
Anonymous
Not applicable

Hi

I try ssl connection and every thing looks good, but when I tested correct certification I saw that Wiced doesn't check the hostname form public serwer certificate with lookup domain.

In wiced_tls_init_simple_context we set peer_cn e.g "mydomain.com"

     context->context.peer_cn = peer_cn;

In wiced_tcp_enable_tls context pointer is assigned to socket.

    socket->tls_context = context;

And until this moment everything looks great but next, in wiced_tcp_connect() when we socket->tls_context != NULL runs wiced_tcp_start_tls() next wiced_tcp_start_tls_with_ciphers() and first line we have

memset( &tls_context->context, 0, sizeof(wiced_tls_context_t) );

Probably in ssl_init performs zeroing of context too

And now my question, is any idea to repair this problem with Wiced function or I must write myself function whitch compare mydomain with decrypted public server certificate because we have this in

tls_context->context.peer_cert->subject.val.p

at the and on wiced_tcp_start_tls_with_ciphers()?

I use SDK 3.1.1.

Best regards

0 Likes
2 Replies
SeyhanA_31
Employee
Employee
250 replies posted 100 replies posted 50 replies posted

Hi,

Is this still an issue for you or you have a workaround already in place.

Seyhan

0 Likes
Anonymous
Not applicable

Hi,

I didn't make my function because it's not a most critical for safety, but if you can it's very nice to see in next SDK.

Adam

0 Likes