2 Replies Latest reply on Jul 28, 2016 11:01 PM by axel.lin_1746341

    SDK-3.7.0: Bug in wiced_https_get implementation

    axel.lin_1746341

      Testing a static variable certificate_loaded is simply wrong.

      If create 2 threads to connect server with different URL paths,

      the fist thread test certificate_loaded and init tls identity, the second

      thread will NOT init tls identity.

       

      In additional, use strlen( dct_security->private_key ) and strlen( dct_security->certificate ) are also buggy.

      How do you make sure the private_key and certificate read from DCT is NULL terminated?

      Think about the case write a longer cert/key to DCT then override it with a shorter cert/key.

      Then you got wrong length by strlen().