BEDTLS_SSL_VERIFY_REQUIRED in altcp_tls_mbedtls

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

BEDTLS_SSL_VERIFY_REQUIRED in altcp_tls_mbedtls

Cesare Garlati-2
LWIP builds by default with TLS ca certificate verification optional
(MBEDTLS_SSL_VERIFY_OPTIONAL), which is unsuitable for production as it
bypasses TLS authentication.

Question: is there a way to change the mbedTLS setting into 
MBEDTLS_SSL_VERIFY_REQUIRED without hacking the lwip code?

Would it make sense to add a new lwip config macro
ALTCP_MBEDTLS_SSL_VERIFY with the 4 mbedTLS options below?

#define MBEDTLS_SSL_VERIFY_NONE           0
#define MBEDTLS_SSL_VERIFY_OPTIONAL     1
#define MBEDTLS_SSL_VERIFY_REQUIRED    2
#define MBEDTLS_SSL_VERIFY_UNSET          3

Alternatively, Would it make sense to ship lwip with security enabled by
default and simply replace  the current MBEDTLS_SSL_VERIFY_OPTIONAL with
MBEDTLS_SSL_VERIFY_REQUIRED in apps/altcp_tls/altcp_tls_mbedtls?

Happy to submit a patch if it makes sense.


Cesare



_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: BEDTLS_SSL_VERIFY_REQUIRED in altcp_tls_mbedtls

Indan Zupancic
Hello Cesare,

> LWIP builds by default with TLS ca certificate verification optional (MBEDTLS_SSL_VERIFY_OPTIONAL),
> which is unsuitable for production as it bypasses TLS authentication.

This depends on how you use TLS. For e.g. HTTP it is the client that requires verification
and not the server (client certification is also possible, but unusual). If that server runs
on lwIP then I don't think you want to enable MBEDTLS_SSL_VERIFY_REQUIRED.

Best regards,

Indan Zupancic



TT Vasumweg 150  |  1033 SH Amsterdam  |  The Netherlands
Phone: + 31 [0]20 482 56 32  |   Fax: + 31 [0]20 482 00 77  |  Email: [hidden email]

-----Original Message-----
From: lwip-users <lwip-users-bounces+indan.zupancic=[hidden email]> On Behalf Of Cesare Garlati
Sent: Monday, 22 June 2020 20:14
To: [hidden email]
Subject: [lwip-users] BEDTLS_SSL_VERIFY_REQUIRED in altcp_tls_mbedtls

LWIP builds by default with TLS ca certificate verification optional (MBEDTLS_SSL_VERIFY_OPTIONAL), which is unsuitable for production as it bypasses TLS authentication.

Question: is there a way to change the mbedTLS setting into MBEDTLS_SSL_VERIFY_REQUIRED without hacking the lwip code?

Would it make sense to add a new lwip config macro ALTCP_MBEDTLS_SSL_VERIFY with the 4 mbedTLS options below?

#define MBEDTLS_SSL_VERIFY_NONE           0 #define MBEDTLS_SSL_VERIFY_OPTIONAL     1 #define MBEDTLS_SSL_VERIFY_REQUIRED    2 #define MBEDTLS_SSL_VERIFY_UNSET          3

Alternatively, Would it make sense to ship lwip with security enabled by default and simply replace  the current MBEDTLS_SSL_VERIFY_OPTIONAL with MBEDTLS_SSL_VERIFY_REQUIRED in apps/altcp_tls/altcp_tls_mbedtls?

Happy to submit a patch if it makes sense.


Cesare




_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users