Comments (4)
Thank you for your report. That, indeed, looks like a bug. I'll have a look.
from python-mbedtls.
The very long strip of "\0"
bytes is definitely unnecessary. I am not yet sure where it comes from but I see I use mbedtls_pk_write_pubkey_der()
+ homemade DER-to-PEM conversion to create the PEM certificates, where mbedtls_pk_write_pubkey_pem()
might be a better choice.
mbedtls_pk_write_pubkey_pem()
is documented as
The output includes a terminating null bytes
and
# buf as above in your repro
key = mbedtls.pk.ECC.from_PEM(buf.rstrip("\0") + "\0"))
does not raise. That is, a single, terminating \0
byte is currently necessary but the following ones are most likely ignored.
I still need to compare with openssl.
from python-mbedtls.
I'll have to fix both x509
and pk
modules.
The upstream documentation mentions a terminating null byte for mbedtls_pk_write_pubkey_pem
as well, which I should probably skip. As you already mentioned, this byte is not in the openssl output.
from python-mbedtls.
Appending only one null byte is something I did not try. But I can see why this works and might be required, considering null terminated strings in C.
In any case, I am glad my report helped to draw attention to this.
from python-mbedtls.
Related Issues (20)
- Possibility to change mbedtls_ssl_conf_read_timeout HOT 7
- Chunking while sending more than 1024B data during handshake HOT 5
- TLS error when running client.py and server.py HOT 2
- server.py and client.py still have bugs when running on the Ubuntu system. HOT 2
- DTLSConnection Id Support HOT 1
- Vulnerable shared libraries might make python-mbedtls vulnerable. Can you help upgrade to patch versions? HOT 3
- won't install/compile HOT 1
- fails to run HOT 2
- error control nb args HOT 1
- Executing server.py gives:
- server.py error HOT 2
- Tests fail if mbedtls built without ARIA support HOT 1
- AES GCM 128 and 256 fails TAG test vector HOT 2
- Provide an example of DTLS server and client with certificates instead of PSK HOT 14
- Possibility to change MTU (max_frag_len) fragmentation size. HOT 8
- TLSWrappedSocket.shutdown(int) does not send DTLS Alert Close Notify message (mbedtls_ssl_close_notify) HOT 4
- Python handle of "record from another epoch: expected 1, received 0" HOT 4
- test_version() test fails due to Mbed TLS spelling change HOT 2
- Random error in HelloVerifyRequest() HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-mbedtls.