FS#4188 - libwolfssl can't authenticate ip address ssl certificates #9168
Labels
core packages
pull request/issue for core (in-tree) packages
flyspray
release/21.02
pull request/issue targeted (also) for OpenWrt 21.02 release
Alozxy:
Recently I found that the libwolfssl could not authenticate some ip address ssl certificates.A strange thing is that some URLs(like https://1.1.1.1/) can be authenticated successfully, but others cannot(like https://223.5.5.5/),and it just happen on my mt7621 router Xiaomi Redmi AC2100 but cannot be reproduced on ipq4019 router MobiPromo CM520-79F.
And then i dig deeper into the source code and found the bug.
[[https://raw.githubusercontent.com/wolfSSL/wolfssl/v4.8.1-stable/src/internal.c]]
In line 10097,macro XSNPRINTF would expand to snprintf,and altName->name[i] has a char type.
on different platforms,char is not alway unsigned,if altName->name[i] is signed char and is larger than 127,it will then be convert into unsigned int incorrectly and print the wrong string.
The problem seems be sloved in wolfssl v5.0 because i saw some changes of relevant code,but the wolfssl in openwrt 21.02 is still v4.8.1-stable.I think maybe we can either upgrade the package or add a path to exist code?
The text was updated successfully, but these errors were encountered: