[IOT-3108] Disabled identity check for MFG OTM 87/26087/2
authorOleksandr Andrieiev <o.andrieiev@samsung.com>
Mon, 2 Jul 2018 11:01:48 +0000 (14:01 +0300)
committerOleksandr Andrieiev <o.andrieiev@samsung.com>
Wed, 11 Jul 2018 00:14:45 +0000 (00:14 +0000)
Bug: https://jira.iotivity.org/browse/IOT-3108
Change-Id: I1bca35ab9c516f7a0850dd209e043048d9194007
Signed-off-by: Oleksandr Andrieiev <o.andrieiev@samsung.com>
resource/csdk/connectivity/src/adapter_util/ca_adapter_net_ssl.c
resource/csdk/security/provisioning/src/ownershiptransfermanager.c
resource/csdk/security/provisioning/src/oxmmanufacturercert.c
resource/csdk/security/src/credresource.c
resource/csdk/security/src/doxmresource.c
resource/csdk/security/src/secureresourcemanager.c

index e325595..dc798d7 100644 (file)
@@ -1468,7 +1468,10 @@ static SslEndPoint_t * NewSslEndPoint(const CAEndpoint_t * endpoint, mbedtls_ssl
     tep->sep.endpoint = *endpoint;
     tep->sep.endpoint.flags = (CATransportFlags_t)(tep->sep.endpoint.flags | CA_SECURE);
 
-    mbedtls_ssl_conf_verify(config, verifyIdentity, NULL);
+    if (g_getIdentityCallback != NULL)
+    {
+        mbedtls_ssl_conf_verify(config, verifyIdentity, NULL);
+    }
     if(0 != mbedtls_ssl_setup(&tep->ssl, config))
     {
         OIC_LOG(ERROR, NET_SSL_TAG, "Setup failed");
index 13a3a69..6cb4f24 100644 (file)
@@ -526,6 +526,10 @@ static void SetResult(OTMContext_t* otmCtx, const OCStackResult res)
         {
             OIC_LOG(WARNING, TAG, "Failed to revert PkixInfoHandler.");
         }
+        if(CA_STATUS_OK != CAregisterIdentityHandler(GetIdentityHandler))
+        {
+            OIC_LOG(WARNING, TAG, "Failed to set IdentityHandler.");
+        }
         if(CA_STATUS_OK != CAregisterGetCredentialTypesHandler(InitCipherSuiteList))
         {
             OIC_LOG(WARNING, TAG, "Failed to revert CredentialTypesHandler.");
index 0022d95..f79e4f1 100644 (file)
@@ -119,6 +119,12 @@ OCStackResult PrepareMCertificateCallback(OTMContext_t *otmCtx)
         return OC_STACK_ERROR;
     }
 
+    if (CA_STATUS_OK != CAregisterIdentityHandler(NULL))
+    {
+        OIC_LOG(ERROR, TAG, "Failed to register IdentityHandler");
+        return OC_STACK_ERROR;
+    }
+
     if (CA_STATUS_OK != CAregisterGetCredentialTypesHandler(InitManufacturerCipherSuiteList))
     {
         OIC_LOG(ERROR, TAG, "Failed to register CredentialTypesHandler");
index f177c92..a58f437 100644 (file)
@@ -3312,7 +3312,8 @@ void GetIdentityHandler(UuidContext_t* ctx, unsigned char* crt, size_t crtLen)
         {
             continue;
         }
-        if (0 == strcmp(cred->credUsage, TRUST_CA) && 0 == strcmp(cred->credUsage, MF_TRUST_CA))
+
+        if (0 != strcmp(cred->credUsage, TRUST_CA))
         {
             continue;
         }
index a193d28..5b343ac 100644 (file)
@@ -1519,6 +1519,7 @@ OCEntityHandlerResult HandleDoxmPostRequestMfg(OicSecDoxm_t *newDoxm,
         OIC_LOG(DEBUG, TAG, "No ciphersuite preferred");
 
         VERIFY_SUCCESS(TAG, CA_STATUS_OK == CAregisterPkixInfoHandler(GetManufacturerPkixInfo), ERROR);
+        VERIFY_SUCCESS(TAG, CA_STATUS_OK == CAregisterIdentityHandler(NULL), ERROR);
         VERIFY_SUCCESS(TAG, CA_STATUS_OK == CAregisterGetCredentialTypesHandler(
                            InitManufacturerCipherSuiteList), ERROR);
 exit:
index 0133d0d..199488e 100644 (file)
@@ -472,13 +472,13 @@ OCStackResult SRMInitSecureResources(void)
     InitSecureResources();
     OCStackResult ret = OC_STACK_OK;
 #if defined(__WITH_DTLS__) || defined(__WITH_TLS__)
-    CAregisterIdentityHandler(GetIdentityHandler);
     if (CA_STATUS_OK != CAregisterPskCredentialsHandler(GetDtlsPskCredentials))
     {
         OIC_LOG(ERROR, TAG, "Failed to revert TLS credential handler.");
         ret = OC_STACK_ERROR;
     }
     CAregisterPkixInfoHandler(GetPkixInfo);
+    CAregisterIdentityHandler(GetIdentityHandler);
     CAregisterGetCredentialTypesHandler(InitCipherSuiteList);
 #endif // __WITH_DTLS__ or __WITH_TLS__
     return ret;