-
Oleksandr Andrieiev authored
For secure connections that use certificates the SubjectUUID is retrieved from leaf certificate's CN. However, there is no binding mechanism between Root CA and Device Id that it can generate certificates for. Root CAs can issue certificates with arbitrary UUIDs, which can be used to impersonate another Device. The fix adds callback to the certificate chain validation function. This callback collects single-linked list of all UUIDs associated with the certificate in cred entries. When leaf certificate is reached, UUID of Device is retrieved and matched against static list. If no matching UUID is found, connection should be rejected. Bug: https://jira.iotivity.org/browse/IOT-3087 Change-Id: Ic766fa2256d548c99ed4a5dd76f6f3c53b5250a9 Signed-off-by:
Oleksandr Andrieiev <o.andrieiev@samsung.com>
8e30527a