-
Oleksandr Andrieiev authored
For secure connections that use certificates the SubjectUUID is retrieved from leaf certificate's CN. However, there is no binding mechanism between Root CA and Device Id that it can generate certificates for. Root CAs can issue certificates with arbitrary UUIDs, which can be used to impersonate another Device. The fix adds callback to the certificate chain validation function. This callback collects single-linked list of all UUIDs associated with the certificate in cred entries. When leaf certificate is reached, UUID of Device is retrieved and matched against static list. If no matching UUID is found, connection should be rejected. Bug: https://jira.iotivity.org/browse/IOT-3087 Change-Id: I20333c980226dc6a0c257dc36aab1502202993d9 Signed-off-by:
Oleksandr Andrieiev <o.andrieiev@samsung.com>
bc8c9fdc