From 41d18972997880f45b825ea1eee40d4be0d33acd Mon Sep 17 00:00:00 2001
From: nsslh <86477147+nsslh@users.noreply.github.com>
Date: Wed, 22 Nov 2023 11:37:44 +0200
Subject: [PATCH] Fix regression in strerror (#276)

* Demonstrate strerror regression

Re JuliaLang/MbedTLS.jl#274

* Fix regression in strerror

Fixes JuliaLang/MbedTLS.jl#274

* Match exception substring

* Fix test on julia-1.6
---
 src/error.jl              |  2 +-
 test/clntsrvr/badca.cert  | 20 ++++++++++++++
 test/clntsrvr/clntsrvr.jl | 56 +++++++++++++++++++++++++++++++++++++--
 3 files changed, 75 insertions(+), 3 deletions(-)
 create mode 100644 test/clntsrvr/badca.cert

diff --git a/src/error.jl b/src/error.jl
index df28e15..af5ecd7 100644
--- a/src/error.jl
+++ b/src/error.jl
@@ -22,7 +22,7 @@ function strerror(ret, bufsize=1000)
     ccall((:mbedtls_strerror, libmbedcrypto), Cvoid,
         (Cint, Ptr{Cvoid}, Csize_t),
         ret, buf, bufsize)
-    resize!(buf, something(findfirst(0x00, buf), length(buf) + 1) - 1)
+    resize!(buf, something(findfirst(iszero, buf), length(buf) + 1) - 1)
     s = String(buf)
     if ret == MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE
         s *= " (You may need to enable `ssl_conf_renegotiation!`. See " *
diff --git a/test/clntsrvr/badca.cert b/test/clntsrvr/badca.cert
new file mode 100644
index 0000000..e07eaae
--- /dev/null
+++ b/test/clntsrvr/badca.cert
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAjOgAwIBAgIIRg8z3ebcnAkwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
+AxMVbWluaWNhIHJvb3QgY2EgNDYwZjMzMCAXDTIzMTExNjE0MjIzMFoYDzIxMjMx
+MTE2MTQyMjMwWjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSA0NjBmMzMwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCofv0XrEfxbWcSLQSGUYK+LIVf
+C5jkqquHOaH0MWnjNhJeDICqrRWLc3Z+X0cxlcboUvk/oZXWucJqrbaVL1foWIO/
+6dYROJiWyFZw/A7X9vUqJTIFiJuK7NVyDiKzBkNNBQ8Z/KfYjSyBCbWzjXb6fAT/
+lrJl1OGbI17iMhX/Y9imEHtw46wGgRRvSLif/UC114ujqAZ1tQlzZdcVsZzC5yAo
+beeukLz/uIz3FvhzCM0zLfEdtnU0txj6yZqlMOD5sfMESZCkjdKuwwY0Vt/eHLKp
+Jxwr1VGFKSmM7MLGtfwIvLIPQM22iXcntpYXFMUV4xRpqjnrjXapReL6vlP9AgMB
+AAGjgYYwgYMwDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
+BgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSPJmaTlhDlmJ9n
+9tcf4Q3t+FPkzjAfBgNVHSMEGDAWgBSPJmaTlhDlmJ9n9tcf4Q3t+FPkzjANBgkq
+hkiG9w0BAQsFAAOCAQEAdj0k/u0g7JQVaCd4sk7tlKvtaKoR5xjebNn87XuXyv80
+mv43yw2hWK4XihLz/SPCFhqz11aQfz7NaUemqX7YAK6jKR4ApjVLqW1tiJpBxX5C
+DPlLV+2htc9Qbjj3/uIqooPfzfAaEOQMRS8JARP4XkdG/t+BCGyWVWBN9/ztFgUc
+nUGlztsvZTknXz2nqplAVJH5TXGFLPegSU/y0y2z6xeIxs2Arx93SzmYNqZnokxR
+WiK2UnH7ClLYiyHumppCpl/dcevs3dNIIqN+vVsRw9g3Qi2d3qgue1L2zC5sbknm
+2EN6MBqIHxU3DgcoLcNrI+6qEhPOHdelSdum/x7A5A==
+-----END CERTIFICATE-----
diff --git a/test/clntsrvr/clntsrvr.jl b/test/clntsrvr/clntsrvr.jl
index bed7406..cd56fb3 100644
--- a/test/clntsrvr/clntsrvr.jl
+++ b/test/clntsrvr/clntsrvr.jl
@@ -12,9 +12,8 @@ function sslaccept(server, certfile, keyfile)
     return sslconn
 end
 
-function sslconnect(dest, port)
+function sslconnect(dest, port, sslconfig = MbedTLS.SSLConfig(false))
     conn = connect(dest, port)
-    sslconfig = MbedTLS.SSLConfig(false)
     sslconn = MbedTLS.SSLContext()
     MbedTLS.setup!(sslconn, sslconfig)
     MbedTLS.set_bio!(sslconn, conn)
@@ -65,8 +64,61 @@ function testclntsrvr(certfile, keyfile)
     close(t)
 end
 
+function testverify(certfile, keyfile, badcafile)
+    outbuff = ones(UInt8, 100) * UInt8(65)
+    trigger = Channel{Bool}(1)
+    port = UInt16(0)
+    local clntconn, srvrconn
+
+    # setup a watchdog kill-switch
+    t = Timer(10) do t
+        @isdefined(clntconn) && close(clntconn)
+        @isdefined(srvrconn) && close(srvrconn)
+        close(trigger)
+        @test "test failed to complete within timeout"
+    end
+
+    (port, server) = listenany(8000)
+    @info("listening on port $port")
+
+    r = @async begin
+        try
+            srvrconn = sslaccept(server, certfile, keyfile)
+            close(server)
+        catch e
+        end
+        put!(trigger, true)
+        @isdefined(srvrconn) && close(srvrconn)
+    end
+    bind(trigger, r)
+
+    @info("connecting to port $port")
+    badsslconfig = MbedTLS.SSLConfig(true)
+    badsslconfig.chain = MbedTLS.crt_parse(read(badcafile, String))
+    try
+        clntconn = sslconnect("127.0.0.1", port, badsslconfig)
+    catch e
+        @test contains(e.msg, "Certificate verification failed")
+    end
+    if @isdefined(clntconn)
+        close(clntconn)
+        @test "No exception raised for certificate verification failure"
+    end
+    @test take!(trigger)
+    wait(r)
+
+    close(t)
+end
+
 @testset "testclntsrvr" begin
     testclntsrvr(
         joinpath(@__DIR__, "test.cert"),
         joinpath(@__DIR__, "test.key"))
 end
+
+@testset "testverify" begin
+    testverify(
+        joinpath(@__DIR__, "test.cert"),
+        joinpath(@__DIR__, "test.key"),
+        joinpath(@__DIR__, "badca.cert"))
+end