yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-18 12:21:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix order of ssl_conf vs ssl_setup in programs

Browse source 
Except ssl_phtread_server that will be done later
This commit is contained in:
Manuel Pégourié-Gonnard 2015-05-11 11:25:46 +02:00
parent 9a1a4d6903
commit 06939cebef
13 changed files with 124 additions and 103 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog
View file

@ -16,12 +16,14 @@ API Changes
* Headers are now found in the 'mbedtls' directory (previously 'polarssl'). * Headers are now found in the 'mbedtls' directory (previously 'polarssl').
* The following _init() functions that could return errors have * The following _init() functions that could return errors have
been split into an _init() that returns void and another function that been split into an _init() that returns void and another function that
should generally called shortly after init and can return errors: should generally be the first function called on this context after init:
mbedtls_ssl_init() -> mbedtls_ssl_setup() mbedtls_ssl_init() -> mbedtls_ssl_setup()
mbedtls_ccm_init() -> mbedtls_ccm_setkey() mbedtls_ccm_init() -> mbedtls_ccm_setkey()
mbedtls_gcm_init() -> mbedtls_gcm_setkey() mbedtls_gcm_init() -> mbedtls_gcm_setkey()
mbedtls_hmac_drbg_init() -> mbedtls_hmac_drbg_seed(_buf)() mbedtls_hmac_drbg_init() -> mbedtls_hmac_drbg_seed(_buf)()
mbedtls_ctr_drbg_init() -> mbedtls_ctr_drbg_seed() mbedtls_ctr_drbg_init() -> mbedtls_ctr_drbg_seed()
Note that for mbetls_ssl_setup(), you need to be done setting up the
ssl_config structure before calling it.
* Most ssl_set_xxx() functions (all except ssl_set_hostname(), * Most ssl_set_xxx() functions (all except ssl_set_hostname(),
ssl_set_session() and ssl_set_client_transport_id(), plus ssl_set_session() and ssl_set_client_transport_id(), plus
ssl_legacy_renegotiation()) have been renamed to mbedtls_ssl_conf_xxx() ssl_legacy_renegotiation()) have been renamed to mbedtls_ssl_conf_xxx()

6
include/mbedtls/ssl.h
View file

@ -1152,6 +1152,12 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
/** /**
* \brief Set up an SSL context for use * \brief Set up an SSL context for use
* *
* \note No copy of the configuration context is made, it can be
* shared by many ssl_context structures.
*
* \warning Modifying the conf structure after is has been used in this
* function is unsupported!
*
* \param ssl SSL context * \param ssl SSL context
* \param conf SSL configuration to use * \param conf SSL configuration to use
* *

18
library/ssl_tls.c
View file

@ -4915,18 +4915,16 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl )
ssl_transform_init( ssl->transform_negotiate ); ssl_transform_init( ssl->transform_negotiate );
ssl_handshake_params_init( ssl->handshake ); ssl_handshake_params_init( ssl->handshake );
/*
* We may not know yet if we're using DTLS,
* so always initiliase DTLS-specific fields.
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
ssl->handshake->alt_transform_out = ssl->transform_out; if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
ssl->handshake->alt_transform_out = ssl->transform_out;
// TODO: not the right place, we may not know endpoint yet if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING;
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_PREPARING; else
else ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING;
ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_WAITING; }
#endif #endif
return( 0 ); return( 0 );

16
programs/ssl/dtls_client.c
View file

@ -170,26 +170,26 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
/* OPTIONAL is usually a bad choice for security, but makes interop easier
* in this simplified example, in which the ca chain is hardcoded.
* Production code should set a proper ca chain and use REQUIRED. */
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
goto exit; goto exit;
} }
/* OPTIONAL is usually a bad choice for security, but makes interop easier
* in this simplified example, in which the ca chain is hardcoded.
* Production code should set a proper ca chain and use REQUIRED. */
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 ) if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
goto exit; goto exit;
} }
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_ssl_set_bio( &ssl, &server_fd,
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout ); mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );

12
programs/ssl/dtls_server.c
View file

@ -200,12 +200,6 @@ int main( void )
goto exit; goto exit;
} }
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
goto exit;
}
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
@ -232,6 +226,12 @@ int main( void )
mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
&cookie_ctx ); &cookie_ctx );
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
goto exit;
}
printf( " ok\n" ); printf( " ok\n" );
reset: reset:

17
programs/ssl/mini_client.c
View file

@ -197,12 +197,6 @@ int main( void )
goto exit; goto exit;
} }
if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
{
ret = ssl_setup_failed;
goto exit;
}
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
@ -218,13 +212,20 @@ int main( void )
} }
mbedtls_ssl_conf_ca_chain( &conf, &ca, NULL ); mbedtls_ssl_conf_ca_chain( &conf, &ca, NULL );
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
#endif
if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
{
ret = ssl_setup_failed;
goto exit;
}
if( mbedtls_ssl_set_hostname( &ssl, HOSTNAME ) != 0 ) if( mbedtls_ssl_set_hostname( &ssl, HOSTNAME ) != 0 )
{ {
ret = hostname_failed; ret = hostname_failed;
goto exit; goto exit;
} }
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
#endif
/* /*
* 1. Start the connection * 1. Start the connection

17
programs/ssl/ssl_client1.c
View file

@ -158,26 +158,27 @@ int main( void )
goto exit; goto exit;
} }
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
/* OPTIONAL is not optimal for security, /* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */ * but makes interop easier in this simplified example */
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL ); mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
goto exit;
}
if( ( ret = mbedtls_ssl_set_hostname( &ssl, "mbed TLS Server 1" ) ) != 0 ) if( ( ret = mbedtls_ssl_set_hostname( &ssl, "mbed TLS Server 1" ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
goto exit; goto exit;
} }
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL ); mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
/* /*

41
programs/ssl/ssl_client2.c
View file

@ -1057,12 +1057,6 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret );
goto exit;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
if( opt.debug_level > 0 ) if( opt.debug_level > 0 )
mbedtls_ssl_conf_verify( &conf, my_verify, NULL ); mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
@ -1118,16 +1112,6 @@ int main( int argc, char *argv[] )
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
if( opt.nbio == 2 )
mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL );
else
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv,
#if defined(MBEDTLS_HAVE_TIME)
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL
#else
NULL
#endif
);
mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout ); mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
@ -1193,6 +1177,31 @@ int main( int argc, char *argv[] )
mbedtls_ssl_conf_fallback( &conf, opt.fallback ); mbedtls_ssl_conf_fallback( &conf, opt.fallback );
#endif #endif
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret );
goto exit;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
goto exit;
}
#endif
if( opt.nbio == 2 )
mbedtls_ssl_set_bio( &ssl, &server_fd, my_send, my_recv, NULL );
else
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv,
#if defined(MBEDTLS_HAVE_TIME)
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL
#else
NULL
#endif
);
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
/* /*

15
programs/ssl/ssl_fork_server.c
View file

@ -257,17 +257,10 @@ int main( void )
goto exit; goto exit;
} }
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
@ -276,6 +269,14 @@ int main( void )
goto exit; goto exit;
} }
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
goto exit;
}
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
/* /*
* 5. Handshake * 5. Handshake
*/ */

21
programs/ssl/ssl_mail_client.c
View file

@ -592,21 +592,12 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/* OPTIONAL is not optimal for security, /* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */ * but makes interop easier in this simplified example */
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL ); mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite ); mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite );
@ -623,7 +614,13 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
goto exit;
}
#if defined(MBEDTLS_x509_CRT_PARSE_C)
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
@ -631,6 +628,10 @@ int main( int argc, char *argv[] )
} }
#endif #endif
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
mbedtls_printf( " ok\n" );
if( opt.mode == MODE_SSL_TLS ) if( opt.mode == MODE_SSL_TLS )
{ {
if( do_handshake( &ssl ) != 0 ) if( do_handshake( &ssl ) != 0 )

12
programs/ssl/ssl_server.c
View file

@ -199,12 +199,6 @@ int main( void )
goto exit; goto exit;
} }
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
goto exit;
}
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
@ -221,6 +215,12 @@ int main( void )
goto exit; goto exit;
} }
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
reset: reset:

33
programs/ssl/ssl_server2.c
View file

@ -1527,12 +1527,6 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret );
goto exit;
}
if( opt.auth_mode != DFL_AUTH_MODE ) if( opt.auth_mode != DFL_AUTH_MODE )
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode ); mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
@ -1740,6 +1734,23 @@ int main( int argc, char *argv[] )
if( opt.max_version != DFL_MIN_VERSION ) if( opt.max_version != DFL_MIN_VERSION )
mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version ); mbedtls_ssl_conf_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", -ret );
goto exit;
}
if( opt.nbio == 2 )
mbedtls_ssl_set_bio( &ssl, &client_fd, my_send, my_recv, NULL );
else
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv,
#if defined(MBEDTLS_HAVE_TIME)
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL
#else
NULL
#endif
);
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
reset: reset:
@ -1799,16 +1810,6 @@ reset:
goto exit; goto exit;
} }
if( opt.nbio == 2 )
mbedtls_ssl_set_bio( &ssl, &client_fd, my_send, my_recv, NULL );
else
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv,
#if defined(MBEDTLS_HAVE_TIME)
opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL
#else
NULL
#endif
);
mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout ); mbedtls_ssl_conf_read_timeout( &conf, opt.read_timeout );
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)

15
programs/x509/cert_app.c
View file

@ -404,12 +404,6 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
goto ssl_exit;
}
if( verify ) if( verify )
{ {
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED ); mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
@ -421,7 +415,6 @@ int main( int argc, char *argv[] )
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 ) if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 )
{ {
@ -429,12 +422,20 @@ int main( int argc, char *argv[] )
goto ssl_exit; goto ssl_exit;
} }
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );
goto ssl_exit;
}
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 ) if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
goto ssl_exit; goto ssl_exit;
} }
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
/* /*
* 4. Handshake * 4. Handshake
*/ */