Add the CA list suppression option to ssl_server2

Adding the CA suppression list option to the 'ssl_server2' sample program is a prerequisite for adding tests for this feature to the integration test suite (ssl-opt.sh).
2025-11-04 12:35:07 +00:00 · 2017-04-10 13:44:33 +01:00 · 2017-04-10 13:44:33 +01:00 · 4817e27d4d
parent 088ce43ffe
commit 4817e27d4d
1 changed files with 14 additions and 0 deletions
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -124,6 +124,7 @@ int main( void )
 #define DFL_MAX_VERSION         -1
 #define DFL_ARC4                -1
 #define DFL_AUTH_MODE           -1
+#define DFL_CERT_REQ_CA_LIST    MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED
 #define DFL_MFL_CODE            MBEDTLS_SSL_MAX_FRAG_LEN_NONE
 #define DFL_TRUNC_HMAC          -1
 #define DFL_TICKETS             MBEDTLS_SSL_SESSION_TICKETS_ENABLED
@ -326,6 +327,8 @@ int main( void )
    "\n"                                                    \
    "    auth_mode=%%s        default: (library default: none)\n"      \
    "                        options: none, optional, required\n" \
+    "    cert_req_ca_list=%%d default: 1 (send ca list)\n"  \
+    "                        options: 1 (send ca list), 0 (don't send)\n" \
    USAGE_IO                                                \
    USAGE_SNI                                               \
    "\n"                                                    \
@ -401,6 +404,7 @@ struct options
    int max_version;            /* maximum protocol version accepted        */
    int arc4;                   /* flag for arc4 suites support             */
    int auth_mode;              /* verify mode for connection               */
+    int cert_req_ca_list;       /* should we send the CA list?              */
    unsigned char mfl_code;     /* code for maximum fragment length         */
    int trunc_hmac;             /* accept truncated hmac?                   */
    int tickets;                /* enable / disable session tickets         */
@ -944,6 +948,7 @@ int main( int argc, char *argv[] )
    opt.max_version         = DFL_MAX_VERSION;
    opt.arc4                = DFL_ARC4;
    opt.auth_mode           = DFL_AUTH_MODE;
+    opt.cert_req_ca_list    = DFL_CERT_REQ_CA_LIST;
    opt.mfl_code            = DFL_MFL_CODE;
    opt.trunc_hmac          = DFL_TRUNC_HMAC;
    opt.tickets             = DFL_TICKETS;
@ -1155,6 +1160,12 @@ int main( int argc, char *argv[] )
            if( ( opt.auth_mode = get_auth_mode( q ) ) < 0 )
                goto usage;
        }
+        else if( strcmp( p, "cert_req_ca_list" ) == 0 )
+        {
+            opt.cert_req_ca_list = atoi( q );
+            if( opt.cert_req_ca_list < 0 || opt.cert_req_ca_list > 1 )
+                goto usage;
+        }
        else if( strcmp( p, "max_frag_len" ) == 0 )
        {
            if( strcmp( q, "512" ) == 0 )
@ -1634,6 +1645,9 @@ int main( int argc, char *argv[] )
    if( opt.auth_mode != DFL_AUTH_MODE )
        mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );

+    if( opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST )
+        mbedtls_ssl_conf_cert_req_ca_list( &conf, opt.cert_req_ca_list );
+
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
    if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
        mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );