Add guards for MBEDTLS_X509_CRL_PARSE_C in sample

Add checks in `ssl_server2` that `MBEDTLS_X509_CRL_PARSE_C` is defined to fix compilation issue. Fixes #560.
2024-10-19 04:31:18 +00:00 · 2019-04-04 15:02:01 +03:00 · 2019-04-04 15:02:01 +03:00 · 80d0419189
parent 57773d4ede
commit 80d0419189
2 changed files with 19 additions and 4 deletions
--- a/2
+++ b/2
@ -83,6 +83,8 @@ Bugfix
     extensions in CSRs and CRTs that caused these bitstrings to not be encoded
     correctly as trailing zeroes were not accounted for as unused bits in the
     leading content octet. Fixes #1610.
+   * Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl
+     sni entry parameter. Reported by inestlerode in #560.

 Changes
   * Reduce RAM consumption during session renegotiation by not storing
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -282,8 +282,14 @@ int main( void )
 #endif /* MBEDTLS_SSL_CACHE_C */

 #if defined(SNI_OPTION)
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+#define SNI_CRL              ",crl"
+#else
+#define SNI_CRL              ""
+#endif
+
 #define USAGE_SNI                                                           \
-    "    sni=%%s              name1,cert1,key1,ca1,crl1,auth1[,...]\n"  \
+    "    sni=%%s              name1,cert1,key1,ca1"SNI_CRL",auth1[,...]\n"  \
    "                        default: disabled\n"
 #else
 #define USAGE_SNI ""
@ -654,10 +660,10 @@ void sni_free( sni_entry *head )

        mbedtls_x509_crt_free( cur->ca );
        mbedtls_free( cur->ca );
-
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
        mbedtls_x509_crl_free( cur->crl );
        mbedtls_free( cur->crl );
-
+#endif
        next = cur->next;
        mbedtls_free( cur );
        cur = next;
@ -676,7 +682,10 @@ sni_entry *sni_parse( char *sni_string )
    sni_entry *cur = NULL, *new = NULL;
    char *p = sni_string;
    char *end = p;
-    char *crt_file, *key_file, *ca_file, *crl_file, *auth_str;
+    char *crt_file, *key_file, *ca_file, *auth_str;
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+    char *crl_file;
+#endif

    while( *end != '\0' )
        ++end;
@ -694,7 +703,9 @@ sni_entry *sni_parse( char *sni_string )
        GET_ITEM( crt_file );
        GET_ITEM( key_file );
        GET_ITEM( ca_file );
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
        GET_ITEM( crl_file );
+#endif
        GET_ITEM( auth_str );

        if( ( new->cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL ||
@ -719,6 +730,7 @@ sni_entry *sni_parse( char *sni_string )
                goto error;
        }

+#if defined(MBEDTLS_X509_CRL_PARSE_C)
        if( strcmp( crl_file, "-" ) != 0 )
        {
            if( ( new->crl = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ) ) == NULL )
@ -729,6 +741,7 @@ sni_entry *sni_parse( char *sni_string )
            if( mbedtls_x509_crl_parse_file( new->crl, crl_file ) != 0 )
                goto error;
        }
+#endif

        if( strcmp( auth_str, "-" ) != 0 )
        {