diff --git a/ChangeLog b/ChangeLog index b0354d5c4..948e4aa6a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,7 +6,9 @@ Features * Support for DTLS 1.0 and 1.2 (RFC 6347). API Changes - * Test certificates in cert.s are no longer guaranteed to be nul-terminated + * test_ca_list (from certs.h) is renamed to test_cas_pem and is only + available if POLARSSL_PEM_PARSE_C is defined (it never worked without). + * Test certificates in certs.c are no longer guaranteed to be nul-terminated strings; use the new *_len variables instead of strlen(). * md_init_ctx() is deprecated in favour of md_setup(), that adds a third argument (allowing memory savings if HMAC is not used) diff --git a/include/mbedtls/certs.h b/include/mbedtls/certs.h index d3c92a07d..62db0ce1c 100644 --- a/include/mbedtls/certs.h +++ b/include/mbedtls/certs.h @@ -30,9 +30,11 @@ extern "C" { #endif +#if defined(POLARSSL_PEM_PARSE_C) /* Concatenation of all CA certificates in PEM format if available */ -extern const char test_ca_list[]; -extern const size_t test_ca_list_len; +extern const char test_cas_pem[]; +extern const size_t test_cas_pem_len; +#endif /* List of all CA certificates, terminated by NULL */ extern const char * test_cas[]; diff --git a/library/certs.c b/library/certs.c index 8da552f39..1cfbd92ef 100644 --- a/library/certs.c +++ b/library/certs.c @@ -301,9 +301,11 @@ const char test_dhm_params[] = const size_t test_dhm_params_len = sizeof( test_dhm_params ); #endif +#if defined(POLARSSL_PEM_PARSE_C) /* Concatenation of all available CA certificates */ -const char test_ca_list[] = TEST_CA_CRT_RSA TEST_CA_CRT_EC; -const size_t test_ca_list_len = sizeof( test_ca_list ); +const char test_cas_pem[] = TEST_CA_CRT_RSA TEST_CA_CRT_EC; +const size_t test_cas_pem_len = sizeof( test_cas_pem ); +#endif /* List of all available CA certificates */ const char * test_cas[] = { diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 44d2175dc..09cb904cb 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -129,8 +129,8 @@ int main( int argc, char *argv[] ) fflush( stdout ); #if defined(POLARSSL_CERTS_C) - ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list, - test_ca_list_len ); + ret = x509_crt_parse( &cacert, (const unsigned char *) test_cas_pem, + test_cas_pem_len ); #else ret = 1; polarssl_printf("POLARSSL_CERTS_C not defined."); diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 31216c603..d641cb048 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -135,8 +135,8 @@ int main( void ) goto exit; } - ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list, - test_ca_list_len ); + ret = x509_crt_parse( &srvcert, (const unsigned char *) test_cas_pem, + test_cas_pem_len ); if( ret != 0 ) { printf( " failed\n ! x509_crt_parse returned %d\n\n", ret ); diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 184f2bd98..0dc16e623 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -120,8 +120,8 @@ int main( void ) fflush( stdout ); #if defined(POLARSSL_CERTS_C) - ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list, - test_ca_list_len ); + ret = x509_crt_parse( &cacert, (const unsigned char *) test_cas_pem, + test_cas_pem_len ); #else ret = 1; polarssl_printf("POLARSSL_CERTS_C not defined."); diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 87379e56e..f9bef95e8 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -161,8 +161,8 @@ int main( void ) goto exit; } - ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list, - test_ca_list_len ); + ret = x509_crt_parse( &srvcert, (const unsigned char *) test_cas_pem, + test_cas_pem_len ); if( ret != 0 ) { polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret ); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index eaaaa2c32..a196ad1fc 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -507,8 +507,8 @@ int main( int argc, char *argv[] ) else #endif #if defined(POLARSSL_CERTS_C) - ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list, - test_ca_list_len ); + ret = x509_crt_parse( &cacert, (const unsigned char *) test_cas_pem, + test_cas_pem_len ); #else { ret = 1; diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 6a0ce3508..e800197e9 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -424,8 +424,8 @@ int main( void ) goto exit; } - ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list, - test_ca_list_len ); + ret = x509_crt_parse( &srvcert, (const unsigned char *) test_cas_pem, + test_cas_pem_len ); if( ret != 0 ) { polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret ); diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 64f6c4e72..db8c9559f 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -139,8 +139,8 @@ int main( void ) goto exit; } - ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list, - test_ca_list_len ); + ret = x509_crt_parse( &srvcert, (const unsigned char *) test_cas_pem, + test_cas_pem_len ); if( ret != 0 ) { polarssl_printf( " failed\n ! x509_crt_parse returned %d\n\n", ret );