mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-24 10:20:59 +00:00
Move ssl_set_ca_chain() to work on config
This commit is contained in:
parent
ba26c24769
commit
bc2b771af4
|
@ -20,6 +20,8 @@ API Changes
|
||||||
mbedtls_gcm_init() -> mbedtls_gcm_setkey()
|
mbedtls_gcm_init() -> mbedtls_gcm_setkey()
|
||||||
mbedtls_hmac_drbg_init() -> mbedtls_hmac_drbg_init(_buf)()
|
mbedtls_hmac_drbg_init() -> mbedtls_hmac_drbg_init(_buf)()
|
||||||
mbedtls_ctr_drbg_init() -> mbedtls_ctr_drbg_init(_buf)()
|
mbedtls_ctr_drbg_init() -> mbedtls_ctr_drbg_init(_buf)()
|
||||||
|
* mbedtls_ssl_set_ca_chain() lost its last argument (peer_cn), now set
|
||||||
|
using mbedtls_ssl_set_hostname().
|
||||||
* Renamed mbedtls_pkcs11_priv_key_init() to ..._bind() and
|
* Renamed mbedtls_pkcs11_priv_key_init() to ..._bind() and
|
||||||
mbedtls_pkcs11_x509_cert_init() as well (handled by rename.pl and
|
mbedtls_pkcs11_x509_cert_init() as well (handled by rename.pl and
|
||||||
compat-1.3.h)
|
compat-1.3.h)
|
||||||
|
|
|
@ -1055,21 +1055,15 @@ struct mbedtls_ssl_context
|
||||||
/*
|
/*
|
||||||
* PKI layer
|
* PKI layer
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
|
||||||
const char *peer_cn; /*!< expected peer CN */
|
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
|
||||||
|
|
||||||
int client_auth; /*!< flag for client auth. */
|
int client_auth; /*!< flag for client auth. */
|
||||||
int verify_result; /*!< verification result */
|
int verify_result; /*!< verification result */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* User settings
|
* User settings
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
/*
|
char *hostname; /*!< expected peer CN for verification
|
||||||
* SNI extension
|
(and SNI if available) */
|
||||||
*/
|
|
||||||
char *hostname;
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ALPN)
|
#if defined(MBEDTLS_SSL_ALPN)
|
||||||
|
@ -1575,13 +1569,13 @@ void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_config *conf,
|
||||||
/**
|
/**
|
||||||
* \brief Set the data required to verify peer certificate
|
* \brief Set the data required to verify peer certificate
|
||||||
*
|
*
|
||||||
* \param ssl SSL context
|
* \param conf SSL configuration
|
||||||
* \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
|
* \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
|
||||||
* \param ca_crl trusted CA CRLs
|
* \param ca_crl trusted CA CRLs
|
||||||
* \param peer_cn expected peer CommonName (or NULL)
|
|
||||||
*/
|
*/
|
||||||
void mbedtls_ssl_set_ca_chain( mbedtls_ssl_context *ssl, mbedtls_x509_crt *ca_chain,
|
void mbedtls_ssl_set_ca_chain( mbedtls_ssl_config *conf,
|
||||||
mbedtls_x509_crl *ca_crl, const char *peer_cn );
|
mbedtls_x509_crt *ca_chain,
|
||||||
|
mbedtls_x509_crl *ca_crl );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Set own certificate chain and private key
|
* \brief Set own certificate chain and private key
|
||||||
|
@ -1695,7 +1689,7 @@ int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context
|
||||||
void mbedtls_ssl_set_curves( mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves );
|
void mbedtls_ssl_set_curves( mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves );
|
||||||
#endif /* MBEDTLS_SSL_SET_CURVES */
|
#endif /* MBEDTLS_SSL_SET_CURVES */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
/**
|
/**
|
||||||
* \brief Set hostname for ServerName TLS extension
|
* \brief Set hostname for ServerName TLS extension
|
||||||
* (client-side only)
|
* (client-side only)
|
||||||
|
@ -1707,7 +1701,9 @@ void mbedtls_ssl_set_curves( mbedtls_ssl_config *conf, const mbedtls_ecp_group_i
|
||||||
* \return 0 if successful or MBEDTLS_ERR_SSL_MALLOC_FAILED
|
* \return 0 if successful or MBEDTLS_ERR_SSL_MALLOC_FAILED
|
||||||
*/
|
*/
|
||||||
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
|
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
|
||||||
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||||
/**
|
/**
|
||||||
* \brief Set server side ServerName TLS extension callback
|
* \brief Set server side ServerName TLS extension callback
|
||||||
* (optional, server-side only).
|
* (optional, server-side only).
|
||||||
|
|
|
@ -4030,7 +4030,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
||||||
* Main check: verify certificate
|
* Main check: verify certificate
|
||||||
*/
|
*/
|
||||||
ret = mbedtls_x509_crt_verify( ssl->session_negotiate->peer_cert,
|
ret = mbedtls_x509_crt_verify( ssl->session_negotiate->peer_cert,
|
||||||
ssl->conf->ca_chain, ssl->conf->ca_crl, ssl->peer_cn,
|
ssl->conf->ca_chain, ssl->conf->ca_crl, ssl->hostname,
|
||||||
&ssl->session_negotiate->verify_result,
|
&ssl->session_negotiate->verify_result,
|
||||||
ssl->conf->f_vrfy, ssl->conf->p_vrfy );
|
ssl->conf->f_vrfy, ssl->conf->p_vrfy );
|
||||||
|
|
||||||
|
@ -5345,12 +5345,12 @@ static mbedtls_ssl_key_cert *ssl_add_key_cert( mbedtls_ssl_context *ssl )
|
||||||
return( key_cert );
|
return( key_cert );
|
||||||
}
|
}
|
||||||
|
|
||||||
void mbedtls_ssl_set_ca_chain( mbedtls_ssl_context *ssl, mbedtls_x509_crt *ca_chain,
|
void mbedtls_ssl_set_ca_chain( mbedtls_ssl_config *conf,
|
||||||
mbedtls_x509_crl *ca_crl, const char *peer_cn )
|
mbedtls_x509_crt *ca_chain,
|
||||||
|
mbedtls_x509_crl *ca_crl )
|
||||||
{
|
{
|
||||||
ssl->conf->ca_chain = ca_chain;
|
conf->ca_chain = ca_chain;
|
||||||
ssl->conf->ca_crl = ca_crl;
|
conf->ca_crl = ca_crl;
|
||||||
ssl->peer_cn = peer_cn;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int mbedtls_ssl_set_own_cert( mbedtls_ssl_context *ssl, mbedtls_x509_crt *own_cert,
|
int mbedtls_ssl_set_own_cert( mbedtls_ssl_context *ssl, mbedtls_x509_crt *own_cert,
|
||||||
|
@ -5450,7 +5450,7 @@ void mbedtls_ssl_set_curves( mbedtls_ssl_config *conf,
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
|
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
|
||||||
{
|
{
|
||||||
size_t hostname_len;
|
size_t hostname_len;
|
||||||
|
@ -5474,7 +5474,9 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||||
void mbedtls_ssl_set_sni( mbedtls_ssl_config *conf,
|
void mbedtls_ssl_set_sni( mbedtls_ssl_config *conf,
|
||||||
int (*f_sni)(void *, mbedtls_ssl_context *,
|
int (*f_sni)(void *, mbedtls_ssl_context *,
|
||||||
const unsigned char *, size_t),
|
const unsigned char *, size_t),
|
||||||
|
|
|
@ -176,13 +176,16 @@ int main( int argc, char *argv[] )
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_printf( " ok\n" );
|
|
||||||
|
|
||||||
/* OPTIONAL is usually a bad choice for security, but makes interop easier
|
/* OPTIONAL is usually a bad choice for security, but makes interop easier
|
||||||
* in this simplified example, in which the ca chain is hardcoded.
|
* in this simplified example, in which the ca chain is hardcoded.
|
||||||
* Production code should set a proper ca chain and use REQUIRED. */
|
* Production code should set a proper ca chain and use REQUIRED. */
|
||||||
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
||||||
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, SERVER_NAME );
|
mbedtls_ssl_set_ca_chain( &conf, &cacert, NULL );
|
||||||
|
if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||||
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
|
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
|
||||||
|
@ -191,6 +194,8 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout,
|
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout,
|
||||||
READ_TIMEOUT_MS );
|
READ_TIMEOUT_MS );
|
||||||
|
|
||||||
|
mbedtls_printf( " ok\n" );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 4. Handshake
|
* 4. Handshake
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -215,7 +215,7 @@ int main( void )
|
||||||
mbedtls_ssl_cache_set, &cache );
|
mbedtls_ssl_cache_set, &cache );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
|
mbedtls_ssl_set_ca_chain( &conf, srvcert.next, NULL );
|
||||||
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
|
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
|
||||||
{
|
{
|
||||||
printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
||||||
|
|
|
@ -149,6 +149,7 @@ enum exit_codes
|
||||||
ctr_drbg_seed_failed,
|
ctr_drbg_seed_failed,
|
||||||
ssl_config_default_failed,
|
ssl_config_default_failed,
|
||||||
ssl_setup_failed,
|
ssl_setup_failed,
|
||||||
|
hostname_failed,
|
||||||
socket_failed,
|
socket_failed,
|
||||||
connect_failed,
|
connect_failed,
|
||||||
x509_crt_parse_failed,
|
x509_crt_parse_failed,
|
||||||
|
@ -216,7 +217,12 @@ int main( void )
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_ssl_set_ca_chain( &ssl, &ca, NULL, HOSTNAME );
|
mbedtls_ssl_set_ca_chain( &conf, &ca, NULL );
|
||||||
|
if( mbedtls_ssl_set_hostname( &ssl, HOSTNAME ) != 0 )
|
||||||
|
{
|
||||||
|
ret = hostname_failed;
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
|
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -169,7 +169,12 @@ int main( void )
|
||||||
/* OPTIONAL is not optimal for security,
|
/* OPTIONAL is not optimal for security,
|
||||||
* but makes interop easier in this simplified example */
|
* but makes interop easier in this simplified example */
|
||||||
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
||||||
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, "mbed TLS Server 1" );
|
mbedtls_ssl_set_ca_chain( &conf, &cacert, NULL );
|
||||||
|
if( ( ret = mbedtls_ssl_set_hostname( &ssl, "mbed TLS Server 1" ) ) != 0 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||||
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
|
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
|
||||||
|
|
|
@ -1154,7 +1154,7 @@ int main( int argc, char *argv[] )
|
||||||
if( strcmp( opt.ca_path, "none" ) != 0 &&
|
if( strcmp( opt.ca_path, "none" ) != 0 &&
|
||||||
strcmp( opt.ca_file, "none" ) != 0 )
|
strcmp( opt.ca_file, "none" ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
|
mbedtls_ssl_set_ca_chain( &conf, &cacert, NULL );
|
||||||
}
|
}
|
||||||
if( strcmp( opt.crt_file, "none" ) != 0 &&
|
if( strcmp( opt.crt_file, "none" ) != 0 &&
|
||||||
strcmp( opt.key_file, "none" ) != 0 )
|
strcmp( opt.key_file, "none" ) != 0 )
|
||||||
|
@ -1165,6 +1165,11 @@ int main( int argc, char *argv[] )
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||||
|
@ -1177,14 +1182,6 @@ int main( int argc, char *argv[] )
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
|
||||||
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
|
|
||||||
{
|
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if( opt.min_version != DFL_MIN_VERSION )
|
if( opt.min_version != DFL_MIN_VERSION )
|
||||||
{
|
{
|
||||||
ret = mbedtls_ssl_set_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
|
ret = mbedtls_ssl_set_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
|
||||||
|
|
|
@ -269,7 +269,7 @@ int main( void )
|
||||||
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
|
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
|
||||||
mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
|
mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
|
||||||
|
|
||||||
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
|
mbedtls_ssl_set_ca_chain( &conf, srvcert.next, NULL );
|
||||||
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
|
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
||||||
|
|
|
@ -611,7 +611,12 @@ int main( int argc, char *argv[] )
|
||||||
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||||
mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
|
mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
|
||||||
|
|
||||||
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
|
mbedtls_ssl_set_ca_chain( &conf, &cacert, NULL );
|
||||||
|
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
|
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
||||||
|
|
|
@ -188,7 +188,7 @@ static void *handle_ssl_connection( void *data )
|
||||||
mbedtls_ssl_cache_set, thread_info->cache );
|
mbedtls_ssl_cache_set, thread_info->cache );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
mbedtls_ssl_set_ca_chain( &ssl, thread_info->ca_chain, NULL, NULL );
|
mbedtls_ssl_set_ca_chain( &conf, thread_info->ca_chain, NULL );
|
||||||
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, thread_info->server_cert, thread_info->server_key ) ) != 0 )
|
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, thread_info->server_cert, thread_info->server_key ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
||||||
|
|
|
@ -214,7 +214,7 @@ int main( void )
|
||||||
mbedtls_ssl_cache_set, &cache );
|
mbedtls_ssl_cache_set, &cache );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
|
mbedtls_ssl_set_ca_chain( &conf, srvcert.next, NULL );
|
||||||
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
|
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
mbedtls_printf( " failed\n ! mbedtls_ssl_set_own_cert returned %d\n\n", ret );
|
||||||
|
|
|
@ -1682,7 +1682,7 @@ int main( int argc, char *argv[] )
|
||||||
if( strcmp( opt.ca_path, "none" ) != 0 &&
|
if( strcmp( opt.ca_path, "none" ) != 0 &&
|
||||||
strcmp( opt.ca_file, "none" ) != 0 )
|
strcmp( opt.ca_file, "none" ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
|
mbedtls_ssl_set_ca_chain( &conf, &cacert, NULL );
|
||||||
}
|
}
|
||||||
if( key_cert_init )
|
if( key_cert_init )
|
||||||
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
|
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
|
||||||
|
|
|
@ -413,7 +413,7 @@ int main( int argc, char *argv[] )
|
||||||
if( verify )
|
if( verify )
|
||||||
{
|
{
|
||||||
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
|
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
|
||||||
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
|
mbedtls_ssl_set_ca_chain( &conf, &cacert, NULL );
|
||||||
mbedtls_ssl_set_verify( &conf, my_verify, NULL );
|
mbedtls_ssl_set_verify( &conf, my_verify, NULL );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
@ -429,13 +429,11 @@ int main( int argc, char *argv[] )
|
||||||
goto ssl_exit;
|
goto ssl_exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
|
||||||
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
|
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
|
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
|
||||||
goto ssl_exit;
|
goto ssl_exit;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 4. Handshake
|
* 4. Handshake
|
||||||
|
|
Loading…
Reference in a new issue