mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-07-07 12:40:39 +00:00
Add compile-time guard MBEDTLS_SSL_PREVERIFY_CB for pre-verify callback
This commit is contained in:
parent
536a22a409
commit
ca89d7f6d8
|
@ -600,6 +600,11 @@
|
|||
#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PREVERIFY_CB) && \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#error "MBEDTLS_SSL_PREVERIFY_CB defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_THREADING_PTHREAD)
|
||||
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
|
||||
#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
|
||||
|
|
|
@ -1436,6 +1436,15 @@
|
|||
*/
|
||||
//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_PREVERIFY_CB
|
||||
*
|
||||
* Enable support for a pre-verification callback for received certificates.
|
||||
*
|
||||
* Uncomment this to enable support for the preverification callback
|
||||
*/
|
||||
//#define MBEDTLS_SSL_PREVERIFY_CB
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_THREADING_ALT
|
||||
*
|
||||
|
|
|
@ -627,7 +627,9 @@ struct mbedtls_ssl_config
|
|||
/** Callback to customize X.509 certificate chain verification */
|
||||
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
|
||||
void *p_vrfy; /*!< context for X.509 verify calllback */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
|
||||
/** Callback to receive notification before X.509 chain building */
|
||||
void (*f_pre_vrfy)(void *, mbedtls_x509_crt *);
|
||||
void *p_pre_vrfy; /*!< context for pre-verify calllback */
|
||||
|
@ -1080,7 +1082,9 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
|
|||
void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
|
||||
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
|
||||
void *p_vrfy );
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
|
||||
/**
|
||||
* \brief Set the pre-verification callback (Optional).
|
||||
*
|
||||
|
@ -1095,7 +1099,7 @@ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
|
|||
void mbedtls_ssl_conf_pre_verify(mbedtls_ssl_config *conf,
|
||||
void(*f_pre_vrfy)(void *, mbedtls_x509_crt *),
|
||||
void *p_pre_vrfy);
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#endif /* MBEDTLS_SSL_PREVERIFY_CB */
|
||||
|
||||
/**
|
||||
* \brief Set the random number generator callback
|
||||
|
|
|
@ -4628,11 +4628,13 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
|||
/*
|
||||
* Main check: verify certificate
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
|
||||
if( ssl->conf->f_pre_vrfy != NULL )
|
||||
{
|
||||
ssl->conf->f_pre_vrfy( ssl->conf->p_pre_vrfy,
|
||||
ssl->session_negotiate->peer_cert );
|
||||
}
|
||||
#endif
|
||||
ret = mbedtls_x509_crt_verify_with_profile(
|
||||
ssl->session_negotiate->peer_cert,
|
||||
ca_chain, ca_crl,
|
||||
|
@ -5882,7 +5884,9 @@ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
|
|||
conf->f_vrfy = f_vrfy;
|
||||
conf->p_vrfy = p_vrfy;
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
|
||||
void mbedtls_ssl_conf_pre_verify(mbedtls_ssl_config *conf,
|
||||
void(*f_pre_vrfy)(void *, mbedtls_x509_crt *),
|
||||
void *p_pre_vrfy)
|
||||
|
@ -5890,7 +5894,7 @@ void mbedtls_ssl_conf_pre_verify(mbedtls_ssl_config *conf,
|
|||
conf->f_pre_vrfy = f_pre_vrfy;
|
||||
conf->p_pre_vrfy = p_pre_vrfy;
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#endif /* MBEDTLS_SSL_PREVERIFY_CB */
|
||||
|
||||
void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
|
|
Loading…
Reference in a new issue