Move easy ssl_set_xxx() functions to work on conf
mbedtls_ssl_set_alpn_protocols mbedtls_ssl_set_arc4_support mbedtls_ssl_set_authmode mbedtls_ssl_set_ciphersuites mbedtls_ssl_set_ciphersuites_for_version mbedtls_ssl_set_curves mbedtls_ssl_set_dbg mbedtls_ssl_set_dh_param mbedtls_ssl_set_dh_param_ctx mbedtls_ssl_set_dtls_anti_replay mbedtls_ssl_set_dtls_badmac_limit mbedtls_ssl_set_dtls_cookies mbedtls_ssl_set_encrypt_then_mac mbedtls_ssl_set_endpoint mbedtls_ssl_set_extended_master_secret mbedtls_ssl_set_handshake_timeout mbedtls_ssl_legacy_renegotiation mbedtls_ssl_set_max_version mbedtls_ssl_set_min_version mbedtls_ssl_set_psk_cb mbedtls_ssl_set_renegotiation mbedtls_ssl_set_renegotiation_enforced mbedtls_ssl_set_renegotiation_period mbedtls_ssl_set_session_cache mbedtls_ssl_set_session_ticket_lifetime mbedtls_ssl_set_sni mbedtls_ssl_set_transport mbedtls_ssl_set_truncated_hmac mbedtls_ssl_set_verify
This commit is contained in:
Manuel Pégourié-Gonnard
parent
419d5ae419
commit
d36e33fc07
@ -1187,19 +1187,19 @@ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
|
||||
/**
|
||||
* \brief Set the current endpoint type
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
|
||||
*
|
||||
* \note This function should be called right after mbedtls_ssl_init() since
|
||||
* some other ssl_set_foo() functions depend on it.
|
||||
*/
|
||||
void mbedtls_ssl_set_endpoint( mbedtls_ssl_context *ssl, int endpoint );
|
||||
void mbedtls_ssl_set_endpoint( mbedtls_ssl_config *conf, int endpoint );
|
||||
|
||||
/**
|
||||
* \brief Set the transport type (TLS or DTLS).
|
||||
* Default: TLS
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param transport transport type:
|
||||
* MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
|
||||
* MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
|
||||
@ -1212,12 +1212,13 @@ void mbedtls_ssl_set_endpoint( mbedtls_ssl_context *ssl, int endpoint );
|
||||
* doesn't block, or one that handles timeouts, see
|
||||
* mbedtls_ssl_set_bio_timeout()
|
||||
*/
|
||||
int mbedtls_ssl_set_transport( mbedtls_ssl_context *ssl, int transport );
|
||||
int mbedtls_ssl_set_transport( mbedtls_ssl_config *conf, int transport );
|
||||
|
||||
/**
|
||||
* \brief Set the certificate verification mode
|
||||
* Default: NONE on server, REQUIRED on client
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param authmode can be:
|
||||
*
|
||||
* MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked
|
||||
@ -1238,7 +1239,7 @@ int mbedtls_ssl_set_transport( mbedtls_ssl_context *ssl, int transport );
|
||||
* the verification as soon as possible. For example, REQUIRED was protecting
|
||||
* against the "triple handshake" attack even before it was found.
|
||||
*/
|
||||
void mbedtls_ssl_set_authmode( mbedtls_ssl_context *ssl, int authmode );
|
||||
void mbedtls_ssl_set_authmode( mbedtls_ssl_config *conf, int authmode );
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/**
|
||||
@ -1248,11 +1249,11 @@ void mbedtls_ssl_set_authmode( mbedtls_ssl_context *ssl, int authmode );
|
||||
* certificate in the chain. For implementation
|
||||
* information, please see \c x509parse_verify()
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param f_vrfy verification function
|
||||
* \param p_vrfy verification parameter
|
||||
*/
|
||||
void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_set_verify( mbedtls_ssl_config *conf,
|
||||
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, int *),
|
||||
void *p_vrfy );
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
@ -1271,11 +1272,11 @@ void mbedtls_ssl_set_rng( mbedtls_ssl_context *ssl,
|
||||
/**
|
||||
* \brief Set the debug callback
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param f_dbg debug function
|
||||
* \param p_dbg debug parameter
|
||||
*/
|
||||
void mbedtls_ssl_set_dbg( mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_set_dbg( mbedtls_ssl_config *conf,
|
||||
void (*f_dbg)(void *, int, const char *),
|
||||
void *p_dbg );
|
||||
|
||||
@ -1404,12 +1405,12 @@ typedef int mbedtls_ssl_cookie_check_t( void *ctx,
|
||||
* Only disable if you known this can't happen in your
|
||||
* particular environment.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param f_cookie_write Cookie write callback
|
||||
* \param f_cookie_check Cookie check callback
|
||||
* \param p_cookie Context for both callbacks
|
||||
*/
|
||||
void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_config *conf,
|
||||
mbedtls_ssl_cookie_write_t *f_cookie_write,
|
||||
mbedtls_ssl_cookie_check_t *f_cookie_check,
|
||||
void *p_cookie );
|
||||
@ -1421,7 +1422,7 @@ void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl,
|
||||
* (DTLS only, no effect on TLS.)
|
||||
* Default: enabled.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param mode MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED.
|
||||
*
|
||||
* \warning Disabling this is a security risk unless the application
|
||||
@ -1431,7 +1432,7 @@ void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl,
|
||||
* packets and needs information about them to adjust its
|
||||
* transmission strategy, then you'll want to disable this.
|
||||
*/
|
||||
void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode );
|
||||
void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
|
||||
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||
@ -1441,7 +1442,7 @@ void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode );
|
||||
* (DTLS only, no effect on TLS.)
|
||||
* Default: 0 (disabled).
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param limit Limit, or 0 to disable.
|
||||
*
|
||||
* \note If the limit is N, then the connection is terminated when
|
||||
@ -1458,7 +1459,7 @@ void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode );
|
||||
* might make us waste resources checking authentication on
|
||||
* many bogus packets.
|
||||
*/
|
||||
void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit );
|
||||
void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
|
||||
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
@ -1466,7 +1467,7 @@ void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit
|
||||
* \brief Set retransmit timeout values for the DTLS handshale.
|
||||
* (DTLS only, no effect on TLS.)
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param min Initial timeout value in milliseconds.
|
||||
* Default: 1000 (1 second).
|
||||
* \param max Maximum timeout value in milliseconds.
|
||||
@ -1478,7 +1479,7 @@ void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit
|
||||
* handshake latency. Lower values may increase the risk of
|
||||
* network congestion by causing more retransmissions.
|
||||
*/
|
||||
void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_context *ssl, uint32_t min, uint32_t max );
|
||||
void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
/**
|
||||
@ -1513,13 +1514,13 @@ void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_context *ssl, uint32_t min,
|
||||
* an entry is still valid in the future. Return 0 if
|
||||
* successfully cached, return 1 otherwise.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param f_get_cache session get callback
|
||||
* \param p_get_cache session get parameter
|
||||
* \param f_set_cache session set callback
|
||||
* \param p_set_cache session set parameter
|
||||
*/
|
||||
void mbedtls_ssl_set_session_cache( mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_set_session_cache( mbedtls_ssl_config *conf,
|
||||
int (*f_get_cache)(void *, mbedtls_ssl_session *), void *p_get_cache,
|
||||
int (*f_set_cache)(void *, const mbedtls_ssl_session *), void *p_set_cache );
|
||||
#endif /* MBEDTLS_SSL_SRV_C */
|
||||
@ -1551,17 +1552,18 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
|
||||
* over the preference of the client unless
|
||||
* MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param ciphersuites 0-terminated list of allowed ciphersuites
|
||||
*/
|
||||
void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_context *ssl, const int *ciphersuites );
|
||||
void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_config *conf,
|
||||
const int *ciphersuites );
|
||||
|
||||
/**
|
||||
* \brief Set the list of allowed ciphersuites and the
|
||||
* preference order for a specific version of the protocol.
|
||||
* (Only useful on the server side)
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param ciphersuites 0-terminated list of allowed ciphersuites
|
||||
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3
|
||||
* supported)
|
||||
@ -1572,7 +1574,7 @@ void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_context *ssl, const int *ciphersu
|
||||
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
|
||||
* and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
|
||||
*/
|
||||
void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_config *conf,
|
||||
const int *ciphersuites,
|
||||
int major, int minor );
|
||||
|
||||
@ -1642,11 +1644,11 @@ int mbedtls_ssl_set_psk( mbedtls_ssl_context *ssl, const unsigned char *psk, siz
|
||||
* identity and return 0.
|
||||
* Any other return value will result in a denied PSK identity.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param f_psk PSK identity function
|
||||
* \param p_psk PSK identity parameter
|
||||
*/
|
||||
void mbedtls_ssl_set_psk_cb( mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_set_psk_cb( mbedtls_ssl_config *conf,
|
||||
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
|
||||
size_t),
|
||||
void *p_psk );
|
||||
@ -1658,24 +1660,24 @@ void mbedtls_ssl_set_psk_cb( mbedtls_ssl_context *ssl,
|
||||
* read as hexadecimal strings (server-side only)
|
||||
* (Default: MBEDTLS_DHM_RFC5114_MODP_1024_[PG])
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param dhm_P Diffie-Hellman-Merkle modulus
|
||||
* \param dhm_G Diffie-Hellman-Merkle generator
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_ssl_set_dh_param( mbedtls_ssl_context *ssl, const char *dhm_P, const char *dhm_G );
|
||||
int mbedtls_ssl_set_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G );
|
||||
|
||||
/**
|
||||
* \brief Set the Diffie-Hellman public P and G values,
|
||||
* read from existing context (server-side only)
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param dhm_ctx Diffie-Hellman-Merkle context
|
||||
*
|
||||
* \return 0 if successful
|
||||
*/
|
||||
int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context *dhm_ctx );
|
||||
int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
|
||||
#endif /* MBEDTLS_DHM_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SET_CURVES)
|
||||
@ -1693,11 +1695,11 @@ int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context
|
||||
* Both sides: limits the set of curves used by peer to the
|
||||
* listed curves for any use (ECDH(E), certificates).
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param curves Ordered list of allowed curves,
|
||||
* terminated by MBEDTLS_ECP_DP_NONE.
|
||||
*/
|
||||
void mbedtls_ssl_set_curves( mbedtls_ssl_context *ssl, const mbedtls_ecp_group_id *curves );
|
||||
void mbedtls_ssl_set_curves( mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves );
|
||||
#endif /* MBEDTLS_SSL_SET_CURVES */
|
||||
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
@ -1728,11 +1730,11 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
|
||||
* callback should return -1 to abort the handshake at this
|
||||
* point.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param f_sni verification function
|
||||
* \param p_sni verification parameter
|
||||
*/
|
||||
void mbedtls_ssl_set_sni( mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_set_sni( mbedtls_ssl_config *conf,
|
||||
int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
|
||||
size_t),
|
||||
void *p_sni );
|
||||
@ -1742,13 +1744,13 @@ void mbedtls_ssl_set_sni( mbedtls_ssl_context *ssl,
|
||||
/**
|
||||
* \brief Set the supported Application Layer Protocols.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param protos NULL-terminated list of supported protocols,
|
||||
* in decreasing preference order.
|
||||
*
|
||||
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
|
||||
*/
|
||||
int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_context *ssl, const char **protos );
|
||||
int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
|
||||
|
||||
/**
|
||||
* \brief Get the name of the negotiated Application Layer Protocol.
|
||||
@ -1769,7 +1771,7 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
|
||||
*
|
||||
* Note: This ignores ciphersuites from 'higher' versions.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
|
||||
* \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
|
||||
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
|
||||
@ -1779,7 +1781,7 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
|
||||
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
|
||||
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
|
||||
*/
|
||||
int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor );
|
||||
int mbedtls_ssl_set_max_version( mbedtls_ssl_config *conf, int major, int minor );
|
||||
|
||||
/**
|
||||
* \brief Set the minimum accepted SSL/TLS protocol version
|
||||
@ -1790,7 +1792,7 @@ int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor
|
||||
*
|
||||
* \note MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
|
||||
* \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
|
||||
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
|
||||
@ -1800,7 +1802,7 @@ int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor
|
||||
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
|
||||
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
|
||||
*/
|
||||
int mbedtls_ssl_set_min_version( mbedtls_ssl_context *ssl, int major, int minor );
|
||||
int mbedtls_ssl_set_min_version( mbedtls_ssl_config *conf, int major, int minor );
|
||||
|
||||
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
|
||||
/**
|
||||
@ -1834,10 +1836,10 @@ void mbedtls_ssl_set_fallback( mbedtls_ssl_context *ssl, char fallback );
|
||||
* improvement, and should not cause any interoperability
|
||||
* issue (used only if the peer supports it too).
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
|
||||
*/
|
||||
void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_context *ssl, char etm );
|
||||
void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
|
||||
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
@ -1849,10 +1851,10 @@ void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_context *ssl, char etm );
|
||||
* protocol, and should not cause any interoperability issue
|
||||
* (used only if the peer supports it too).
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
|
||||
*/
|
||||
void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_context *ssl, char ems );
|
||||
void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_config *conf, char ems );
|
||||
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
|
||||
|
||||
/**
|
||||
@ -1865,10 +1867,10 @@ void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_context *ssl, char ems
|
||||
* \note This function will likely be removed in future versions as
|
||||
* RC4 will then be disabled by default at compile time.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
|
||||
*/
|
||||
void mbedtls_ssl_set_arc4_support( mbedtls_ssl_context *ssl, char arc4 );
|
||||
void mbedtls_ssl_set_arc4_support( mbedtls_ssl_config *conf, char arc4 );
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
/**
|
||||
@ -1895,13 +1897,13 @@ int mbedtls_ssl_set_max_frag_len( mbedtls_ssl_context *ssl, unsigned char mfl_co
|
||||
* (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED on client,
|
||||
* MBEDTLS_SSL_TRUNC_HMAC_ENABLED on server.)
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or
|
||||
* MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
|
||||
*
|
||||
* \return Always 0.
|
||||
*/
|
||||
int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_context *ssl, int truncate );
|
||||
int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
|
||||
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
@ -1942,10 +1944,10 @@ int mbedtls_ssl_set_session_tickets( mbedtls_ssl_context *ssl, int use_tickets )
|
||||
* \brief Set session ticket lifetime (server only)
|
||||
* (Default: MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day))
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param lifetime session ticket lifetime
|
||||
*/
|
||||
void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_context *ssl, int lifetime );
|
||||
void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_config *conf, int lifetime );
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
@ -1958,11 +1960,11 @@ void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_context *ssl, int life
|
||||
* resource DoS by a malicious client. You should enable this on
|
||||
* a client to enable server-initiated renegotiation.
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
|
||||
* MBEDTLS_SSL_RENEGOTIATION_DISABLED)
|
||||
*/
|
||||
void mbedtls_ssl_set_renegotiation( mbedtls_ssl_context *ssl, int renegotiation );
|
||||
void mbedtls_ssl_set_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
|
||||
/**
|
||||
@ -1987,12 +1989,12 @@ void mbedtls_ssl_set_renegotiation( mbedtls_ssl_context *ssl, int renegotiation
|
||||
* that do not support renegotiation altogether.
|
||||
* (Most secure option, interoperability issues)
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
|
||||
* SSL_ALLOW_LEGACY_RENEGOTIATION or
|
||||
* MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
|
||||
*/
|
||||
void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_context *ssl, int allow_legacy );
|
||||
void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
|
||||
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
/**
|
||||
@ -2027,12 +2029,12 @@ void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_context *ssl, int allow_legac
|
||||
* if we receive application data from the server, we need a
|
||||
* place to write it, which only happens during mbedtls_ssl_read().
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
|
||||
* enforce renegotiation, or a non-negative value to enforce
|
||||
* it but allow for a grace period of max_records records.
|
||||
*/
|
||||
void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_context *ssl, int max_records );
|
||||
void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
|
||||
|
||||
/**
|
||||
* \brief Set record counter threshold for periodic renegotiation.
|
||||
@ -2047,11 +2049,11 @@ void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_context *ssl, int max_r
|
||||
* Lower values can be used to enforce policies such as "keys
|
||||
* must be refreshed every N packets with cipher X".
|
||||
*
|
||||
* \param ssl SSL context
|
||||
* \param conf SSL configuration
|
||||
* \param period The threshold value: a big-endian 64-bit number.
|
||||
* Set to 2^64 - 1 to disable periodic renegotiation
|
||||
*/
|
||||
void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_config *conf,
|
||||
const unsigned char period[8] );
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
|
||||
|
||||
@ -377,14 +377,14 @@ int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_config *conf,
|
||||
mbedtls_ssl_cookie_write_t *f_cookie_write,
|
||||
mbedtls_ssl_cookie_check_t *f_cookie_check,
|
||||
void *p_cookie )
|
||||
{
|
||||
ssl->conf->f_cookie_write = f_cookie_write;
|
||||
ssl->conf->f_cookie_check = f_cookie_check;
|
||||
ssl->conf->p_cookie = p_cookie;
|
||||
conf->f_cookie_write = f_cookie_write;
|
||||
conf->f_cookie_check = f_cookie_check;
|
||||
conf->p_cookie = p_cookie;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
|
||||
|
||||
|
||||
@ -5168,52 +5168,52 @@ static int ssl_ticket_keys_init( mbedtls_ssl_context *ssl )
|
||||
/*
|
||||
* SSL set accessors
|
||||
*/
|
||||
void mbedtls_ssl_set_endpoint( mbedtls_ssl_context *ssl, int endpoint )
|
||||
void mbedtls_ssl_set_endpoint( mbedtls_ssl_config *conf, int endpoint )
|
||||
{
|
||||
ssl->conf->endpoint = endpoint;
|
||||
conf->endpoint = endpoint;
|
||||
}
|
||||
|
||||
int mbedtls_ssl_set_transport( mbedtls_ssl_context *ssl, int transport )
|
||||
int mbedtls_ssl_set_transport( mbedtls_ssl_config *conf, int transport )
|
||||
{
|
||||
ssl->conf->transport = transport;
|
||||
conf->transport = transport;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode )
|
||||
void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_config *conf, char mode )
|
||||
{
|
||||
ssl->conf->anti_replay = mode;
|
||||
conf->anti_replay = mode;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||
void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit )
|
||||
void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit )
|
||||
{
|
||||
ssl->conf->badmac_limit = limit;
|
||||
conf->badmac_limit = limit;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_context *ssl, uint32_t min, uint32_t max )
|
||||
void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max )
|
||||
{
|
||||
ssl->conf->hs_timeout_min = min;
|
||||
ssl->conf->hs_timeout_max = max;
|
||||
conf->hs_timeout_min = min;
|
||||
conf->hs_timeout_max = max;
|
||||
}
|
||||
#endif
|
||||
|
||||
void mbedtls_ssl_set_authmode( mbedtls_ssl_context *ssl, int authmode )
|
||||
void mbedtls_ssl_set_authmode( mbedtls_ssl_config *conf, int authmode )
|
||||
{
|
||||
ssl->conf->authmode = authmode;
|
||||
conf->authmode = authmode;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_set_verify( mbedtls_ssl_config *conf,
|
||||
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, int *),
|
||||
void *p_vrfy )
|
||||
{
|
||||
ssl->conf->f_vrfy = f_vrfy;
|
||||
ssl->conf->p_vrfy = p_vrfy;
|
||||
conf->f_vrfy = f_vrfy;
|
||||
conf->p_vrfy = p_vrfy;
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
@ -5225,12 +5225,12 @@ void mbedtls_ssl_set_rng( mbedtls_ssl_context *ssl,
|
||||
ssl->p_rng = p_rng;
|
||||
}
|
||||
|
||||
void mbedtls_ssl_set_dbg( mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_set_dbg( mbedtls_ssl_config *conf,
|
||||
void (*f_dbg)(void *, int, const char *),
|
||||
void *p_dbg )
|
||||
{
|
||||
ssl->conf->f_dbg = f_dbg;
|
||||
ssl->conf->p_dbg = p_dbg;
|
||||
conf->f_dbg = f_dbg;
|
||||
conf->p_dbg = p_dbg;
|
||||
}
|
||||
|
||||
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
@ -5267,14 +5267,14 @@ void mbedtls_ssl_set_bio_timeout( mbedtls_ssl_context *ssl,
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
void mbedtls_ssl_set_session_cache( mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_set_session_cache( mbedtls_ssl_config *conf,
|
||||
int (*f_get_cache)(void *, mbedtls_ssl_session *), void *p_get_cache,
|
||||
int (*f_set_cache)(void *, const mbedtls_ssl_session *), void *p_set_cache )
|
||||
{
|
||||
ssl->conf->f_get_cache = f_get_cache;
|
||||
ssl->conf->p_get_cache = p_get_cache;
|
||||
ssl->conf->f_set_cache = f_set_cache;
|
||||
ssl->conf->p_set_cache = p_set_cache;
|
||||
conf->f_get_cache = f_get_cache;
|
||||
conf->p_get_cache = p_get_cache;
|
||||
conf->f_set_cache = f_set_cache;
|
||||
conf->p_set_cache = p_set_cache;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SRV_C */
|
||||
|
||||
@ -5300,15 +5300,16 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CLI_C */
|
||||
|
||||
void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_context *ssl, const int *ciphersuites )
|
||||
void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_config *conf,
|
||||
const int *ciphersuites )
|
||||
{
|
||||
ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites;
|
||||
ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites;
|
||||
ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites;
|
||||
ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites;
|
||||
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites;
|
||||
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites;
|
||||
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites;
|
||||
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites;
|
||||
}
|
||||
|
||||
void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_config *conf,
|
||||
const int *ciphersuites,
|
||||
int major, int minor )
|
||||
{
|
||||
@ -5318,7 +5319,7 @@ void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_context *ssl,
|
||||
if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 )
|
||||
return;
|
||||
|
||||
ssl->conf->ciphersuite_list[minor] = ciphersuites;
|
||||
conf->ciphersuite_list[minor] = ciphersuites;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
@ -5407,51 +5408,39 @@ int mbedtls_ssl_set_psk( mbedtls_ssl_context *ssl, const unsigned char *psk, siz
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
void mbedtls_ssl_set_psk_cb( mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_set_psk_cb( mbedtls_ssl_config *conf,
|
||||
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
|
||||
size_t),
|
||||
void *p_psk )
|
||||
{
|
||||
ssl->conf->f_psk = f_psk;
|
||||
ssl->conf->p_psk = p_psk;
|
||||
conf->f_psk = f_psk;
|
||||
conf->p_psk = p_psk;
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_DHM_C)
|
||||
int mbedtls_ssl_set_dh_param( mbedtls_ssl_context *ssl, const char *dhm_P, const char *dhm_G )
|
||||
int mbedtls_ssl_set_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G )
|
||||
{
|
||||
int ret;
|
||||
|
||||
if( ( ret = mbedtls_mpi_read_string( &ssl->conf->dhm_P, 16, dhm_P ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_read_string", ret );
|
||||
if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_mpi_read_string( &ssl->conf->dhm_G, 16, dhm_G ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_read_string", ret );
|
||||
if( ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context *dhm_ctx )
|
||||
int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx )
|
||||
{
|
||||
int ret;
|
||||
|
||||
if( ( ret = mbedtls_mpi_copy( &ssl->conf->dhm_P, &dhm_ctx->P ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret );
|
||||
if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( ( ret = mbedtls_mpi_copy( &ssl->conf->dhm_G, &dhm_ctx->G ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret );
|
||||
if( ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 )
|
||||
return( ret );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
@ -5461,9 +5450,10 @@ int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context
|
||||
/*
|
||||
* Set the allowed elliptic curves
|
||||
*/
|
||||
void mbedtls_ssl_set_curves( mbedtls_ssl_context *ssl, const mbedtls_ecp_group_id *curve_list )
|
||||
void mbedtls_ssl_set_curves( mbedtls_ssl_config *conf,
|
||||
const mbedtls_ecp_group_id *curve_list )
|
||||
{
|
||||
ssl->conf->curve_list = curve_list;
|
||||
conf->curve_list = curve_list;
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -5491,18 +5481,18 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
void mbedtls_ssl_set_sni( mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_set_sni( mbedtls_ssl_config *conf,
|
||||
int (*f_sni)(void *, mbedtls_ssl_context *,
|
||||
const unsigned char *, size_t),
|
||||
void *p_sni )
|
||||
{
|
||||
ssl->conf->f_sni = f_sni;
|
||||
ssl->conf->p_sni = p_sni;
|
||||
conf->f_sni = f_sni;
|
||||
conf->p_sni = p_sni;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_context *ssl, const char **protos )
|
||||
int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_config *conf, const char **protos )
|
||||
{
|
||||
size_t cur_len, tot_len;
|
||||
const char **p;
|
||||
@ -5521,7 +5511,7 @@ int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_context *ssl, const char **proto
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
ssl->conf->alpn_list = protos;
|
||||
conf->alpn_list = protos;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
@ -5532,16 +5522,19 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl )
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_ALPN */
|
||||
|
||||
static int ssl_check_version( const mbedtls_ssl_context *ssl, int major, int minor )
|
||||
static int ssl_check_version( const mbedtls_ssl_config *conf,
|
||||
int major, int minor )
|
||||
{
|
||||
if( major < MBEDTLS_SSL_MIN_MAJOR_VERSION || major > MBEDTLS_SSL_MAX_MAJOR_VERSION ||
|
||||
minor < MBEDTLS_SSL_MIN_MINOR_VERSION || minor > MBEDTLS_SSL_MAX_MINOR_VERSION )
|
||||
if( major < MBEDTLS_SSL_MIN_MAJOR_VERSION ||
|
||||
major > MBEDTLS_SSL_MAX_MAJOR_VERSION ||
|
||||
minor < MBEDTLS_SSL_MIN_MINOR_VERSION ||
|
||||
minor > MBEDTLS_SSL_MAX_MINOR_VERSION )
|
||||
{
|
||||
return( -1 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||
minor < MBEDTLS_SSL_MINOR_VERSION_2 )
|
||||
{
|
||||
return( -1 );
|
||||
@ -5553,24 +5546,24 @@ static int ssl_check_version( const mbedtls_ssl_context *ssl, int major, int min
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor )
|
||||
int mbedtls_ssl_set_max_version( mbedtls_ssl_config *conf, int major, int minor )
|
||||
{
|
||||
if( ssl_check_version( ssl, major, minor ) != 0 )
|
||||
if( ssl_check_version( conf, major, minor ) != 0 )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
ssl->conf->max_major_ver = major;
|
||||
ssl->conf->max_minor_ver = minor;
|
||||
conf->max_major_ver = major;
|
||||
conf->max_minor_ver = minor;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_ssl_set_min_version( mbedtls_ssl_context *ssl, int major, int minor )
|
||||
int mbedtls_ssl_set_min_version( mbedtls_ssl_config *conf, int major, int minor )
|
||||
{
|
||||
if( ssl_check_version( ssl, major, minor ) != 0 )
|
||||
if( ssl_check_version( conf, major, minor ) != 0 )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
ssl->conf->min_major_ver = major;
|
||||
ssl->conf->min_minor_ver = minor;
|
||||
conf->min_major_ver = major;
|
||||
conf->min_minor_ver = minor;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
@ -5583,22 +5576,22 @@ void mbedtls_ssl_set_fallback( mbedtls_ssl_context *ssl, char fallback )
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_context *ssl, char etm )
|
||||
void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_config *conf, char etm )
|
||||
{
|
||||
ssl->conf->encrypt_then_mac = etm;
|
||||
conf->encrypt_then_mac = etm;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_context *ssl, char ems )
|
||||
void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_config *conf, char ems )
|
||||
{
|
||||
ssl->conf->extended_ms = ems;
|
||||
conf->extended_ms = ems;
|
||||
}
|
||||
#endif
|
||||
|
||||
void mbedtls_ssl_set_arc4_support( mbedtls_ssl_context *ssl, char arc4 )
|
||||
void mbedtls_ssl_set_arc4_support( mbedtls_ssl_config *conf, char arc4 )
|
||||
{
|
||||
ssl->conf->arc4_disabled = arc4;
|
||||
conf->arc4_disabled = arc4;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
@ -5617,9 +5610,9 @@ int mbedtls_ssl_set_max_frag_len( mbedtls_ssl_context *ssl, unsigned char mfl_co
|
||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_context *ssl, int truncate )
|
||||
int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_config *conf, int truncate )
|
||||
{
|
||||
ssl->conf->trunc_hmac = truncate;
|
||||
conf->trunc_hmac = truncate;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
@ -5632,26 +5625,26 @@ void mbedtls_ssl_set_cbc_record_splitting( mbedtls_ssl_context *ssl, char split
|
||||
}
|
||||
#endif
|
||||
|
||||
void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_context *ssl, int allow_legacy )
|
||||
void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy )
|
||||
{
|
||||
ssl->conf->allow_legacy_renegotiation = allow_legacy;
|
||||
conf->allow_legacy_renegotiation = allow_legacy;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
void mbedtls_ssl_set_renegotiation( mbedtls_ssl_context *ssl, int renegotiation )
|
||||
void mbedtls_ssl_set_renegotiation( mbedtls_ssl_config *conf, int renegotiation )
|
||||
{
|
||||
ssl->conf->disable_renegotiation = renegotiation;
|
||||
conf->disable_renegotiation = renegotiation;
|
||||
}
|
||||
|
||||
void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_context *ssl, int max_records )
|
||||
void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records )
|
||||
{
|
||||
ssl->conf->renego_max_records = max_records;
|
||||
conf->renego_max_records = max_records;
|
||||
}
|
||||
|
||||
void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_context *ssl,
|
||||
void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_config *conf,
|
||||
const unsigned char period[8] )
|
||||
{
|
||||
memcpy( ssl->conf->renego_period, period, 8 );
|
||||
memcpy( conf->renego_period, period, 8 );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
|
||||
@ -5674,9 +5667,9 @@ int mbedtls_ssl_set_session_tickets( mbedtls_ssl_context *ssl, int use_tickets )
|
||||
return( ssl_ticket_keys_init( ssl ) );
|
||||
}
|
||||
|
||||
void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_context *ssl, int lifetime )
|
||||
void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_config *conf, int lifetime )
|
||||
{
|
||||
ssl->conf->ticket_lifetime = lifetime;
|
||||
conf->ticket_lifetime = lifetime;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
|
||||
@ -181,11 +181,11 @@ int main( int argc, char *argv[] )
|
||||
/* OPTIONAL is usually a bad choice for security, but makes interop easier
|
||||
* in this simplified example, in which the ca chain is hardcoded.
|
||||
* Production code should set a proper ca chain and use REQUIRED. */
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
||||
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
||||
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, SERVER_NAME );
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
|
||||
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd,
|
||||
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout,
|
||||
|
||||
@ -206,14 +206,13 @@ int main( void )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
|
||||
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
|
||||
mbedtls_ssl_cache_set, &cache );
|
||||
mbedtls_ssl_set_session_cache( &conf,
|
||||
mbedtls_ssl_cache_get, &cache,
|
||||
mbedtls_ssl_cache_set, &cache );
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
|
||||
@ -230,7 +229,7 @@ int main( void )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_dtls_cookies( &ssl, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
|
||||
mbedtls_ssl_set_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
|
||||
&cookie_ctx );
|
||||
|
||||
printf( " ok\n" );
|
||||
|
||||
@ -217,7 +217,7 @@ int main( void )
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_ca_chain( &ssl, &ca, NULL, HOSTNAME );
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_REQUIRED );
|
||||
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
||||
@ -168,11 +168,11 @@ int main( void )
|
||||
|
||||
/* OPTIONAL is not optimal for security,
|
||||
* but makes interop easier in this simplified example */
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
||||
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
||||
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, "mbed TLS Server 1" );
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
|
||||
|
||||
/*
|
||||
|
||||
@ -1065,15 +1065,15 @@ int main( int argc, char *argv[] )
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
if( opt.debug_level > 0 )
|
||||
mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
|
||||
mbedtls_ssl_set_verify( &conf, my_verify, NULL );
|
||||
#endif
|
||||
|
||||
if( opt.auth_mode != DFL_AUTH_MODE )
|
||||
mbedtls_ssl_set_authmode( &ssl, opt.auth_mode );
|
||||
mbedtls_ssl_set_authmode( &conf, opt.auth_mode );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
|
||||
mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max );
|
||||
mbedtls_ssl_set_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
@ -1086,17 +1086,17 @@ int main( int argc, char *argv[] )
|
||||
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
|
||||
mbedtls_ssl_set_truncated_hmac( &ssl, opt.trunc_hmac );
|
||||
mbedtls_ssl_set_truncated_hmac( &conf, opt.trunc_hmac );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
if( opt.extended_ms != DFL_EXTENDED_MS )
|
||||
mbedtls_ssl_set_extended_master_secret( &ssl, opt.extended_ms );
|
||||
mbedtls_ssl_set_extended_master_secret( &conf, opt.extended_ms );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
if( opt.etm != DFL_ETM )
|
||||
mbedtls_ssl_set_encrypt_then_mac( &ssl, opt.etm );
|
||||
mbedtls_ssl_set_encrypt_then_mac( &conf, opt.etm );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||
@ -1108,7 +1108,7 @@ int main( int argc, char *argv[] )
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
if( opt.alpn_string != NULL )
|
||||
if( ( ret = mbedtls_ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_set_alpn_protocols( &conf, alpn_list ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_alpn_protocols returned %d\n\n", ret );
|
||||
goto exit;
|
||||
@ -1116,7 +1116,7 @@ int main( int argc, char *argv[] )
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
|
||||
|
||||
if( opt.nbio == 2 )
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, my_send, my_recv, NULL,
|
||||
@ -1139,15 +1139,15 @@ int main( int argc, char *argv[] )
|
||||
#endif
|
||||
|
||||
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||
mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
|
||||
mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
|
||||
|
||||
if( opt.arc4 != DFL_ARC4 )
|
||||
mbedtls_ssl_set_arc4_support( &ssl, opt.arc4 );
|
||||
mbedtls_ssl_set_arc4_support( &conf, opt.arc4 );
|
||||
|
||||
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
|
||||
mbedtls_ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
|
||||
mbedtls_ssl_legacy_renegotiation( &conf, opt.allow_legacy );
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
mbedtls_ssl_set_renegotiation( &ssl, opt.renegotiation );
|
||||
mbedtls_ssl_set_renegotiation( &conf, opt.renegotiation );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
@ -1187,7 +1187,7 @@ int main( int argc, char *argv[] )
|
||||
|
||||
if( opt.min_version != DFL_MIN_VERSION )
|
||||
{
|
||||
ret = mbedtls_ssl_set_min_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
|
||||
ret = mbedtls_ssl_set_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! selected min_version is not available\n" );
|
||||
@ -1197,7 +1197,7 @@ int main( int argc, char *argv[] )
|
||||
|
||||
if( opt.max_version != DFL_MAX_VERSION )
|
||||
{
|
||||
ret = mbedtls_ssl_set_max_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
|
||||
ret = mbedtls_ssl_set_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! selected max_version is not available\n" );
|
||||
|
||||
@ -265,10 +265,8 @@ int main( void )
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
|
||||
|
||||
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
|
||||
|
||||
@ -602,14 +602,14 @@ int main( int argc, char *argv[] )
|
||||
|
||||
/* OPTIONAL is not optimal for security,
|
||||
* but makes interop easier in this simplified example */
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
||||
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
|
||||
|
||||
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||
mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
|
||||
mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
|
||||
|
||||
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
|
||||
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
|
||||
|
||||
@ -176,17 +176,16 @@ static void *handle_ssl_connection( void *data )
|
||||
goto thread_exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_mutexed_debug, stdout );
|
||||
mbedtls_ssl_set_dbg( &conf, my_mutexed_debug, stdout );
|
||||
|
||||
/* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
|
||||
* MBEDTLS_THREADING_C is set.
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, thread_info->cache,
|
||||
mbedtls_ssl_cache_set, thread_info->cache );
|
||||
mbedtls_ssl_set_session_cache( &conf,
|
||||
mbedtls_ssl_cache_get, thread_info->cache,
|
||||
mbedtls_ssl_cache_set, thread_info->cache );
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_set_ca_chain( &ssl, thread_info->ca_chain, NULL, NULL );
|
||||
|
||||
@ -205,14 +205,13 @@ int main( void )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
|
||||
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
|
||||
mbedtls_ssl_cache_set, &cache );
|
||||
mbedtls_ssl_set_session_cache( &conf,
|
||||
mbedtls_ssl_cache_get, &cache,
|
||||
mbedtls_ssl_cache_set, &cache );
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
|
||||
|
||||
@ -1534,13 +1534,12 @@ int main( int argc, char *argv[] )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
|
||||
if( opt.auth_mode != DFL_AUTH_MODE )
|
||||
mbedtls_ssl_set_authmode( &ssl, opt.auth_mode );
|
||||
mbedtls_ssl_set_authmode( &conf, opt.auth_mode );
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
|
||||
mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max );
|
||||
mbedtls_ssl_set_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||
@ -1553,22 +1552,22 @@ int main( int argc, char *argv[] )
|
||||
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
|
||||
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
|
||||
mbedtls_ssl_set_truncated_hmac( &ssl, opt.trunc_hmac );
|
||||
mbedtls_ssl_set_truncated_hmac( &conf, opt.trunc_hmac );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
|
||||
if( opt.extended_ms != DFL_EXTENDED_MS )
|
||||
mbedtls_ssl_set_extended_master_secret( &ssl, opt.extended_ms );
|
||||
mbedtls_ssl_set_extended_master_secret( &conf, opt.extended_ms );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
|
||||
if( opt.etm != DFL_ETM )
|
||||
mbedtls_ssl_set_encrypt_then_mac( &ssl, opt.etm );
|
||||
mbedtls_ssl_set_encrypt_then_mac( &conf, opt.etm );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_ALPN)
|
||||
if( opt.alpn_string != NULL )
|
||||
if( ( ret = mbedtls_ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
|
||||
if( ( ret = mbedtls_ssl_set_alpn_protocols( &conf, alpn_list ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_alpn_protocols returned %d\n\n", ret );
|
||||
goto exit;
|
||||
@ -1576,7 +1575,7 @@ int main( int argc, char *argv[] )
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
|
||||
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
if( opt.cache_max != -1 )
|
||||
@ -1585,8 +1584,9 @@ int main( int argc, char *argv[] )
|
||||
if( opt.cache_timeout != -1 )
|
||||
mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout );
|
||||
|
||||
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
|
||||
mbedtls_ssl_cache_set, &cache );
|
||||
mbedtls_ssl_set_session_cache( &conf,
|
||||
mbedtls_ssl_cache_get, &cache,
|
||||
mbedtls_ssl_cache_set, &cache );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
@ -1597,7 +1597,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
|
||||
if( opt.ticket_timeout != -1 )
|
||||
mbedtls_ssl_set_session_ticket_lifetime( &ssl, opt.ticket_timeout );
|
||||
mbedtls_ssl_set_session_ticket_lifetime( &conf, opt.ticket_timeout );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
@ -1613,7 +1613,7 @@ int main( int argc, char *argv[] )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
mbedtls_ssl_set_dtls_cookies( &ssl, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
|
||||
mbedtls_ssl_set_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
|
||||
&cookie_ctx );
|
||||
}
|
||||
else
|
||||
@ -1621,7 +1621,7 @@ int main( int argc, char *argv[] )
|
||||
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
|
||||
if( opt.cookies == 0 )
|
||||
{
|
||||
mbedtls_ssl_set_dtls_cookies( &ssl, NULL, NULL, NULL );
|
||||
mbedtls_ssl_set_dtls_cookies( &conf, NULL, NULL, NULL );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
|
||||
@ -1631,50 +1631,50 @@ int main( int argc, char *argv[] )
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
|
||||
if( opt.anti_replay != DFL_ANTI_REPLAY )
|
||||
mbedtls_ssl_set_dtls_anti_replay( &ssl, opt.anti_replay );
|
||||
mbedtls_ssl_set_dtls_anti_replay( &conf, opt.anti_replay );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
|
||||
if( opt.badmac_limit != DFL_BADMAC_LIMIT )
|
||||
mbedtls_ssl_set_dtls_badmac_limit( &ssl, opt.badmac_limit );
|
||||
mbedtls_ssl_set_dtls_badmac_limit( &conf, opt.badmac_limit );
|
||||
#endif
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||
|
||||
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
|
||||
mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
|
||||
mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
|
||||
|
||||
if( opt.arc4 != DFL_ARC4 )
|
||||
mbedtls_ssl_set_arc4_support( &ssl, opt.arc4 );
|
||||
mbedtls_ssl_set_arc4_support( &conf, opt.arc4 );
|
||||
|
||||
if( opt.version_suites != NULL )
|
||||
{
|
||||
mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[0],
|
||||
mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[0],
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3,
|
||||
MBEDTLS_SSL_MINOR_VERSION_0 );
|
||||
mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[1],
|
||||
mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[1],
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3,
|
||||
MBEDTLS_SSL_MINOR_VERSION_1 );
|
||||
mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[2],
|
||||
mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[2],
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3,
|
||||
MBEDTLS_SSL_MINOR_VERSION_2 );
|
||||
mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[3],
|
||||
mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[3],
|
||||
MBEDTLS_SSL_MAJOR_VERSION_3,
|
||||
MBEDTLS_SSL_MINOR_VERSION_3 );
|
||||
}
|
||||
|
||||
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
|
||||
mbedtls_ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
|
||||
mbedtls_ssl_legacy_renegotiation( &conf, opt.allow_legacy );
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
mbedtls_ssl_set_renegotiation( &ssl, opt.renegotiation );
|
||||
mbedtls_ssl_set_renegotiation( &conf, opt.renegotiation );
|
||||
|
||||
if( opt.renego_delay != DFL_RENEGO_DELAY )
|
||||
mbedtls_ssl_set_renegotiation_enforced( &ssl, opt.renego_delay );
|
||||
mbedtls_ssl_set_renegotiation_enforced( &conf, opt.renego_delay );
|
||||
|
||||
if( opt.renego_period != DFL_RENEGO_PERIOD )
|
||||
{
|
||||
renego_period[7] = opt.renego_period;
|
||||
mbedtls_ssl_set_renegotiation_period( &ssl, renego_period );
|
||||
mbedtls_ssl_set_renegotiation_period( &conf, renego_period );
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -1700,7 +1700,7 @@ int main( int argc, char *argv[] )
|
||||
|
||||
#if defined(SNI_OPTION)
|
||||
if( opt.sni != NULL )
|
||||
mbedtls_ssl_set_sni( &ssl, sni_callback, sni_info );
|
||||
mbedtls_ssl_set_sni( &conf, sni_callback, sni_info );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
@ -1717,7 +1717,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
|
||||
if( opt.psk_list != NULL )
|
||||
mbedtls_ssl_set_psk_cb( &ssl, psk_callback, psk_info );
|
||||
mbedtls_ssl_set_psk_cb( &conf, psk_callback, psk_info );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_DHM_C)
|
||||
@ -1726,11 +1726,11 @@ int main( int argc, char *argv[] )
|
||||
*/
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
if( opt.dhm_file != NULL )
|
||||
ret = mbedtls_ssl_set_dh_param_ctx( &ssl, &dhm );
|
||||
ret = mbedtls_ssl_set_dh_param_ctx( &conf, &dhm );
|
||||
else
|
||||
#endif
|
||||
ret = mbedtls_ssl_set_dh_param( &ssl, MBEDTLS_DHM_RFC5114_MODP_2048_P,
|
||||
MBEDTLS_DHM_RFC5114_MODP_2048_G );
|
||||
ret = mbedtls_ssl_set_dh_param( &conf, MBEDTLS_DHM_RFC5114_MODP_2048_P,
|
||||
MBEDTLS_DHM_RFC5114_MODP_2048_G );
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
@ -1741,7 +1741,7 @@ int main( int argc, char *argv[] )
|
||||
|
||||
if( opt.min_version != DFL_MIN_VERSION )
|
||||
{
|
||||
ret = mbedtls_ssl_set_min_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
|
||||
ret = mbedtls_ssl_set_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! selected min_version is not available\n" );
|
||||
@ -1751,7 +1751,7 @@ int main( int argc, char *argv[] )
|
||||
|
||||
if( opt.max_version != DFL_MIN_VERSION )
|
||||
{
|
||||
ret = mbedtls_ssl_set_max_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
|
||||
ret = mbedtls_ssl_set_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
|
||||
if( ret != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! selected max_version is not available\n" );
|
||||
|
||||
@ -412,15 +412,15 @@ int main( int argc, char *argv[] )
|
||||
|
||||
if( verify )
|
||||
{
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_REQUIRED );
|
||||
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
|
||||
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
|
||||
mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
|
||||
mbedtls_ssl_set_verify( &conf, my_verify, NULL );
|
||||
}
|
||||
else
|
||||
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
|
||||
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
|
||||
|
||||
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
|
||||
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
|
||||
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
|
||||
|
||||
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
|
||||
|
||||
@ -46,7 +46,7 @@ void debug_print_msg_threshold( int threshold, int level, char *file, int line,
|
||||
|
||||
mbedtls_debug_set_log_mode( MBEDTLS_DEBUG_LOG_FULL );
|
||||
mbedtls_debug_set_threshold( threshold );
|
||||
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
|
||||
mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
|
||||
|
||||
mbedtls_debug_print_msg( &ssl, level, file, line,
|
||||
mbedtls_debug_fmt("Text message, 2 == %d", 2 ) );
|
||||
@ -75,7 +75,7 @@ void mbedtls_debug_print_ret( int mode, char *file, int line, char *text, int va
|
||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||
|
||||
mbedtls_debug_set_log_mode( mode );
|
||||
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
|
||||
mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
|
||||
|
||||
mbedtls_debug_print_ret( &ssl, 0, file, line, text, value);
|
||||
|
||||
@ -108,7 +108,7 @@ void mbedtls_debug_print_buf( int mode, char *file, int line, char *text,
|
||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||
|
||||
mbedtls_debug_set_log_mode( mode );
|
||||
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
|
||||
mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
|
||||
|
||||
mbedtls_debug_print_buf( &ssl, 0, file, line, text, data, data_len );
|
||||
|
||||
@ -138,7 +138,7 @@ void mbedtls_debug_print_crt( int mode, char *crt_file, char *file, int line,
|
||||
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
|
||||
|
||||
mbedtls_debug_set_log_mode( mode );
|
||||
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
|
||||
mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
|
||||
|
||||
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
|
||||
mbedtls_debug_print_crt( &ssl, 0, file, line, prefix, &crt);
|
||||
@ -172,7 +172,7 @@ void mbedtls_debug_print_mpi( int mode, int radix, char *value, char *file, int
|
||||
TEST_ASSERT( mbedtls_mpi_read_string( &val, radix, value ) == 0 );
|
||||
|
||||
mbedtls_debug_set_log_mode( mode );
|
||||
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
|
||||
mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
|
||||
|
||||
mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val);
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user