ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-11 01:11:42 +08:00
Code Issues Releases Wiki Activity

Add cert_cb use to programs/ssl/ssl_server2.c

Browse Source 
(for use by some tests/)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
This commit is contained in:
Glenn Strauss 2022-01-24 16:40:20 -05:00
parent 6989407261
commit 48a37f01b3
1 changed files with 40 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
programs/ssl/ssl_server2.c
View File

@ -823,11 +823,46 @@ int sni_callback( void *p_info, mbedtls_ssl_context *ssl,
{ {
const sni_entry *cur = (const sni_entry *) p_info; const sni_entry *cur = (const sni_entry *) p_info;
/* preserve behavior which checks for SNI match in sni_callback() for
* the benefits of tests using sni_callback(), even though the actual
* certificate assignment has moved to certificate selection callback
* in this application. This exercises sni_callback and cert_callback
* even though real applications might choose to do this differently.
* Application might choose to save name and name_len in user_data for
* later use in certificate selection callback.
*/
while( cur != NULL ) while( cur != NULL )
{ {
if( name_len == strlen( cur->name ) && if( name_len == strlen( cur->name ) &&
memcmp( name, cur->name, name_len ) == 0 ) memcmp( name, cur->name, name_len ) == 0 )
{ {
void *p;
*(const void **)&p = cur;
mbedtls_ssl_set_user_data_p( ssl, p );
return( 0 );
}
cur = cur->next;
}
return( -1 );
}
/*
* server certificate selection callback.
*/
int cert_callback( mbedtls_ssl_context *ssl )
{
const sni_entry *cur = (sni_entry *) mbedtls_ssl_get_user_data_p( ssl );
if( cur != NULL )
{
/*(exercise mbedtls_ssl_get_hs_sni(); not otherwise used here)*/
size_t name_len;
const unsigned char *name = mbedtls_ssl_get_hs_sni( ssl, &name_len );
if( strlen( cur->name ) != name_len ||
memcmp( cur->name, name, name_len ) != 0 )
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
if( cur->ca != NULL ) if( cur->ca != NULL )
mbedtls_ssl_set_hs_ca_chain( ssl, cur->ca, cur->crl ); mbedtls_ssl_set_hs_ca_chain( ssl, cur->ca, cur->crl );
@ -837,10 +872,7 @@ int sni_callback( void *p_info, mbedtls_ssl_context *ssl,
return( mbedtls_ssl_set_hs_own_cert( ssl, cur->cert, cur->key ) ); return( mbedtls_ssl_set_hs_own_cert( ssl, cur->cert, cur->key ) );
} }
cur = cur->next; return( 0 );
}
return( -1 );
} }
#endif /* SNI_OPTION */ #endif /* SNI_OPTION */
@ -2923,6 +2955,7 @@ int main( int argc, char *argv[] )
if( opt.sni != NULL ) if( opt.sni != NULL )
{ {
mbedtls_ssl_conf_sni( &conf, sni_callback, sni_info ); mbedtls_ssl_conf_sni( &conf, sni_callback, sni_info );
mbedtls_ssl_conf_cert_cb( &conf, cert_callback );
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( opt.async_private_delay2 >= 0 ) if( opt.async_private_delay2 >= 0 )
{ {