diff --git a/include/polarssl/check_config.h b/include/polarssl/check_config.h index 328b881ea..9a64c1062 100644 --- a/include/polarssl/check_config.h +++ b/include/polarssl/check_config.h @@ -222,6 +222,12 @@ #error "POLARSSL_SSL_PROTO_TLS1_2 defined, but not all prerequisites" #endif +#if defined(POLARSSL_SSL_PROTO_DTLS) && ( \ + !defined(POLARSSL_SSL_PROTO_TLS1_1) && \ + !defined(POLARSSL_SSL_PROTO_TLS1_2) ) +#error "POLARSSL_SSL_PROTO_DTLS defined, but not all prerequisites" +#endif + #if defined(POLARSSL_SSL_CLI_C) && !defined(POLARSSL_SSL_TLS_C) #error "POLARSSL_SSL_CLI_C defined, but not all prerequisites" #endif diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 50b4e339e..05bcd8653 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -877,27 +877,42 @@ /** * \def POLARSSL_SSL_PROTO_TLS1_1 * - * Enable support for TLS 1.1. + * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). * * Requires: POLARSSL_MD5_C * POLARSSL_SHA1_C * - * Comment this macro to disable support for TLS 1.1 + * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 */ #define POLARSSL_SSL_PROTO_TLS1_1 /** * \def POLARSSL_SSL_PROTO_TLS1_2 * - * Enable support for TLS 1.2. + * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled). * * Requires: POLARSSL_SHA1_C or POLARSSL_SHA256_C or POLARSSL_SHA512_C * (Depends on ciphersuites) * - * Comment this macro to disable support for TLS 1.2 + * Comment this macro to disable support for TLS 1.2 / DTLS 1.2 */ #define POLARSSL_SSL_PROTO_TLS1_2 +/** + * \def POLARSSL_SSL_PROTO_DTLS + * + * Enable support for DTLS (all available versions). + * + * Enable this and POLARSSL_SSL_PROTO_TLS1_1 to enable DTLS 1.0, + * and/or this and POLARSSL_SSL_PROTO_TLS1_2 to enable DTLS 1.2. + * + * Requires: POLARSSL_SSL_PROTO_TLS1_1 + * or POLARSSL_SSL_PROTO_TLS1_2 + * + * Comment this macro to disable support for DTLS + */ +#define POLARSSL_SSL_PROTO_DTLS + /** * \def POLARSSL_SSL_ALPN * diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 194e94471..6543d5545 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -156,6 +156,9 @@ #define SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */ #define SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ +#define SSL_TRANSPORT_STREAM 0 /*!< TLS */ +#define SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ + /* Determine minimum supported version */ #define SSL_MIN_MAJOR_VERSION SSL_MAJOR_VERSION_3 @@ -686,6 +689,7 @@ struct _ssl_context * Miscellaneous */ int state; /*!< SSL handshake: current state */ + int transport; /*!< Transport: stream or datagram */ int renegotiation; /*!< Initial or renegotiation */ int renego_records_seen; /*!< Records since renego request */ @@ -947,6 +951,17 @@ int ssl_session_reset( ssl_context *ssl ); */ void ssl_set_endpoint( ssl_context *ssl, int endpoint ); +/** + * \brief Set the transport type (TLS or DTLS). + * Default: TLS + * + * \param ssl SSL context + * \param transport transport type: + * SSL_TRANSPORT_STREAM for TLS, + * SSL_TRANSPORT_DATAGRAM for DTLS. + */ +void ssl_set_transport( ssl_context *ssl, int transport ); + /** * \brief Set the certificate verification mode * diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5f080defe..0b8b0d075 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3597,6 +3597,11 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint ) #endif } +void ssl_set_transport( ssl_context *ssl, int transport ) +{ + ssl->transport = transport; +} + void ssl_set_authmode( ssl_context *ssl, int authmode ) { ssl->authmode = authmode;