mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 18:54:20 +01:00
X509: Remove MBEDTLS_SSL_PREVERIFY_CB
Add a callback typedef
This commit is contained in:
parent
cc0b242894
commit
50ef31218b
@ -600,11 +600,6 @@
|
||||
#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PREVERIFY_CB) && \
|
||||
!defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#error "MBEDTLS_SSL_PREVERIFY_CB defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_THREADING_PTHREAD)
|
||||
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
|
||||
#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
|
||||
|
@ -1436,15 +1436,6 @@
|
||||
*/
|
||||
//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_SSL_PREVERIFY_CB
|
||||
*
|
||||
* Enable support for a pre-verification callback for received certificates.
|
||||
*
|
||||
* Uncomment this to enable support for the preverification callback
|
||||
*/
|
||||
//#define MBEDTLS_SSL_PREVERIFY_CB
|
||||
|
||||
/**
|
||||
* \def MBEDTLS_THREADING_ALT
|
||||
*
|
||||
|
@ -535,6 +535,16 @@ typedef void mbedtls_ssl_set_timer_t( void * ctx,
|
||||
*/
|
||||
typedef int mbedtls_ssl_get_timer_t( void * ctx );
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/**
|
||||
* \brief Callback type: receive notification before X.509 chain
|
||||
* building
|
||||
*
|
||||
* \param ctx Context pointer
|
||||
* \param crt X.509 certificate pointer
|
||||
*/
|
||||
typedef void mbedtls_ssl_pre_verify_t( void *ctx, mbedtls_x509_crt *crt );
|
||||
#endif
|
||||
|
||||
/* Defined below */
|
||||
typedef struct mbedtls_ssl_session mbedtls_ssl_session;
|
||||
@ -624,17 +634,15 @@ struct mbedtls_ssl_config
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/** Callback to receive notification before X.509 chain building */
|
||||
mbedtls_ssl_pre_verify_t *f_pre_vrfy;
|
||||
void *p_pre_vrfy; /*!< context for pre-verify calllback */
|
||||
|
||||
/** Callback to customize X.509 certificate chain verification */
|
||||
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
|
||||
void *p_vrfy; /*!< context for X.509 verify calllback */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
|
||||
/** Callback to receive notification before X.509 chain building */
|
||||
void (*f_pre_vrfy)(void *, mbedtls_x509_crt *);
|
||||
void *p_pre_vrfy; /*!< context for pre-verify calllback */
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
/** Callback to retrieve PSK key from identity */
|
||||
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
|
||||
@ -1082,9 +1090,7 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
|
||||
void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
|
||||
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
|
||||
void *p_vrfy );
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
|
||||
/**
|
||||
* \brief Set the pre-verification callback (Optional).
|
||||
*
|
||||
@ -1096,10 +1102,10 @@ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
|
||||
* \param f_pre_vrfy pre-verification function
|
||||
* \param p_pre_vrfy pre-verification parameter
|
||||
*/
|
||||
void mbedtls_ssl_conf_pre_verify(mbedtls_ssl_config *conf,
|
||||
void(*f_pre_vrfy)(void *, mbedtls_x509_crt *),
|
||||
void *p_pre_vrfy);
|
||||
#endif /* MBEDTLS_SSL_PREVERIFY_CB */
|
||||
void mbedtls_ssl_conf_pre_verify( mbedtls_ssl_config *conf,
|
||||
mbedtls_ssl_pre_verify_t *f_pre_vrfy,
|
||||
void *p_pre_vrfy);
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
/**
|
||||
* \brief Set the random number generator callback
|
||||
|
@ -4625,16 +4625,15 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
||||
ca_crl = ssl->conf->ca_crl;
|
||||
}
|
||||
|
||||
/*
|
||||
* Main check: verify certificate
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
|
||||
if( ssl->conf->f_pre_vrfy != NULL )
|
||||
{
|
||||
ssl->conf->f_pre_vrfy( ssl->conf->p_pre_vrfy,
|
||||
ssl->session_negotiate->peer_cert );
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Main check: verify certificate
|
||||
*/
|
||||
ret = mbedtls_x509_crt_verify_with_profile(
|
||||
ssl->session_negotiate->peer_cert,
|
||||
ca_chain, ca_crl,
|
||||
@ -5884,17 +5883,15 @@ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
|
||||
conf->f_vrfy = f_vrfy;
|
||||
conf->p_vrfy = p_vrfy;
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
|
||||
void mbedtls_ssl_conf_pre_verify(mbedtls_ssl_config *conf,
|
||||
void(*f_pre_vrfy)(void *, mbedtls_x509_crt *),
|
||||
void *p_pre_vrfy)
|
||||
void mbedtls_ssl_conf_pre_verify( mbedtls_ssl_config *conf,
|
||||
mbedtls_ssl_pre_verify_t *f_pre_vrfy,
|
||||
void *p_pre_vrfy)
|
||||
{
|
||||
conf->f_pre_vrfy = f_pre_vrfy;
|
||||
conf->p_pre_vrfy = p_pre_vrfy;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_PREVERIFY_CB */
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
|
@ -471,9 +471,6 @@ static const char *features[] = {
|
||||
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT)
|
||||
"MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT",
|
||||
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT */
|
||||
#if defined(MBEDTLS_SSL_PREVERIFY_CB)
|
||||
"MBEDTLS_SSL_PREVERIFY_CB",
|
||||
#endif /* MBEDTLS_SSL_PREVERIFY_CB */
|
||||
#if defined(MBEDTLS_THREADING_ALT)
|
||||
"MBEDTLS_THREADING_ALT",
|
||||
#endif /* MBEDTLS_THREADING_ALT */
|
||||
|
@ -82,7 +82,7 @@ void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PREVERIFY_CB:MBEDTLS_FS_IO:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_CIPHER_MODE_CBC */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_AES_C:MBEDTLS_SHA256_C:MBEDTLS_CIPHER_MODE_CBC */
|
||||
void ssl_preverifycb( char *crt_file )
|
||||
{
|
||||
mbedtls_ssl_context ssl;
|
||||
|
Loading…
Reference in New Issue
Block a user