Add guards for MBEDTLS_X509_CRL_PARSE_C in sample

Add checks in `ssl_server2` that `MBEDTLS_X509_CRL_PARSE_C` is defined to fix compilation issue. Fixes #560.
2024-11-22 23:15:43 +01:00 · 2019-04-04 15:02:01 +03:00 · 2019-04-04 15:02:01 +03:00 · 9840c215f3
commit 9840c215f3
parent a5f5ad3cf4
2 changed files with 19 additions and 4 deletions
--- a/2
+++ b/2
@ -50,6 +50,8 @@ Bugfix
     extensions in CSRs and CRTs that caused these bitstrings to not be encoded
     correctly as trailing zeroes were not accounted for as unused bits in the
     leading content octet. Fixes #1610.
+   * Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl
+     sni entry parameter. Reported by inestlerode in #560.

 Changes
   * Include configuration file in all header files that use configuration,
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -229,8 +229,14 @@ int main( void )
 #endif /* MBEDTLS_SSL_CACHE_C */

 #if defined(SNI_OPTION)
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+#define SNI_CRL              ",crl"
+#else
+#define SNI_CRL              ""
+#endif
+
 #define USAGE_SNI                                                           \
-    "    sni=%%s              name1,cert1,key1,ca1,crl1,auth1[,...]\n"  \
+    "    sni=%%s              name1,cert1,key1,ca1"SNI_CRL",auth1[,...]\n"  \
    "                        default: disabled\n"
 #else
 #define USAGE_SNI ""
@ -565,10 +571,10 @@ void sni_free( sni_entry *head )

        mbedtls_x509_crt_free( cur->ca );
        mbedtls_free( cur->ca );
-
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
        mbedtls_x509_crl_free( cur->crl );
        mbedtls_free( cur->crl );
-
+#endif
        next = cur->next;
        mbedtls_free( cur );
        cur = next;
@ -587,7 +593,10 @@ sni_entry *sni_parse( char *sni_string )
    sni_entry *cur = NULL, *new = NULL;
    char *p = sni_string;
    char *end = p;
-    char *crt_file, *key_file, *ca_file, *crl_file, *auth_str;
+    char *crt_file, *key_file, *ca_file, *auth_str;
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+    char *crl_file;
+#endif

    while( *end != '\0' )
        ++end;
@ -605,7 +614,9 @@ sni_entry *sni_parse( char *sni_string )
        GET_ITEM( crt_file );
        GET_ITEM( key_file );
        GET_ITEM( ca_file );
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
        GET_ITEM( crl_file );
+#endif
        GET_ITEM( auth_str );

        if( ( new->cert = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) ) ) == NULL ||
@ -630,6 +641,7 @@ sni_entry *sni_parse( char *sni_string )
                goto error;
        }

+#if defined(MBEDTLS_X509_CRL_PARSE_C)
        if( strcmp( crl_file, "-" ) != 0 )
        {
            if( ( new->crl = mbedtls_calloc( 1, sizeof( mbedtls_x509_crl ) ) ) == NULL )
@ -640,6 +652,7 @@ sni_entry *sni_parse( char *sni_string )
            if( mbedtls_x509_crl_parse_file( new->crl, crl_file ) != 0 )
                goto error;
        }
+#endif

        if( strcmp( auth_str, "-" ) != 0 )
        {