diff --git a/include/polarssl/certs.h b/include/polarssl/certs.h index 5fcd85da0..ba7c028af 100644 --- a/include/polarssl/certs.h +++ b/include/polarssl/certs.h @@ -34,7 +34,10 @@ extern "C" { /* Concatenation of all available CA certificates */ extern const char test_ca_list[]; -/* First set of certificates: RSA, or ECDSA if RSA is not available */ +/* + * Convenience for users who just want a certificate: + * RSA by default, or ECDSA if RSA i not available + */ extern const char *test_ca_crt; extern const char *test_ca_key; extern const char *test_ca_pwd; @@ -43,17 +46,6 @@ extern const char *test_srv_key; extern const char *test_cli_crt; extern const char *test_cli_key; -/* Second set of certificates: ECDSA is both are available */ -#if defined(POLARSSL_RSA_C) && defined(POLARSSL_RSA_C) -extern const char *test_ca_crt2; -extern const char *test_ca_key2; -extern const char *test_ca_pwd2; -extern const char *test_srv_crt2; -extern const char *test_srv_key2; -extern const char *test_cli_crt2; -extern const char *test_cli_key2; -#endif - #if defined(POLARSSL_ECDSA_C) extern const char test_ca_crt_ec[]; extern const char test_ca_key_ec[]; diff --git a/library/certs.c b/library/certs.c index 67172dde2..17775b889 100644 --- a/library/certs.c +++ b/library/certs.c @@ -302,14 +302,4 @@ const char *test_cli_crt = test_cli_crt_ec; const char *test_cli_key = test_cli_key_ec; #endif -#if defined(POLARSSL_RSA_C) && defined(POLARSSL_ECDSA_C) -const char *test_ca_crt2 = test_ca_crt_ec; -const char *test_ca_key2 = test_ca_key_ec; -const char *test_ca_pwd2 = test_ca_pwd_ec; -const char *test_srv_crt2 = test_srv_crt_ec; -const char *test_srv_key2 = test_srv_key_ec; -const char *test_cli_crt2 = test_cli_crt_ec; -const char *test_cli_key2 = test_cli_key_ec; -#endif - #endif /* POLARSSL_CERTS_C */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index ba651318f..2d81e755e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -224,7 +224,7 @@ int main( int argc, char *argv[] ) pk_context pkey; x509_crt srvcert2; pk_context pkey2; - int key_cert_provided = 0; + int key_cert_init = 0, key_cert_init2 = 0; #endif #if defined(POLARSSL_SSL_CACHE_C) ssl_cache_context cache; @@ -574,7 +574,7 @@ int main( int argc, char *argv[] ) #if defined(POLARSSL_FS_IO) if( strlen( opt.crt_file ) ) { - key_cert_provided = 1; + key_cert_init++; if( ( ret = x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 ) { printf( " failed\n ! x509_crt_parse_file returned -0x%x\n\n", @@ -584,16 +584,22 @@ int main( int argc, char *argv[] ) } if( strlen( opt.key_file ) ) { - key_cert_provided = 1; + key_cert_init++; if( ( ret = pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 ) { printf( " failed\n ! pk_parse_keyfile returned -0x%x\n\n", -ret ); goto exit; } } + if( key_cert_init == 1 ) + { + printf( " failed\n ! crt_file without key_file or vice-versa\n\n" ); + goto exit; + } + if( strlen( opt.crt_file2 ) ) { - key_cert_provided = 1; + key_cert_init2++; if( ( ret = x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 ) { printf( " failed\n ! x509_crt_parse_file(2) returned -0x%x\n\n", @@ -603,7 +609,7 @@ int main( int argc, char *argv[] ) } if( strlen( opt.key_file2 ) ) { - key_cert_provided = 1; + key_cert_init2++; if( ( ret = pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 ) { printf( " failed\n ! pk_parse_keyfile(2) returned -0x%x\n\n", @@ -611,42 +617,53 @@ int main( int argc, char *argv[] ) goto exit; } } + if( key_cert_init2 == 1 ) + { + printf( " failed\n ! crt_file2 without key_file2 or vice-versa\n\n" ); + goto exit; + } #endif - if( key_cert_provided == 0 ) + if( key_cert_init == 0 && key_cert_init2 == 0 ) { #if !defined(POLARSSL_CERTS_C) printf( "Not certificated or key provided, and \n" "POLARSSL_CERTS_C not defined!\n" ); goto exit; #else +#if defined(POLARSSL_RSA_C) if( ( ret = x509_crt_parse( &srvcert, - (const unsigned char *) test_srv_crt, - strlen( test_srv_crt ) ) ) != 0 ) + (const unsigned char *) test_srv_crt_rsa, + strlen( test_srv_crt_rsa ) ) ) != 0 ) { printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret ); goto exit; } - if( ( ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key, - strlen( test_srv_key ), NULL, 0 ) ) != 0 ) + if( ( ret = pk_parse_key( &pkey, + (const unsigned char *) test_srv_key_rsa, + strlen( test_srv_key_rsa ), NULL, 0 ) ) != 0 ) { printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret ); goto exit; } -#if defined(POLARSSL_RSA_C) && defined(POLARSSL_ECDSA_C) + key_cert_init = 2; +#endif /* POLARSSL_RSA_C */ +#if defined(POLARSSL_ECDSA_C) if( ( ret = x509_crt_parse( &srvcert2, - (const unsigned char *) test_srv_crt2, - strlen( test_srv_crt2 ) ) ) != 0 ) + (const unsigned char *) test_srv_crt_ec, + strlen( test_srv_crt_ec ) ) ) != 0 ) { printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret ); goto exit; } - if( ( ret = pk_parse_key( &pkey2, (const unsigned char *) test_srv_key2, - strlen( test_srv_key2 ), NULL, 0 ) ) != 0 ) + if( ( ret = pk_parse_key( &pkey2, + (const unsigned char *) test_srv_key_ec, + strlen( test_srv_key_ec ), NULL, 0 ) ) != 0 ) { printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret ); goto exit; } -#endif /* POLARSSL_RSA_C && POLARSSL_ECDSA_C */ + key_cert_init2 = 2; +#endif /* POLARSSL_ECDSA_C */ #endif /* POLARSSL_CERTS_C */ } @@ -706,10 +723,10 @@ int main( int argc, char *argv[] ) #if defined(POLARSSL_X509_CRT_PARSE_C) ssl_set_ca_chain( &ssl, &cacert, NULL, NULL ); - ssl_set_own_cert( &ssl, &srvcert, &pkey ); -#if defined(POLARSSL_RSA_C) && defined(POLARSSL_ECDSA_C) - ssl_set_own_cert( &ssl, &srvcert2, &pkey2 ); -#endif + if( key_cert_init ) + ssl_set_own_cert( &ssl, &srvcert, &pkey ); + if( key_cert_init2 ) + ssl_set_own_cert( &ssl, &srvcert2, &pkey2 ); #endif #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)