mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 11:55:41 +01:00
Simplify the way default certs are used
This commit is contained in:
parent
cb99bdb27e
commit
a0fdf8b0a0
@ -34,7 +34,10 @@ extern "C" {
|
|||||||
/* Concatenation of all available CA certificates */
|
/* Concatenation of all available CA certificates */
|
||||||
extern const char test_ca_list[];
|
extern const char test_ca_list[];
|
||||||
|
|
||||||
/* First set of certificates: RSA, or ECDSA if RSA is not available */
|
/*
|
||||||
|
* Convenience for users who just want a certificate:
|
||||||
|
* RSA by default, or ECDSA if RSA i not available
|
||||||
|
*/
|
||||||
extern const char *test_ca_crt;
|
extern const char *test_ca_crt;
|
||||||
extern const char *test_ca_key;
|
extern const char *test_ca_key;
|
||||||
extern const char *test_ca_pwd;
|
extern const char *test_ca_pwd;
|
||||||
@ -43,17 +46,6 @@ extern const char *test_srv_key;
|
|||||||
extern const char *test_cli_crt;
|
extern const char *test_cli_crt;
|
||||||
extern const char *test_cli_key;
|
extern const char *test_cli_key;
|
||||||
|
|
||||||
/* Second set of certificates: ECDSA is both are available */
|
|
||||||
#if defined(POLARSSL_RSA_C) && defined(POLARSSL_RSA_C)
|
|
||||||
extern const char *test_ca_crt2;
|
|
||||||
extern const char *test_ca_key2;
|
|
||||||
extern const char *test_ca_pwd2;
|
|
||||||
extern const char *test_srv_crt2;
|
|
||||||
extern const char *test_srv_key2;
|
|
||||||
extern const char *test_cli_crt2;
|
|
||||||
extern const char *test_cli_key2;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(POLARSSL_ECDSA_C)
|
#if defined(POLARSSL_ECDSA_C)
|
||||||
extern const char test_ca_crt_ec[];
|
extern const char test_ca_crt_ec[];
|
||||||
extern const char test_ca_key_ec[];
|
extern const char test_ca_key_ec[];
|
||||||
|
@ -302,14 +302,4 @@ const char *test_cli_crt = test_cli_crt_ec;
|
|||||||
const char *test_cli_key = test_cli_key_ec;
|
const char *test_cli_key = test_cli_key_ec;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_RSA_C) && defined(POLARSSL_ECDSA_C)
|
|
||||||
const char *test_ca_crt2 = test_ca_crt_ec;
|
|
||||||
const char *test_ca_key2 = test_ca_key_ec;
|
|
||||||
const char *test_ca_pwd2 = test_ca_pwd_ec;
|
|
||||||
const char *test_srv_crt2 = test_srv_crt_ec;
|
|
||||||
const char *test_srv_key2 = test_srv_key_ec;
|
|
||||||
const char *test_cli_crt2 = test_cli_crt_ec;
|
|
||||||
const char *test_cli_key2 = test_cli_key_ec;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif /* POLARSSL_CERTS_C */
|
#endif /* POLARSSL_CERTS_C */
|
||||||
|
@ -224,7 +224,7 @@ int main( int argc, char *argv[] )
|
|||||||
pk_context pkey;
|
pk_context pkey;
|
||||||
x509_crt srvcert2;
|
x509_crt srvcert2;
|
||||||
pk_context pkey2;
|
pk_context pkey2;
|
||||||
int key_cert_provided = 0;
|
int key_cert_init = 0, key_cert_init2 = 0;
|
||||||
#endif
|
#endif
|
||||||
#if defined(POLARSSL_SSL_CACHE_C)
|
#if defined(POLARSSL_SSL_CACHE_C)
|
||||||
ssl_cache_context cache;
|
ssl_cache_context cache;
|
||||||
@ -574,7 +574,7 @@ int main( int argc, char *argv[] )
|
|||||||
#if defined(POLARSSL_FS_IO)
|
#if defined(POLARSSL_FS_IO)
|
||||||
if( strlen( opt.crt_file ) )
|
if( strlen( opt.crt_file ) )
|
||||||
{
|
{
|
||||||
key_cert_provided = 1;
|
key_cert_init++;
|
||||||
if( ( ret = x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 )
|
if( ( ret = x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 )
|
||||||
{
|
{
|
||||||
printf( " failed\n ! x509_crt_parse_file returned -0x%x\n\n",
|
printf( " failed\n ! x509_crt_parse_file returned -0x%x\n\n",
|
||||||
@ -584,16 +584,22 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
if( strlen( opt.key_file ) )
|
if( strlen( opt.key_file ) )
|
||||||
{
|
{
|
||||||
key_cert_provided = 1;
|
key_cert_init++;
|
||||||
if( ( ret = pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 )
|
if( ( ret = pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 )
|
||||||
{
|
{
|
||||||
printf( " failed\n ! pk_parse_keyfile returned -0x%x\n\n", -ret );
|
printf( " failed\n ! pk_parse_keyfile returned -0x%x\n\n", -ret );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if( key_cert_init == 1 )
|
||||||
|
{
|
||||||
|
printf( " failed\n ! crt_file without key_file or vice-versa\n\n" );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
if( strlen( opt.crt_file2 ) )
|
if( strlen( opt.crt_file2 ) )
|
||||||
{
|
{
|
||||||
key_cert_provided = 1;
|
key_cert_init2++;
|
||||||
if( ( ret = x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 )
|
if( ( ret = x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 )
|
||||||
{
|
{
|
||||||
printf( " failed\n ! x509_crt_parse_file(2) returned -0x%x\n\n",
|
printf( " failed\n ! x509_crt_parse_file(2) returned -0x%x\n\n",
|
||||||
@ -603,7 +609,7 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
if( strlen( opt.key_file2 ) )
|
if( strlen( opt.key_file2 ) )
|
||||||
{
|
{
|
||||||
key_cert_provided = 1;
|
key_cert_init2++;
|
||||||
if( ( ret = pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
|
if( ( ret = pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
|
||||||
{
|
{
|
||||||
printf( " failed\n ! pk_parse_keyfile(2) returned -0x%x\n\n",
|
printf( " failed\n ! pk_parse_keyfile(2) returned -0x%x\n\n",
|
||||||
@ -611,42 +617,53 @@ int main( int argc, char *argv[] )
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if( key_cert_init2 == 1 )
|
||||||
|
{
|
||||||
|
printf( " failed\n ! crt_file2 without key_file2 or vice-versa\n\n" );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
if( key_cert_provided == 0 )
|
if( key_cert_init == 0 && key_cert_init2 == 0 )
|
||||||
{
|
{
|
||||||
#if !defined(POLARSSL_CERTS_C)
|
#if !defined(POLARSSL_CERTS_C)
|
||||||
printf( "Not certificated or key provided, and \n"
|
printf( "Not certificated or key provided, and \n"
|
||||||
"POLARSSL_CERTS_C not defined!\n" );
|
"POLARSSL_CERTS_C not defined!\n" );
|
||||||
goto exit;
|
goto exit;
|
||||||
#else
|
#else
|
||||||
|
#if defined(POLARSSL_RSA_C)
|
||||||
if( ( ret = x509_crt_parse( &srvcert,
|
if( ( ret = x509_crt_parse( &srvcert,
|
||||||
(const unsigned char *) test_srv_crt,
|
(const unsigned char *) test_srv_crt_rsa,
|
||||||
strlen( test_srv_crt ) ) ) != 0 )
|
strlen( test_srv_crt_rsa ) ) ) != 0 )
|
||||||
{
|
{
|
||||||
printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
|
printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
if( ( ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
|
if( ( ret = pk_parse_key( &pkey,
|
||||||
strlen( test_srv_key ), NULL, 0 ) ) != 0 )
|
(const unsigned char *) test_srv_key_rsa,
|
||||||
|
strlen( test_srv_key_rsa ), NULL, 0 ) ) != 0 )
|
||||||
{
|
{
|
||||||
printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
|
printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
#if defined(POLARSSL_RSA_C) && defined(POLARSSL_ECDSA_C)
|
key_cert_init = 2;
|
||||||
|
#endif /* POLARSSL_RSA_C */
|
||||||
|
#if defined(POLARSSL_ECDSA_C)
|
||||||
if( ( ret = x509_crt_parse( &srvcert2,
|
if( ( ret = x509_crt_parse( &srvcert2,
|
||||||
(const unsigned char *) test_srv_crt2,
|
(const unsigned char *) test_srv_crt_ec,
|
||||||
strlen( test_srv_crt2 ) ) ) != 0 )
|
strlen( test_srv_crt_ec ) ) ) != 0 )
|
||||||
{
|
{
|
||||||
printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret );
|
printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
if( ( ret = pk_parse_key( &pkey2, (const unsigned char *) test_srv_key2,
|
if( ( ret = pk_parse_key( &pkey2,
|
||||||
strlen( test_srv_key2 ), NULL, 0 ) ) != 0 )
|
(const unsigned char *) test_srv_key_ec,
|
||||||
|
strlen( test_srv_key_ec ), NULL, 0 ) ) != 0 )
|
||||||
{
|
{
|
||||||
printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret );
|
printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
#endif /* POLARSSL_RSA_C && POLARSSL_ECDSA_C */
|
key_cert_init2 = 2;
|
||||||
|
#endif /* POLARSSL_ECDSA_C */
|
||||||
#endif /* POLARSSL_CERTS_C */
|
#endif /* POLARSSL_CERTS_C */
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -706,10 +723,10 @@ int main( int argc, char *argv[] )
|
|||||||
|
|
||||||
#if defined(POLARSSL_X509_CRT_PARSE_C)
|
#if defined(POLARSSL_X509_CRT_PARSE_C)
|
||||||
ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
|
ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
|
||||||
ssl_set_own_cert( &ssl, &srvcert, &pkey );
|
if( key_cert_init )
|
||||||
#if defined(POLARSSL_RSA_C) && defined(POLARSSL_ECDSA_C)
|
ssl_set_own_cert( &ssl, &srvcert, &pkey );
|
||||||
ssl_set_own_cert( &ssl, &srvcert2, &pkey2 );
|
if( key_cert_init2 )
|
||||||
#endif
|
ssl_set_own_cert( &ssl, &srvcert2, &pkey2 );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
|
||||||
|
Loading…
Reference in New Issue
Block a user