yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 17:55:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Simplify the way default certs are used

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2013-09-25 14:05:49 +02:00
parent cb99bdb27e
commit a0fdf8b0a0
3 changed files with 41 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
include/polarssl/certs.h
View File

@ -34,7 +34,10 @@ extern "C" {
/* Concatenation of all available CA certificates */ /* Concatenation of all available CA certificates */
extern const char test_ca_list[]; extern const char test_ca_list[];
/* First set of certificates: RSA, or ECDSA if RSA is not available */ /*
* Convenience for users who just want a certificate:
* RSA by default, or ECDSA if RSA i not available
*/
extern const char *test_ca_crt; extern const char *test_ca_crt;
extern const char *test_ca_key; extern const char *test_ca_key;
extern const char *test_ca_pwd; extern const char *test_ca_pwd;
@ -43,17 +46,6 @@ extern const char *test_srv_key;
extern const char *test_cli_crt; extern const char *test_cli_crt;
extern const char *test_cli_key; extern const char *test_cli_key;
/* Second set of certificates: ECDSA is both are available */
#if defined(POLARSSL_RSA_C) && defined(POLARSSL_RSA_C)
extern const char *test_ca_crt2;
extern const char *test_ca_key2;
extern const char *test_ca_pwd2;
extern const char *test_srv_crt2;
extern const char *test_srv_key2;
extern const char *test_cli_crt2;
extern const char *test_cli_key2;
#endif
#if defined(POLARSSL_ECDSA_C) #if defined(POLARSSL_ECDSA_C)
extern const char test_ca_crt_ec[]; extern const char test_ca_crt_ec[];
extern const char test_ca_key_ec[]; extern const char test_ca_key_ec[];

10
library/certs.c
View File

@ -302,14 +302,4 @@ const char *test_cli_crt = test_cli_crt_ec;
const char *test_cli_key = test_cli_key_ec; const char *test_cli_key = test_cli_key_ec;
#endif #endif
#if defined(POLARSSL_RSA_C) && defined(POLARSSL_ECDSA_C)
const char *test_ca_crt2 = test_ca_crt_ec;
const char *test_ca_key2 = test_ca_key_ec;
const char *test_ca_pwd2 = test_ca_pwd_ec;
const char *test_srv_crt2 = test_srv_crt_ec;
const char *test_srv_key2 = test_srv_key_ec;
const char *test_cli_crt2 = test_cli_crt_ec;
const char *test_cli_key2 = test_cli_key_ec;
#endif
#endif /* POLARSSL_CERTS_C */ #endif /* POLARSSL_CERTS_C */

57
programs/ssl/ssl_server2.c
View File

@ -224,7 +224,7 @@ int main( int argc, char *argv[] )
pk_context pkey; pk_context pkey;
x509_crt srvcert2; x509_crt srvcert2;
pk_context pkey2; pk_context pkey2;
int key_cert_provided = 0; int key_cert_init = 0, key_cert_init2 = 0;
#endif #endif
#if defined(POLARSSL_SSL_CACHE_C) #if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_context cache; ssl_cache_context cache;
@ -574,7 +574,7 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_FS_IO) #if defined(POLARSSL_FS_IO)
if( strlen( opt.crt_file ) ) if( strlen( opt.crt_file ) )
{ {
key_cert_provided = 1; key_cert_init++;
if( ( ret = x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 ) if( ( ret = x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 )
{ {
printf( " failed\n ! x509_crt_parse_file returned -0x%x\n\n", printf( " failed\n ! x509_crt_parse_file returned -0x%x\n\n",
@ -584,16 +584,22 @@ int main( int argc, char *argv[] )
} }
if( strlen( opt.key_file ) ) if( strlen( opt.key_file ) )
{ {
key_cert_provided = 1; key_cert_init++;
if( ( ret = pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 ) if( ( ret = pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 )
{ {
printf( " failed\n ! pk_parse_keyfile returned -0x%x\n\n", -ret ); printf( " failed\n ! pk_parse_keyfile returned -0x%x\n\n", -ret );
goto exit; goto exit;
} }
} }
if( key_cert_init == 1 )
{
printf( " failed\n ! crt_file without key_file or vice-versa\n\n" );
goto exit;
}
if( strlen( opt.crt_file2 ) ) if( strlen( opt.crt_file2 ) )
{ {
key_cert_provided = 1; key_cert_init2++;
if( ( ret = x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 ) if( ( ret = x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 )
{ {
printf( " failed\n ! x509_crt_parse_file(2) returned -0x%x\n\n", printf( " failed\n ! x509_crt_parse_file(2) returned -0x%x\n\n",
@ -603,7 +609,7 @@ int main( int argc, char *argv[] )
} }
if( strlen( opt.key_file2 ) ) if( strlen( opt.key_file2 ) )
{ {
key_cert_provided = 1; key_cert_init2++;
if( ( ret = pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 ) if( ( ret = pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
{ {
printf( " failed\n ! pk_parse_keyfile(2) returned -0x%x\n\n", printf( " failed\n ! pk_parse_keyfile(2) returned -0x%x\n\n",
@ -611,42 +617,53 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
} }
if( key_cert_init2 == 1 )
{
printf( " failed\n ! crt_file2 without key_file2 or vice-versa\n\n" );
goto exit;
}
#endif #endif
if( key_cert_provided == 0 ) if( key_cert_init == 0 && key_cert_init2 == 0 )
{ {
#if !defined(POLARSSL_CERTS_C) #if !defined(POLARSSL_CERTS_C)
printf( "Not certificated or key provided, and \n" printf( "Not certificated or key provided, and \n"
"POLARSSL_CERTS_C not defined!\n" ); "POLARSSL_CERTS_C not defined!\n" );
goto exit; goto exit;
#else #else
#if defined(POLARSSL_RSA_C)
if( ( ret = x509_crt_parse( &srvcert, if( ( ret = x509_crt_parse( &srvcert,
(const unsigned char *) test_srv_crt, (const unsigned char *) test_srv_crt_rsa,
strlen( test_srv_crt ) ) ) != 0 ) strlen( test_srv_crt_rsa ) ) ) != 0 )
{ {
printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret ); printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit; goto exit;
} }
if( ( ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key, if( ( ret = pk_parse_key( &pkey,
strlen( test_srv_key ), NULL, 0 ) ) != 0 ) (const unsigned char *) test_srv_key_rsa,
strlen( test_srv_key_rsa ), NULL, 0 ) ) != 0 )
{ {
printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret ); printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
goto exit; goto exit;
} }
#if defined(POLARSSL_RSA_C) && defined(POLARSSL_ECDSA_C) key_cert_init = 2;
#endif /* POLARSSL_RSA_C */
#if defined(POLARSSL_ECDSA_C)
if( ( ret = x509_crt_parse( &srvcert2, if( ( ret = x509_crt_parse( &srvcert2,
(const unsigned char *) test_srv_crt2, (const unsigned char *) test_srv_crt_ec,
strlen( test_srv_crt2 ) ) ) != 0 ) strlen( test_srv_crt_ec ) ) ) != 0 )
{ {
printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret ); printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret );
goto exit; goto exit;
} }
if( ( ret = pk_parse_key( &pkey2, (const unsigned char *) test_srv_key2, if( ( ret = pk_parse_key( &pkey2,
strlen( test_srv_key2 ), NULL, 0 ) ) != 0 ) (const unsigned char *) test_srv_key_ec,
strlen( test_srv_key_ec ), NULL, 0 ) ) != 0 )
{ {
printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret ); printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret );
goto exit; goto exit;
} }
#endif /* POLARSSL_RSA_C && POLARSSL_ECDSA_C */ key_cert_init2 = 2;
#endif /* POLARSSL_ECDSA_C */
#endif /* POLARSSL_CERTS_C */ #endif /* POLARSSL_CERTS_C */
} }
@ -706,10 +723,10 @@ int main( int argc, char *argv[] )
#if defined(POLARSSL_X509_CRT_PARSE_C) #if defined(POLARSSL_X509_CRT_PARSE_C)
ssl_set_ca_chain( &ssl, &cacert, NULL, NULL ); ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
ssl_set_own_cert( &ssl, &srvcert, &pkey ); if( key_cert_init )
#if defined(POLARSSL_RSA_C) && defined(POLARSSL_ECDSA_C) ssl_set_own_cert( &ssl, &srvcert, &pkey );
ssl_set_own_cert( &ssl, &srvcert2, &pkey2 ); if( key_cert_init2 )
#endif ssl_set_own_cert( &ssl, &srvcert2, &pkey2 );
#endif #endif
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED) #if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)