Move easy ssl_set_xxx() functions to work on conf

mbedtls_ssl_set_alpn_protocols
mbedtls_ssl_set_arc4_support
mbedtls_ssl_set_authmode
mbedtls_ssl_set_ciphersuites
mbedtls_ssl_set_ciphersuites_for_version
mbedtls_ssl_set_curves
mbedtls_ssl_set_dbg
mbedtls_ssl_set_dh_param
mbedtls_ssl_set_dh_param_ctx
mbedtls_ssl_set_dtls_anti_replay
mbedtls_ssl_set_dtls_badmac_limit
mbedtls_ssl_set_dtls_cookies
mbedtls_ssl_set_encrypt_then_mac
mbedtls_ssl_set_endpoint
mbedtls_ssl_set_extended_master_secret
mbedtls_ssl_set_handshake_timeout
mbedtls_ssl_legacy_renegotiation
mbedtls_ssl_set_max_version
mbedtls_ssl_set_min_version
mbedtls_ssl_set_psk_cb
mbedtls_ssl_set_renegotiation
mbedtls_ssl_set_renegotiation_enforced
mbedtls_ssl_set_renegotiation_period
mbedtls_ssl_set_session_cache
mbedtls_ssl_set_session_ticket_lifetime
mbedtls_ssl_set_sni
mbedtls_ssl_set_transport
mbedtls_ssl_set_truncated_hmac
mbedtls_ssl_set_verify
This commit is contained in:
Manuel Pégourié-Gonnard 2015-05-05 10:45:39 +02:00
parent 419d5ae419
commit d36e33fc07
15 changed files with 223 additions and 233 deletions

View File

@ -1187,19 +1187,19 @@ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
/** /**
* \brief Set the current endpoint type * \brief Set the current endpoint type
* *
* \param ssl SSL context * \param conf SSL configuration
* \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
* *
* \note This function should be called right after mbedtls_ssl_init() since * \note This function should be called right after mbedtls_ssl_init() since
* some other ssl_set_foo() functions depend on it. * some other ssl_set_foo() functions depend on it.
*/ */
void mbedtls_ssl_set_endpoint( mbedtls_ssl_context *ssl, int endpoint ); void mbedtls_ssl_set_endpoint( mbedtls_ssl_config *conf, int endpoint );
/** /**
* \brief Set the transport type (TLS or DTLS). * \brief Set the transport type (TLS or DTLS).
* Default: TLS * Default: TLS
* *
* \param ssl SSL context * \param conf SSL configuration
* \param transport transport type: * \param transport transport type:
* MBEDTLS_SSL_TRANSPORT_STREAM for TLS, * MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
* MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS. * MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
@ -1212,12 +1212,13 @@ void mbedtls_ssl_set_endpoint( mbedtls_ssl_context *ssl, int endpoint );
* doesn't block, or one that handles timeouts, see * doesn't block, or one that handles timeouts, see
* mbedtls_ssl_set_bio_timeout() * mbedtls_ssl_set_bio_timeout()
*/ */
int mbedtls_ssl_set_transport( mbedtls_ssl_context *ssl, int transport ); int mbedtls_ssl_set_transport( mbedtls_ssl_config *conf, int transport );
/** /**
* \brief Set the certificate verification mode * \brief Set the certificate verification mode
* Default: NONE on server, REQUIRED on client
* *
* \param ssl SSL context * \param conf SSL configuration
* \param authmode can be: * \param authmode can be:
* *
* MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked * MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked
@ -1238,7 +1239,7 @@ int mbedtls_ssl_set_transport( mbedtls_ssl_context *ssl, int transport );
* the verification as soon as possible. For example, REQUIRED was protecting * the verification as soon as possible. For example, REQUIRED was protecting
* against the "triple handshake" attack even before it was found. * against the "triple handshake" attack even before it was found.
*/ */
void mbedtls_ssl_set_authmode( mbedtls_ssl_context *ssl, int authmode ); void mbedtls_ssl_set_authmode( mbedtls_ssl_config *conf, int authmode );
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
/** /**
@ -1248,11 +1249,11 @@ void mbedtls_ssl_set_authmode( mbedtls_ssl_context *ssl, int authmode );
* certificate in the chain. For implementation * certificate in the chain. For implementation
* information, please see \c x509parse_verify() * information, please see \c x509parse_verify()
* *
* \param ssl SSL context * \param conf SSL configuration
* \param f_vrfy verification function * \param f_vrfy verification function
* \param p_vrfy verification parameter * \param p_vrfy verification parameter
*/ */
void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_verify( mbedtls_ssl_config *conf,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, int *), int (*f_vrfy)(void *, mbedtls_x509_crt *, int, int *),
void *p_vrfy ); void *p_vrfy );
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
@ -1271,11 +1272,11 @@ void mbedtls_ssl_set_rng( mbedtls_ssl_context *ssl,
/** /**
* \brief Set the debug callback * \brief Set the debug callback
* *
* \param ssl SSL context * \param conf SSL configuration
* \param f_dbg debug function * \param f_dbg debug function
* \param p_dbg debug parameter * \param p_dbg debug parameter
*/ */
void mbedtls_ssl_set_dbg( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_dbg( mbedtls_ssl_config *conf,
void (*f_dbg)(void *, int, const char *), void (*f_dbg)(void *, int, const char *),
void *p_dbg ); void *p_dbg );
@ -1404,12 +1405,12 @@ typedef int mbedtls_ssl_cookie_check_t( void *ctx,
* Only disable if you known this can't happen in your * Only disable if you known this can't happen in your
* particular environment. * particular environment.
* *
* \param ssl SSL context * \param conf SSL configuration
* \param f_cookie_write Cookie write callback * \param f_cookie_write Cookie write callback
* \param f_cookie_check Cookie check callback * \param f_cookie_check Cookie check callback
* \param p_cookie Context for both callbacks * \param p_cookie Context for both callbacks
*/ */
void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_config *conf,
mbedtls_ssl_cookie_write_t *f_cookie_write, mbedtls_ssl_cookie_write_t *f_cookie_write,
mbedtls_ssl_cookie_check_t *f_cookie_check, mbedtls_ssl_cookie_check_t *f_cookie_check,
void *p_cookie ); void *p_cookie );
@ -1421,7 +1422,7 @@ void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl,
* (DTLS only, no effect on TLS.) * (DTLS only, no effect on TLS.)
* Default: enabled. * Default: enabled.
* *
* \param ssl SSL context * \param conf SSL configuration
* \param mode MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED. * \param mode MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED.
* *
* \warning Disabling this is a security risk unless the application * \warning Disabling this is a security risk unless the application
@ -1431,7 +1432,7 @@ void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl,
* packets and needs information about them to adjust its * packets and needs information about them to adjust its
* transmission strategy, then you'll want to disable this. * transmission strategy, then you'll want to disable this.
*/ */
void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode ); void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
@ -1441,7 +1442,7 @@ void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode );
* (DTLS only, no effect on TLS.) * (DTLS only, no effect on TLS.)
* Default: 0 (disabled). * Default: 0 (disabled).
* *
* \param ssl SSL context * \param conf SSL configuration
* \param limit Limit, or 0 to disable. * \param limit Limit, or 0 to disable.
* *
* \note If the limit is N, then the connection is terminated when * \note If the limit is N, then the connection is terminated when
@ -1458,7 +1459,7 @@ void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode );
* might make us waste resources checking authentication on * might make us waste resources checking authentication on
* many bogus packets. * many bogus packets.
*/ */
void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit ); void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -1466,7 +1467,7 @@ void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit
* \brief Set retransmit timeout values for the DTLS handshale. * \brief Set retransmit timeout values for the DTLS handshale.
* (DTLS only, no effect on TLS.) * (DTLS only, no effect on TLS.)
* *
* \param ssl SSL context * \param conf SSL configuration
* \param min Initial timeout value in milliseconds. * \param min Initial timeout value in milliseconds.
* Default: 1000 (1 second). * Default: 1000 (1 second).
* \param max Maximum timeout value in milliseconds. * \param max Maximum timeout value in milliseconds.
@ -1478,7 +1479,7 @@ void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit
* handshake latency. Lower values may increase the risk of * handshake latency. Lower values may increase the risk of
* network congestion by causing more retransmissions. * network congestion by causing more retransmissions.
*/ */
void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_context *ssl, uint32_t min, uint32_t max ); void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
/** /**
@ -1513,13 +1514,13 @@ void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_context *ssl, uint32_t min,
* an entry is still valid in the future. Return 0 if * an entry is still valid in the future. Return 0 if
* successfully cached, return 1 otherwise. * successfully cached, return 1 otherwise.
* *
* \param ssl SSL context * \param conf SSL configuration
* \param f_get_cache session get callback * \param f_get_cache session get callback
* \param p_get_cache session get parameter * \param p_get_cache session get parameter
* \param f_set_cache session set callback * \param f_set_cache session set callback
* \param p_set_cache session set parameter * \param p_set_cache session set parameter
*/ */
void mbedtls_ssl_set_session_cache( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_session_cache( mbedtls_ssl_config *conf,
int (*f_get_cache)(void *, mbedtls_ssl_session *), void *p_get_cache, int (*f_get_cache)(void *, mbedtls_ssl_session *), void *p_get_cache,
int (*f_set_cache)(void *, const mbedtls_ssl_session *), void *p_set_cache ); int (*f_set_cache)(void *, const mbedtls_ssl_session *), void *p_set_cache );
#endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_SRV_C */
@ -1551,17 +1552,18 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
* over the preference of the client unless * over the preference of the client unless
* MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined! * MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
* *
* \param ssl SSL context * \param conf SSL configuration
* \param ciphersuites 0-terminated list of allowed ciphersuites * \param ciphersuites 0-terminated list of allowed ciphersuites
*/ */
void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_context *ssl, const int *ciphersuites ); void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_config *conf,
const int *ciphersuites );
/** /**
* \brief Set the list of allowed ciphersuites and the * \brief Set the list of allowed ciphersuites and the
* preference order for a specific version of the protocol. * preference order for a specific version of the protocol.
* (Only useful on the server side) * (Only useful on the server side)
* *
* \param ssl SSL context * \param conf SSL configuration
* \param ciphersuites 0-terminated list of allowed ciphersuites * \param ciphersuites 0-terminated list of allowed ciphersuites
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3
* supported) * supported)
@ -1572,7 +1574,7 @@ void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_context *ssl, const int *ciphersu
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
* and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 * and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
*/ */
void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_config *conf,
const int *ciphersuites, const int *ciphersuites,
int major, int minor ); int major, int minor );
@ -1642,11 +1644,11 @@ int mbedtls_ssl_set_psk( mbedtls_ssl_context *ssl, const unsigned char *psk, siz
* identity and return 0. * identity and return 0.
* Any other return value will result in a denied PSK identity. * Any other return value will result in a denied PSK identity.
* *
* \param ssl SSL context * \param conf SSL configuration
* \param f_psk PSK identity function * \param f_psk PSK identity function
* \param p_psk PSK identity parameter * \param p_psk PSK identity parameter
*/ */
void mbedtls_ssl_set_psk_cb( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_psk_cb( mbedtls_ssl_config *conf,
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
size_t), size_t),
void *p_psk ); void *p_psk );
@ -1658,24 +1660,24 @@ void mbedtls_ssl_set_psk_cb( mbedtls_ssl_context *ssl,
* read as hexadecimal strings (server-side only) * read as hexadecimal strings (server-side only)
* (Default: MBEDTLS_DHM_RFC5114_MODP_1024_[PG]) * (Default: MBEDTLS_DHM_RFC5114_MODP_1024_[PG])
* *
* \param ssl SSL context * \param conf SSL configuration
* \param dhm_P Diffie-Hellman-Merkle modulus * \param dhm_P Diffie-Hellman-Merkle modulus
* \param dhm_G Diffie-Hellman-Merkle generator * \param dhm_G Diffie-Hellman-Merkle generator
* *
* \return 0 if successful * \return 0 if successful
*/ */
int mbedtls_ssl_set_dh_param( mbedtls_ssl_context *ssl, const char *dhm_P, const char *dhm_G ); int mbedtls_ssl_set_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G );
/** /**
* \brief Set the Diffie-Hellman public P and G values, * \brief Set the Diffie-Hellman public P and G values,
* read from existing context (server-side only) * read from existing context (server-side only)
* *
* \param ssl SSL context * \param conf SSL configuration
* \param dhm_ctx Diffie-Hellman-Merkle context * \param dhm_ctx Diffie-Hellman-Merkle context
* *
* \return 0 if successful * \return 0 if successful
*/ */
int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context *dhm_ctx ); int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
#endif /* MBEDTLS_DHM_C */ #endif /* MBEDTLS_DHM_C */
#if defined(MBEDTLS_SSL_SET_CURVES) #if defined(MBEDTLS_SSL_SET_CURVES)
@ -1693,11 +1695,11 @@ int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context
* Both sides: limits the set of curves used by peer to the * Both sides: limits the set of curves used by peer to the
* listed curves for any use (ECDH(E), certificates). * listed curves for any use (ECDH(E), certificates).
* *
* \param ssl SSL context * \param conf SSL configuration
* \param curves Ordered list of allowed curves, * \param curves Ordered list of allowed curves,
* terminated by MBEDTLS_ECP_DP_NONE. * terminated by MBEDTLS_ECP_DP_NONE.
*/ */
void mbedtls_ssl_set_curves( mbedtls_ssl_context *ssl, const mbedtls_ecp_group_id *curves ); void mbedtls_ssl_set_curves( mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves );
#endif /* MBEDTLS_SSL_SET_CURVES */ #endif /* MBEDTLS_SSL_SET_CURVES */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@ -1728,11 +1730,11 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
* callback should return -1 to abort the handshake at this * callback should return -1 to abort the handshake at this
* point. * point.
* *
* \param ssl SSL context * \param conf SSL configuration
* \param f_sni verification function * \param f_sni verification function
* \param p_sni verification parameter * \param p_sni verification parameter
*/ */
void mbedtls_ssl_set_sni( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_sni( mbedtls_ssl_config *conf,
int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
size_t), size_t),
void *p_sni ); void *p_sni );
@ -1742,13 +1744,13 @@ void mbedtls_ssl_set_sni( mbedtls_ssl_context *ssl,
/** /**
* \brief Set the supported Application Layer Protocols. * \brief Set the supported Application Layer Protocols.
* *
* \param ssl SSL context * \param conf SSL configuration
* \param protos NULL-terminated list of supported protocols, * \param protos NULL-terminated list of supported protocols,
* in decreasing preference order. * in decreasing preference order.
* *
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
*/ */
int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_context *ssl, const char **protos ); int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
/** /**
* \brief Get the name of the negotiated Application Layer Protocol. * \brief Get the name of the negotiated Application Layer Protocol.
@ -1769,7 +1771,7 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
* *
* Note: This ignores ciphersuites from 'higher' versions. * Note: This ignores ciphersuites from 'higher' versions.
* *
* \param ssl SSL context * \param conf SSL configuration
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
* \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
@ -1779,7 +1781,7 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 * MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
*/ */
int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor ); int mbedtls_ssl_set_max_version( mbedtls_ssl_config *conf, int major, int minor );
/** /**
* \brief Set the minimum accepted SSL/TLS protocol version * \brief Set the minimum accepted SSL/TLS protocol version
@ -1790,7 +1792,7 @@ int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor
* *
* \note MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided. * \note MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided.
* *
* \param ssl SSL context * \param conf SSL configuration
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
* \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0, * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, * MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
@ -1800,7 +1802,7 @@ int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 * MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
*/ */
int mbedtls_ssl_set_min_version( mbedtls_ssl_context *ssl, int major, int minor ); int mbedtls_ssl_set_min_version( mbedtls_ssl_config *conf, int major, int minor );
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
/** /**
@ -1834,10 +1836,10 @@ void mbedtls_ssl_set_fallback( mbedtls_ssl_context *ssl, char fallback );
* improvement, and should not cause any interoperability * improvement, and should not cause any interoperability
* issue (used only if the peer supports it too). * issue (used only if the peer supports it too).
* *
* \param ssl SSL context * \param conf SSL configuration
* \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED * \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
*/ */
void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_context *ssl, char etm ); void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
@ -1849,10 +1851,10 @@ void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_context *ssl, char etm );
* protocol, and should not cause any interoperability issue * protocol, and should not cause any interoperability issue
* (used only if the peer supports it too). * (used only if the peer supports it too).
* *
* \param ssl SSL context * \param conf SSL configuration
* \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED * \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
*/ */
void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_context *ssl, char ems ); void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_config *conf, char ems );
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
/** /**
@ -1865,10 +1867,10 @@ void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_context *ssl, char ems
* \note This function will likely be removed in future versions as * \note This function will likely be removed in future versions as
* RC4 will then be disabled by default at compile time. * RC4 will then be disabled by default at compile time.
* *
* \param ssl SSL context * \param conf SSL configuration
* \param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED * \param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
*/ */
void mbedtls_ssl_set_arc4_support( mbedtls_ssl_context *ssl, char arc4 ); void mbedtls_ssl_set_arc4_support( mbedtls_ssl_config *conf, char arc4 );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
/** /**
@ -1895,13 +1897,13 @@ int mbedtls_ssl_set_max_frag_len( mbedtls_ssl_context *ssl, unsigned char mfl_co
* (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED on client, * (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED on client,
* MBEDTLS_SSL_TRUNC_HMAC_ENABLED on server.) * MBEDTLS_SSL_TRUNC_HMAC_ENABLED on server.)
* *
* \param ssl SSL context * \param conf SSL configuration
* \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or * \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or
* MBEDTLS_SSL_TRUNC_HMAC_DISABLED) * MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
* *
* \return Always 0. * \return Always 0.
*/ */
int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_context *ssl, int truncate ); int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
@ -1942,10 +1944,10 @@ int mbedtls_ssl_set_session_tickets( mbedtls_ssl_context *ssl, int use_tickets )
* \brief Set session ticket lifetime (server only) * \brief Set session ticket lifetime (server only)
* (Default: MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day)) * (Default: MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day))
* *
* \param ssl SSL context * \param conf SSL configuration
* \param lifetime session ticket lifetime * \param lifetime session ticket lifetime
*/ */
void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_context *ssl, int lifetime ); void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_config *conf, int lifetime );
#endif /* MBEDTLS_SSL_SESSION_TICKETS */ #endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
@ -1958,11 +1960,11 @@ void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_context *ssl, int life
* resource DoS by a malicious client. You should enable this on * resource DoS by a malicious client. You should enable this on
* a client to enable server-initiated renegotiation. * a client to enable server-initiated renegotiation.
* *
* \param ssl SSL context * \param conf SSL configuration
* \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or * \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
* MBEDTLS_SSL_RENEGOTIATION_DISABLED) * MBEDTLS_SSL_RENEGOTIATION_DISABLED)
*/ */
void mbedtls_ssl_set_renegotiation( mbedtls_ssl_context *ssl, int renegotiation ); void mbedtls_ssl_set_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
#endif /* MBEDTLS_SSL_RENEGOTIATION */ #endif /* MBEDTLS_SSL_RENEGOTIATION */
/** /**
@ -1987,12 +1989,12 @@ void mbedtls_ssl_set_renegotiation( mbedtls_ssl_context *ssl, int renegotiation
* that do not support renegotiation altogether. * that do not support renegotiation altogether.
* (Most secure option, interoperability issues) * (Most secure option, interoperability issues)
* *
* \param ssl SSL context * \param conf SSL configuration
* \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION, * \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
* SSL_ALLOW_LEGACY_RENEGOTIATION or * SSL_ALLOW_LEGACY_RENEGOTIATION or
* MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE) * MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
*/ */
void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_context *ssl, int allow_legacy ); void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
/** /**
@ -2027,12 +2029,12 @@ void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_context *ssl, int allow_legac
* if we receive application data from the server, we need a * if we receive application data from the server, we need a
* place to write it, which only happens during mbedtls_ssl_read(). * place to write it, which only happens during mbedtls_ssl_read().
* *
* \param ssl SSL context * \param conf SSL configuration
* \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to * \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
* enforce renegotiation, or a non-negative value to enforce * enforce renegotiation, or a non-negative value to enforce
* it but allow for a grace period of max_records records. * it but allow for a grace period of max_records records.
*/ */
void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_context *ssl, int max_records ); void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
/** /**
* \brief Set record counter threshold for periodic renegotiation. * \brief Set record counter threshold for periodic renegotiation.
@ -2047,11 +2049,11 @@ void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_context *ssl, int max_r
* Lower values can be used to enforce policies such as "keys * Lower values can be used to enforce policies such as "keys
* must be refreshed every N packets with cipher X". * must be refreshed every N packets with cipher X".
* *
* \param ssl SSL context * \param conf SSL configuration
* \param period The threshold value: a big-endian 64-bit number. * \param period The threshold value: a big-endian 64-bit number.
* Set to 2^64 - 1 to disable periodic renegotiation * Set to 2^64 - 1 to disable periodic renegotiation
*/ */
void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_config *conf,
const unsigned char period[8] ); const unsigned char period[8] );
#endif /* MBEDTLS_SSL_RENEGOTIATION */ #endif /* MBEDTLS_SSL_RENEGOTIATION */

View File

@ -377,14 +377,14 @@ int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
return( 0 ); return( 0 );
} }
void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_config *conf,
mbedtls_ssl_cookie_write_t *f_cookie_write, mbedtls_ssl_cookie_write_t *f_cookie_write,
mbedtls_ssl_cookie_check_t *f_cookie_check, mbedtls_ssl_cookie_check_t *f_cookie_check,
void *p_cookie ) void *p_cookie )
{ {
ssl->conf->f_cookie_write = f_cookie_write; conf->f_cookie_write = f_cookie_write;
ssl->conf->f_cookie_check = f_cookie_check; conf->f_cookie_check = f_cookie_check;
ssl->conf->p_cookie = p_cookie; conf->p_cookie = p_cookie;
} }
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */

View File

@ -5168,52 +5168,52 @@ static int ssl_ticket_keys_init( mbedtls_ssl_context *ssl )
/* /*
* SSL set accessors * SSL set accessors
*/ */
void mbedtls_ssl_set_endpoint( mbedtls_ssl_context *ssl, int endpoint ) void mbedtls_ssl_set_endpoint( mbedtls_ssl_config *conf, int endpoint )
{ {
ssl->conf->endpoint = endpoint; conf->endpoint = endpoint;
} }
int mbedtls_ssl_set_transport( mbedtls_ssl_context *ssl, int transport ) int mbedtls_ssl_set_transport( mbedtls_ssl_config *conf, int transport )
{ {
ssl->conf->transport = transport; conf->transport = transport;
return( 0 ); return( 0 );
} }
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode ) void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_config *conf, char mode )
{ {
ssl->conf->anti_replay = mode; conf->anti_replay = mode;
} }
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit ) void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit )
{ {
ssl->conf->badmac_limit = limit; conf->badmac_limit = limit;
} }
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_context *ssl, uint32_t min, uint32_t max ) void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max )
{ {
ssl->conf->hs_timeout_min = min; conf->hs_timeout_min = min;
ssl->conf->hs_timeout_max = max; conf->hs_timeout_max = max;
} }
#endif #endif
void mbedtls_ssl_set_authmode( mbedtls_ssl_context *ssl, int authmode ) void mbedtls_ssl_set_authmode( mbedtls_ssl_config *conf, int authmode )
{ {
ssl->conf->authmode = authmode; conf->authmode = authmode;
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_verify( mbedtls_ssl_config *conf,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, int *), int (*f_vrfy)(void *, mbedtls_x509_crt *, int, int *),
void *p_vrfy ) void *p_vrfy )
{ {
ssl->conf->f_vrfy = f_vrfy; conf->f_vrfy = f_vrfy;
ssl->conf->p_vrfy = p_vrfy; conf->p_vrfy = p_vrfy;
} }
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
@ -5225,12 +5225,12 @@ void mbedtls_ssl_set_rng( mbedtls_ssl_context *ssl,
ssl->p_rng = p_rng; ssl->p_rng = p_rng;
} }
void mbedtls_ssl_set_dbg( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_dbg( mbedtls_ssl_config *conf,
void (*f_dbg)(void *, int, const char *), void (*f_dbg)(void *, int, const char *),
void *p_dbg ) void *p_dbg )
{ {
ssl->conf->f_dbg = f_dbg; conf->f_dbg = f_dbg;
ssl->conf->p_dbg = p_dbg; conf->p_dbg = p_dbg;
} }
#if ! defined(MBEDTLS_DEPRECATED_REMOVED) #if ! defined(MBEDTLS_DEPRECATED_REMOVED)
@ -5267,14 +5267,14 @@ void mbedtls_ssl_set_bio_timeout( mbedtls_ssl_context *ssl,
} }
#if defined(MBEDTLS_SSL_SRV_C) #if defined(MBEDTLS_SSL_SRV_C)
void mbedtls_ssl_set_session_cache( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_session_cache( mbedtls_ssl_config *conf,
int (*f_get_cache)(void *, mbedtls_ssl_session *), void *p_get_cache, int (*f_get_cache)(void *, mbedtls_ssl_session *), void *p_get_cache,
int (*f_set_cache)(void *, const mbedtls_ssl_session *), void *p_set_cache ) int (*f_set_cache)(void *, const mbedtls_ssl_session *), void *p_set_cache )
{ {
ssl->conf->f_get_cache = f_get_cache; conf->f_get_cache = f_get_cache;
ssl->conf->p_get_cache = p_get_cache; conf->p_get_cache = p_get_cache;
ssl->conf->f_set_cache = f_set_cache; conf->f_set_cache = f_set_cache;
ssl->conf->p_set_cache = p_set_cache; conf->p_set_cache = p_set_cache;
} }
#endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_SRV_C */
@ -5300,15 +5300,16 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
} }
#endif /* MBEDTLS_SSL_CLI_C */ #endif /* MBEDTLS_SSL_CLI_C */
void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_context *ssl, const int *ciphersuites ) void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_config *conf,
const int *ciphersuites )
{ {
ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites; conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites;
ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites; conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites;
ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites; conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites;
ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites; conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites;
} }
void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_config *conf,
const int *ciphersuites, const int *ciphersuites,
int major, int minor ) int major, int minor )
{ {
@ -5318,7 +5319,7 @@ void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_context *ssl,
if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 ) if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 )
return; return;
ssl->conf->ciphersuite_list[minor] = ciphersuites; conf->ciphersuite_list[minor] = ciphersuites;
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
@ -5407,51 +5408,39 @@ int mbedtls_ssl_set_psk( mbedtls_ssl_context *ssl, const unsigned char *psk, siz
return( 0 ); return( 0 );
} }
void mbedtls_ssl_set_psk_cb( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_psk_cb( mbedtls_ssl_config *conf,
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
size_t), size_t),
void *p_psk ) void *p_psk )
{ {
ssl->conf->f_psk = f_psk; conf->f_psk = f_psk;
ssl->conf->p_psk = p_psk; conf->p_psk = p_psk;
} }
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
#if defined(MBEDTLS_DHM_C) #if defined(MBEDTLS_DHM_C)
int mbedtls_ssl_set_dh_param( mbedtls_ssl_context *ssl, const char *dhm_P, const char *dhm_G ) int mbedtls_ssl_set_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G )
{ {
int ret; int ret;
if( ( ret = mbedtls_mpi_read_string( &ssl->conf->dhm_P, 16, dhm_P ) ) != 0 ) if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_read_string", ret );
return( ret ); return( ret );
}
if( ( ret = mbedtls_mpi_read_string( &ssl->conf->dhm_G, 16, dhm_G ) ) != 0 ) if( ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_read_string", ret );
return( ret ); return( ret );
}
return( 0 ); return( 0 );
} }
int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context *dhm_ctx ) int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx )
{ {
int ret; int ret;
if( ( ret = mbedtls_mpi_copy( &ssl->conf->dhm_P, &dhm_ctx->P ) ) != 0 ) if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret );
return( ret ); return( ret );
}
if( ( ret = mbedtls_mpi_copy( &ssl->conf->dhm_G, &dhm_ctx->G ) ) != 0 ) if( ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret );
return( ret ); return( ret );
}
return( 0 ); return( 0 );
} }
@ -5461,9 +5450,10 @@ int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context
/* /*
* Set the allowed elliptic curves * Set the allowed elliptic curves
*/ */
void mbedtls_ssl_set_curves( mbedtls_ssl_context *ssl, const mbedtls_ecp_group_id *curve_list ) void mbedtls_ssl_set_curves( mbedtls_ssl_config *conf,
const mbedtls_ecp_group_id *curve_list )
{ {
ssl->conf->curve_list = curve_list; conf->curve_list = curve_list;
} }
#endif #endif
@ -5491,18 +5481,18 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
return( 0 ); return( 0 );
} }
void mbedtls_ssl_set_sni( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_sni( mbedtls_ssl_config *conf,
int (*f_sni)(void *, mbedtls_ssl_context *, int (*f_sni)(void *, mbedtls_ssl_context *,
const unsigned char *, size_t), const unsigned char *, size_t),
void *p_sni ) void *p_sni )
{ {
ssl->conf->f_sni = f_sni; conf->f_sni = f_sni;
ssl->conf->p_sni = p_sni; conf->p_sni = p_sni;
} }
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_context *ssl, const char **protos ) int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_config *conf, const char **protos )
{ {
size_t cur_len, tot_len; size_t cur_len, tot_len;
const char **p; const char **p;
@ -5521,7 +5511,7 @@ int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_context *ssl, const char **proto
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
} }
ssl->conf->alpn_list = protos; conf->alpn_list = protos;
return( 0 ); return( 0 );
} }
@ -5532,16 +5522,19 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl )
} }
#endif /* MBEDTLS_SSL_ALPN */ #endif /* MBEDTLS_SSL_ALPN */
static int ssl_check_version( const mbedtls_ssl_context *ssl, int major, int minor ) static int ssl_check_version( const mbedtls_ssl_config *conf,
int major, int minor )
{ {
if( major < MBEDTLS_SSL_MIN_MAJOR_VERSION || major > MBEDTLS_SSL_MAX_MAJOR_VERSION || if( major < MBEDTLS_SSL_MIN_MAJOR_VERSION ||
minor < MBEDTLS_SSL_MIN_MINOR_VERSION || minor > MBEDTLS_SSL_MAX_MINOR_VERSION ) major > MBEDTLS_SSL_MAX_MAJOR_VERSION ||
minor < MBEDTLS_SSL_MIN_MINOR_VERSION ||
minor > MBEDTLS_SSL_MAX_MINOR_VERSION )
{ {
return( -1 ); return( -1 );
} }
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
minor < MBEDTLS_SSL_MINOR_VERSION_2 ) minor < MBEDTLS_SSL_MINOR_VERSION_2 )
{ {
return( -1 ); return( -1 );
@ -5553,24 +5546,24 @@ static int ssl_check_version( const mbedtls_ssl_context *ssl, int major, int min
return( 0 ); return( 0 );
} }
int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor ) int mbedtls_ssl_set_max_version( mbedtls_ssl_config *conf, int major, int minor )
{ {
if( ssl_check_version( ssl, major, minor ) != 0 ) if( ssl_check_version( conf, major, minor ) != 0 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
ssl->conf->max_major_ver = major; conf->max_major_ver = major;
ssl->conf->max_minor_ver = minor; conf->max_minor_ver = minor;
return( 0 ); return( 0 );
} }
int mbedtls_ssl_set_min_version( mbedtls_ssl_context *ssl, int major, int minor ) int mbedtls_ssl_set_min_version( mbedtls_ssl_config *conf, int major, int minor )
{ {
if( ssl_check_version( ssl, major, minor ) != 0 ) if( ssl_check_version( conf, major, minor ) != 0 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
ssl->conf->min_major_ver = major; conf->min_major_ver = major;
ssl->conf->min_minor_ver = minor; conf->min_minor_ver = minor;
return( 0 ); return( 0 );
} }
@ -5583,22 +5576,22 @@ void mbedtls_ssl_set_fallback( mbedtls_ssl_context *ssl, char fallback )
#endif #endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_context *ssl, char etm ) void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_config *conf, char etm )
{ {
ssl->conf->encrypt_then_mac = etm; conf->encrypt_then_mac = etm;
} }
#endif #endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_context *ssl, char ems ) void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_config *conf, char ems )
{ {
ssl->conf->extended_ms = ems; conf->extended_ms = ems;
} }
#endif #endif
void mbedtls_ssl_set_arc4_support( mbedtls_ssl_context *ssl, char arc4 ) void mbedtls_ssl_set_arc4_support( mbedtls_ssl_config *conf, char arc4 )
{ {
ssl->conf->arc4_disabled = arc4; conf->arc4_disabled = arc4;
} }
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@ -5617,9 +5610,9 @@ int mbedtls_ssl_set_max_frag_len( mbedtls_ssl_context *ssl, unsigned char mfl_co
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_context *ssl, int truncate ) int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_config *conf, int truncate )
{ {
ssl->conf->trunc_hmac = truncate; conf->trunc_hmac = truncate;
return( 0 ); return( 0 );
} }
@ -5632,26 +5625,26 @@ void mbedtls_ssl_set_cbc_record_splitting( mbedtls_ssl_context *ssl, char split
} }
#endif #endif
void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_context *ssl, int allow_legacy ) void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy )
{ {
ssl->conf->allow_legacy_renegotiation = allow_legacy; conf->allow_legacy_renegotiation = allow_legacy;
} }
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
void mbedtls_ssl_set_renegotiation( mbedtls_ssl_context *ssl, int renegotiation ) void mbedtls_ssl_set_renegotiation( mbedtls_ssl_config *conf, int renegotiation )
{ {
ssl->conf->disable_renegotiation = renegotiation; conf->disable_renegotiation = renegotiation;
} }
void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_context *ssl, int max_records ) void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records )
{ {
ssl->conf->renego_max_records = max_records; conf->renego_max_records = max_records;
} }
void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_context *ssl, void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_config *conf,
const unsigned char period[8] ) const unsigned char period[8] )
{ {
memcpy( ssl->conf->renego_period, period, 8 ); memcpy( conf->renego_period, period, 8 );
} }
#endif /* MBEDTLS_SSL_RENEGOTIATION */ #endif /* MBEDTLS_SSL_RENEGOTIATION */
@ -5674,9 +5667,9 @@ int mbedtls_ssl_set_session_tickets( mbedtls_ssl_context *ssl, int use_tickets )
return( ssl_ticket_keys_init( ssl ) ); return( ssl_ticket_keys_init( ssl ) );
} }
void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_context *ssl, int lifetime ) void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_config *conf, int lifetime )
{ {
ssl->conf->ticket_lifetime = lifetime; conf->ticket_lifetime = lifetime;
} }
#endif /* MBEDTLS_SSL_SESSION_TICKETS */ #endif /* MBEDTLS_SSL_SESSION_TICKETS */

View File

@ -181,11 +181,11 @@ int main( int argc, char *argv[] )
/* OPTIONAL is usually a bad choice for security, but makes interop easier /* OPTIONAL is usually a bad choice for security, but makes interop easier
* in this simplified example, in which the ca chain is hardcoded. * in this simplified example, in which the ca chain is hardcoded.
* Production code should set a proper ca chain and use REQUIRED. */ * Production code should set a proper ca chain and use REQUIRED. */
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL ); mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, SERVER_NAME ); mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, SERVER_NAME );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_ssl_set_bio_timeout( &ssl, &server_fd,
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout, mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout,

View File

@ -206,13 +206,12 @@ int main( void )
goto exit; goto exit;
} }
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C) #if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache, mbedtls_ssl_set_session_cache( &conf,
mbedtls_ssl_cache_get, &cache,
mbedtls_ssl_cache_set, &cache ); mbedtls_ssl_cache_set, &cache );
#endif #endif
@ -230,7 +229,7 @@ int main( void )
goto exit; goto exit;
} }
mbedtls_ssl_set_dtls_cookies( &ssl, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, mbedtls_ssl_set_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
&cookie_ctx ); &cookie_ctx );
printf( " ok\n" ); printf( " ok\n" );

View File

@ -217,7 +217,7 @@ int main( void )
} }
mbedtls_ssl_set_ca_chain( &ssl, &ca, NULL, HOSTNAME ); mbedtls_ssl_set_ca_chain( &ssl, &ca, NULL, HOSTNAME );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_REQUIRED ); mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
#endif #endif
/* /*

View File

@ -168,11 +168,11 @@ int main( void )
/* OPTIONAL is not optimal for security, /* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */ * but makes interop easier in this simplified example */
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL ); mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, "mbed TLS Server 1" ); mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, "mbed TLS Server 1" );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 ); mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
/* /*

View File

@ -1065,15 +1065,15 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
if( opt.debug_level > 0 ) if( opt.debug_level > 0 )
mbedtls_ssl_set_verify( &ssl, my_verify, NULL ); mbedtls_ssl_set_verify( &conf, my_verify, NULL );
#endif #endif
if( opt.auth_mode != DFL_AUTH_MODE ) if( opt.auth_mode != DFL_AUTH_MODE )
mbedtls_ssl_set_authmode( &ssl, opt.auth_mode ); mbedtls_ssl_set_authmode( &conf, opt.auth_mode );
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX ) if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max ); mbedtls_ssl_set_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@ -1086,17 +1086,17 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( opt.trunc_hmac != DFL_TRUNC_HMAC ) if( opt.trunc_hmac != DFL_TRUNC_HMAC )
mbedtls_ssl_set_truncated_hmac( &ssl, opt.trunc_hmac ); mbedtls_ssl_set_truncated_hmac( &conf, opt.trunc_hmac );
#endif #endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
if( opt.extended_ms != DFL_EXTENDED_MS ) if( opt.extended_ms != DFL_EXTENDED_MS )
mbedtls_ssl_set_extended_master_secret( &ssl, opt.extended_ms ); mbedtls_ssl_set_extended_master_secret( &conf, opt.extended_ms );
#endif #endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( opt.etm != DFL_ETM ) if( opt.etm != DFL_ETM )
mbedtls_ssl_set_encrypt_then_mac( &ssl, opt.etm ); mbedtls_ssl_set_encrypt_then_mac( &conf, opt.etm );
#endif #endif
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
@ -1108,7 +1108,7 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL ) if( opt.alpn_string != NULL )
if( ( ret = mbedtls_ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 ) if( ( ret = mbedtls_ssl_set_alpn_protocols( &conf, alpn_list ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_set_alpn_protocols returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_set_alpn_protocols returned %d\n\n", ret );
goto exit; goto exit;
@ -1116,7 +1116,7 @@ int main( int argc, char *argv[] )
#endif #endif
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
if( opt.nbio == 2 ) if( opt.nbio == 2 )
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, my_send, my_recv, NULL, mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, my_send, my_recv, NULL,
@ -1139,15 +1139,15 @@ int main( int argc, char *argv[] )
#endif #endif
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
if( opt.arc4 != DFL_ARC4 ) if( opt.arc4 != DFL_ARC4 )
mbedtls_ssl_set_arc4_support( &ssl, opt.arc4 ); mbedtls_ssl_set_arc4_support( &conf, opt.arc4 );
if( opt.allow_legacy != DFL_ALLOW_LEGACY ) if( opt.allow_legacy != DFL_ALLOW_LEGACY )
mbedtls_ssl_legacy_renegotiation( &ssl, opt.allow_legacy ); mbedtls_ssl_legacy_renegotiation( &conf, opt.allow_legacy );
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
mbedtls_ssl_set_renegotiation( &ssl, opt.renegotiation ); mbedtls_ssl_set_renegotiation( &conf, opt.renegotiation );
#endif #endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
@ -1187,7 +1187,7 @@ int main( int argc, char *argv[] )
if( opt.min_version != DFL_MIN_VERSION ) if( opt.min_version != DFL_MIN_VERSION )
{ {
ret = mbedtls_ssl_set_min_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version ); ret = mbedtls_ssl_set_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! selected min_version is not available\n" ); mbedtls_printf( " failed\n ! selected min_version is not available\n" );
@ -1197,7 +1197,7 @@ int main( int argc, char *argv[] )
if( opt.max_version != DFL_MAX_VERSION ) if( opt.max_version != DFL_MAX_VERSION )
{ {
ret = mbedtls_ssl_set_max_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version ); ret = mbedtls_ssl_set_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! selected max_version is not available\n" ); mbedtls_printf( " failed\n ! selected max_version is not available\n" );

View File

@ -265,10 +265,8 @@ int main( void )
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 ); mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL ); mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );

View File

@ -602,14 +602,14 @@ int main( int argc, char *argv[] )
/* OPTIONAL is not optimal for security, /* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */ * but makes interop easier in this simplified example */
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL ); mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 ); mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name ); mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 ) if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )

View File

@ -176,16 +176,15 @@ static void *handle_ssl_connection( void *data )
goto thread_exit; goto thread_exit;
} }
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_mutexed_debug, stdout ); mbedtls_ssl_set_dbg( &conf, my_mutexed_debug, stdout );
/* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if /* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
* MBEDTLS_THREADING_C is set. * MBEDTLS_THREADING_C is set.
*/ */
#if defined(MBEDTLS_SSL_CACHE_C) #if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, thread_info->cache, mbedtls_ssl_set_session_cache( &conf,
mbedtls_ssl_cache_get, thread_info->cache,
mbedtls_ssl_cache_set, thread_info->cache ); mbedtls_ssl_cache_set, thread_info->cache );
#endif #endif

View File

@ -205,13 +205,12 @@ int main( void )
goto exit; goto exit;
} }
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C) #if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache, mbedtls_ssl_set_session_cache( &conf,
mbedtls_ssl_cache_get, &cache,
mbedtls_ssl_cache_set, &cache ); mbedtls_ssl_cache_set, &cache );
#endif #endif

View File

@ -1534,13 +1534,12 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
if( opt.auth_mode != DFL_AUTH_MODE ) if( opt.auth_mode != DFL_AUTH_MODE )
mbedtls_ssl_set_authmode( &ssl, opt.auth_mode ); mbedtls_ssl_set_authmode( &conf, opt.auth_mode );
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX ) if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max ); mbedtls_ssl_set_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@ -1553,22 +1552,22 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( opt.trunc_hmac != DFL_TRUNC_HMAC ) if( opt.trunc_hmac != DFL_TRUNC_HMAC )
mbedtls_ssl_set_truncated_hmac( &ssl, opt.trunc_hmac ); mbedtls_ssl_set_truncated_hmac( &conf, opt.trunc_hmac );
#endif #endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
if( opt.extended_ms != DFL_EXTENDED_MS ) if( opt.extended_ms != DFL_EXTENDED_MS )
mbedtls_ssl_set_extended_master_secret( &ssl, opt.extended_ms ); mbedtls_ssl_set_extended_master_secret( &conf, opt.extended_ms );
#endif #endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( opt.etm != DFL_ETM ) if( opt.etm != DFL_ETM )
mbedtls_ssl_set_encrypt_then_mac( &ssl, opt.etm ); mbedtls_ssl_set_encrypt_then_mac( &conf, opt.etm );
#endif #endif
#if defined(MBEDTLS_SSL_ALPN) #if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL ) if( opt.alpn_string != NULL )
if( ( ret = mbedtls_ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 ) if( ( ret = mbedtls_ssl_set_alpn_protocols( &conf, alpn_list ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_ssl_set_alpn_protocols returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_ssl_set_alpn_protocols returned %d\n\n", ret );
goto exit; goto exit;
@ -1576,7 +1575,7 @@ int main( int argc, char *argv[] )
#endif #endif
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C) #if defined(MBEDTLS_SSL_CACHE_C)
if( opt.cache_max != -1 ) if( opt.cache_max != -1 )
@ -1585,7 +1584,8 @@ int main( int argc, char *argv[] )
if( opt.cache_timeout != -1 ) if( opt.cache_timeout != -1 )
mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout ); mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout );
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache, mbedtls_ssl_set_session_cache( &conf,
mbedtls_ssl_cache_get, &cache,
mbedtls_ssl_cache_set, &cache ); mbedtls_ssl_cache_set, &cache );
#endif #endif
@ -1597,7 +1597,7 @@ int main( int argc, char *argv[] )
} }
if( opt.ticket_timeout != -1 ) if( opt.ticket_timeout != -1 )
mbedtls_ssl_set_session_ticket_lifetime( &ssl, opt.ticket_timeout ); mbedtls_ssl_set_session_ticket_lifetime( &conf, opt.ticket_timeout );
#endif #endif
#if defined(MBEDTLS_SSL_PROTO_DTLS) #if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -1613,7 +1613,7 @@ int main( int argc, char *argv[] )
goto exit; goto exit;
} }
mbedtls_ssl_set_dtls_cookies( &ssl, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, mbedtls_ssl_set_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
&cookie_ctx ); &cookie_ctx );
} }
else else
@ -1621,7 +1621,7 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
if( opt.cookies == 0 ) if( opt.cookies == 0 )
{ {
mbedtls_ssl_set_dtls_cookies( &ssl, NULL, NULL, NULL ); mbedtls_ssl_set_dtls_cookies( &conf, NULL, NULL, NULL );
} }
else else
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
@ -1631,50 +1631,50 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
if( opt.anti_replay != DFL_ANTI_REPLAY ) if( opt.anti_replay != DFL_ANTI_REPLAY )
mbedtls_ssl_set_dtls_anti_replay( &ssl, opt.anti_replay ); mbedtls_ssl_set_dtls_anti_replay( &conf, opt.anti_replay );
#endif #endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
if( opt.badmac_limit != DFL_BADMAC_LIMIT ) if( opt.badmac_limit != DFL_BADMAC_LIMIT )
mbedtls_ssl_set_dtls_badmac_limit( &ssl, opt.badmac_limit ); mbedtls_ssl_set_dtls_badmac_limit( &conf, opt.badmac_limit );
#endif #endif
} }
#endif /* MBEDTLS_SSL_PROTO_DTLS */ #endif /* MBEDTLS_SSL_PROTO_DTLS */
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite ); mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
if( opt.arc4 != DFL_ARC4 ) if( opt.arc4 != DFL_ARC4 )
mbedtls_ssl_set_arc4_support( &ssl, opt.arc4 ); mbedtls_ssl_set_arc4_support( &conf, opt.arc4 );
if( opt.version_suites != NULL ) if( opt.version_suites != NULL )
{ {
mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[0], mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[0],
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_0 ); MBEDTLS_SSL_MINOR_VERSION_0 );
mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[1], mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[1],
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_1 ); MBEDTLS_SSL_MINOR_VERSION_1 );
mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[2], mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[2],
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_2 ); MBEDTLS_SSL_MINOR_VERSION_2 );
mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[3], mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[3],
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_3 ); MBEDTLS_SSL_MINOR_VERSION_3 );
} }
if( opt.allow_legacy != DFL_ALLOW_LEGACY ) if( opt.allow_legacy != DFL_ALLOW_LEGACY )
mbedtls_ssl_legacy_renegotiation( &ssl, opt.allow_legacy ); mbedtls_ssl_legacy_renegotiation( &conf, opt.allow_legacy );
#if defined(MBEDTLS_SSL_RENEGOTIATION) #if defined(MBEDTLS_SSL_RENEGOTIATION)
mbedtls_ssl_set_renegotiation( &ssl, opt.renegotiation ); mbedtls_ssl_set_renegotiation( &conf, opt.renegotiation );
if( opt.renego_delay != DFL_RENEGO_DELAY ) if( opt.renego_delay != DFL_RENEGO_DELAY )
mbedtls_ssl_set_renegotiation_enforced( &ssl, opt.renego_delay ); mbedtls_ssl_set_renegotiation_enforced( &conf, opt.renego_delay );
if( opt.renego_period != DFL_RENEGO_PERIOD ) if( opt.renego_period != DFL_RENEGO_PERIOD )
{ {
renego_period[7] = opt.renego_period; renego_period[7] = opt.renego_period;
mbedtls_ssl_set_renegotiation_period( &ssl, renego_period ); mbedtls_ssl_set_renegotiation_period( &conf, renego_period );
} }
#endif #endif
@ -1700,7 +1700,7 @@ int main( int argc, char *argv[] )
#if defined(SNI_OPTION) #if defined(SNI_OPTION)
if( opt.sni != NULL ) if( opt.sni != NULL )
mbedtls_ssl_set_sni( &ssl, sni_callback, sni_info ); mbedtls_ssl_set_sni( &conf, sni_callback, sni_info );
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
@ -1717,7 +1717,7 @@ int main( int argc, char *argv[] )
} }
if( opt.psk_list != NULL ) if( opt.psk_list != NULL )
mbedtls_ssl_set_psk_cb( &ssl, psk_callback, psk_info ); mbedtls_ssl_set_psk_cb( &conf, psk_callback, psk_info );
#endif #endif
#if defined(MBEDTLS_DHM_C) #if defined(MBEDTLS_DHM_C)
@ -1726,10 +1726,10 @@ int main( int argc, char *argv[] )
*/ */
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
if( opt.dhm_file != NULL ) if( opt.dhm_file != NULL )
ret = mbedtls_ssl_set_dh_param_ctx( &ssl, &dhm ); ret = mbedtls_ssl_set_dh_param_ctx( &conf, &dhm );
else else
#endif #endif
ret = mbedtls_ssl_set_dh_param( &ssl, MBEDTLS_DHM_RFC5114_MODP_2048_P, ret = mbedtls_ssl_set_dh_param( &conf, MBEDTLS_DHM_RFC5114_MODP_2048_P,
MBEDTLS_DHM_RFC5114_MODP_2048_G ); MBEDTLS_DHM_RFC5114_MODP_2048_G );
if( ret != 0 ) if( ret != 0 )
@ -1741,7 +1741,7 @@ int main( int argc, char *argv[] )
if( opt.min_version != DFL_MIN_VERSION ) if( opt.min_version != DFL_MIN_VERSION )
{ {
ret = mbedtls_ssl_set_min_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version ); ret = mbedtls_ssl_set_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! selected min_version is not available\n" ); mbedtls_printf( " failed\n ! selected min_version is not available\n" );
@ -1751,7 +1751,7 @@ int main( int argc, char *argv[] )
if( opt.max_version != DFL_MIN_VERSION ) if( opt.max_version != DFL_MIN_VERSION )
{ {
ret = mbedtls_ssl_set_max_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version ); ret = mbedtls_ssl_set_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! selected max_version is not available\n" ); mbedtls_printf( " failed\n ! selected max_version is not available\n" );

View File

@ -412,15 +412,15 @@ int main( int argc, char *argv[] )
if( verify ) if( verify )
{ {
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_REQUIRED ); mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name ); mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
mbedtls_ssl_set_verify( &ssl, my_verify, NULL ); mbedtls_ssl_set_verify( &conf, my_verify, NULL );
} }
else else
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE ); mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout ); mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 ); mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 ) if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )

View File

@ -46,7 +46,7 @@ void debug_print_msg_threshold( int threshold, int level, char *file, int line,
mbedtls_debug_set_log_mode( MBEDTLS_DEBUG_LOG_FULL ); mbedtls_debug_set_log_mode( MBEDTLS_DEBUG_LOG_FULL );
mbedtls_debug_set_threshold( threshold ); mbedtls_debug_set_threshold( threshold );
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer); mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_msg( &ssl, level, file, line, mbedtls_debug_print_msg( &ssl, level, file, line,
mbedtls_debug_fmt("Text message, 2 == %d", 2 ) ); mbedtls_debug_fmt("Text message, 2 == %d", 2 ) );
@ -75,7 +75,7 @@ void mbedtls_debug_print_ret( int mode, char *file, int line, char *text, int va
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_set_log_mode( mode ); mbedtls_debug_set_log_mode( mode );
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer); mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_ret( &ssl, 0, file, line, text, value); mbedtls_debug_print_ret( &ssl, 0, file, line, text, value);
@ -108,7 +108,7 @@ void mbedtls_debug_print_buf( int mode, char *file, int line, char *text,
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_set_log_mode( mode ); mbedtls_debug_set_log_mode( mode );
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer); mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_buf( &ssl, 0, file, line, text, data, data_len ); mbedtls_debug_print_buf( &ssl, 0, file, line, text, data, data_len );
@ -138,7 +138,7 @@ void mbedtls_debug_print_crt( int mode, char *crt_file, char *file, int line,
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 ); TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_set_log_mode( mode ); mbedtls_debug_set_log_mode( mode );
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer); mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 ); TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
mbedtls_debug_print_crt( &ssl, 0, file, line, prefix, &crt); mbedtls_debug_print_crt( &ssl, 0, file, line, prefix, &crt);
@ -172,7 +172,7 @@ void mbedtls_debug_print_mpi( int mode, int radix, char *value, char *file, int
TEST_ASSERT( mbedtls_mpi_read_string( &val, radix, value ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &val, radix, value ) == 0 );
mbedtls_debug_set_log_mode( mode ); mbedtls_debug_set_log_mode( mode );
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer); mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val); mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val);