Move easy ssl_set_xxx() functions to work on conf

mbedtls_ssl_set_alpn_protocols
mbedtls_ssl_set_arc4_support
mbedtls_ssl_set_authmode
mbedtls_ssl_set_ciphersuites
mbedtls_ssl_set_ciphersuites_for_version
mbedtls_ssl_set_curves
mbedtls_ssl_set_dbg
mbedtls_ssl_set_dh_param
mbedtls_ssl_set_dh_param_ctx
mbedtls_ssl_set_dtls_anti_replay
mbedtls_ssl_set_dtls_badmac_limit
mbedtls_ssl_set_dtls_cookies
mbedtls_ssl_set_encrypt_then_mac
mbedtls_ssl_set_endpoint
mbedtls_ssl_set_extended_master_secret
mbedtls_ssl_set_handshake_timeout
mbedtls_ssl_legacy_renegotiation
mbedtls_ssl_set_max_version
mbedtls_ssl_set_min_version
mbedtls_ssl_set_psk_cb
mbedtls_ssl_set_renegotiation
mbedtls_ssl_set_renegotiation_enforced
mbedtls_ssl_set_renegotiation_period
mbedtls_ssl_set_session_cache
mbedtls_ssl_set_session_ticket_lifetime
mbedtls_ssl_set_sni
mbedtls_ssl_set_transport
mbedtls_ssl_set_truncated_hmac
mbedtls_ssl_set_verify
This commit is contained in:
Manuel Pégourié-Gonnard 2015-05-05 10:45:39 +02:00
parent 419d5ae419
commit d36e33fc07
15 changed files with 223 additions and 233 deletions

View File

@ -1187,19 +1187,19 @@ int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
/**
* \brief Set the current endpoint type
*
* \param ssl SSL context
* \param conf SSL configuration
* \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
*
* \note This function should be called right after mbedtls_ssl_init() since
* some other ssl_set_foo() functions depend on it.
*/
void mbedtls_ssl_set_endpoint( mbedtls_ssl_context *ssl, int endpoint );
void mbedtls_ssl_set_endpoint( mbedtls_ssl_config *conf, int endpoint );
/**
* \brief Set the transport type (TLS or DTLS).
* Default: TLS
*
* \param ssl SSL context
* \param conf SSL configuration
* \param transport transport type:
* MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
* MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
@ -1212,12 +1212,13 @@ void mbedtls_ssl_set_endpoint( mbedtls_ssl_context *ssl, int endpoint );
* doesn't block, or one that handles timeouts, see
* mbedtls_ssl_set_bio_timeout()
*/
int mbedtls_ssl_set_transport( mbedtls_ssl_context *ssl, int transport );
int mbedtls_ssl_set_transport( mbedtls_ssl_config *conf, int transport );
/**
* \brief Set the certificate verification mode
* Default: NONE on server, REQUIRED on client
*
* \param ssl SSL context
* \param conf SSL configuration
* \param authmode can be:
*
* MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked
@ -1238,7 +1239,7 @@ int mbedtls_ssl_set_transport( mbedtls_ssl_context *ssl, int transport );
* the verification as soon as possible. For example, REQUIRED was protecting
* against the "triple handshake" attack even before it was found.
*/
void mbedtls_ssl_set_authmode( mbedtls_ssl_context *ssl, int authmode );
void mbedtls_ssl_set_authmode( mbedtls_ssl_config *conf, int authmode );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
@ -1248,11 +1249,11 @@ void mbedtls_ssl_set_authmode( mbedtls_ssl_context *ssl, int authmode );
* certificate in the chain. For implementation
* information, please see \c x509parse_verify()
*
* \param ssl SSL context
* \param conf SSL configuration
* \param f_vrfy verification function
* \param p_vrfy verification parameter
*/
void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
void mbedtls_ssl_set_verify( mbedtls_ssl_config *conf,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, int *),
void *p_vrfy );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@ -1271,11 +1272,11 @@ void mbedtls_ssl_set_rng( mbedtls_ssl_context *ssl,
/**
* \brief Set the debug callback
*
* \param ssl SSL context
* \param conf SSL configuration
* \param f_dbg debug function
* \param p_dbg debug parameter
*/
void mbedtls_ssl_set_dbg( mbedtls_ssl_context *ssl,
void mbedtls_ssl_set_dbg( mbedtls_ssl_config *conf,
void (*f_dbg)(void *, int, const char *),
void *p_dbg );
@ -1404,12 +1405,12 @@ typedef int mbedtls_ssl_cookie_check_t( void *ctx,
* Only disable if you known this can't happen in your
* particular environment.
*
* \param ssl SSL context
* \param conf SSL configuration
* \param f_cookie_write Cookie write callback
* \param f_cookie_check Cookie check callback
* \param p_cookie Context for both callbacks
*/
void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl,
void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_config *conf,
mbedtls_ssl_cookie_write_t *f_cookie_write,
mbedtls_ssl_cookie_check_t *f_cookie_check,
void *p_cookie );
@ -1421,7 +1422,7 @@ void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl,
* (DTLS only, no effect on TLS.)
* Default: enabled.
*
* \param ssl SSL context
* \param conf SSL configuration
* \param mode MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED.
*
* \warning Disabling this is a security risk unless the application
@ -1431,7 +1432,7 @@ void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl,
* packets and needs information about them to adjust its
* transmission strategy, then you'll want to disable this.
*/
void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode );
void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
@ -1441,7 +1442,7 @@ void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode );
* (DTLS only, no effect on TLS.)
* Default: 0 (disabled).
*
* \param ssl SSL context
* \param conf SSL configuration
* \param limit Limit, or 0 to disable.
*
* \note If the limit is N, then the connection is terminated when
@ -1458,7 +1459,7 @@ void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode );
* might make us waste resources checking authentication on
* many bogus packets.
*/
void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit );
void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -1466,7 +1467,7 @@ void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit
* \brief Set retransmit timeout values for the DTLS handshale.
* (DTLS only, no effect on TLS.)
*
* \param ssl SSL context
* \param conf SSL configuration
* \param min Initial timeout value in milliseconds.
* Default: 1000 (1 second).
* \param max Maximum timeout value in milliseconds.
@ -1478,7 +1479,7 @@ void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit
* handshake latency. Lower values may increase the risk of
* network congestion by causing more retransmissions.
*/
void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_context *ssl, uint32_t min, uint32_t max );
void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/**
@ -1513,13 +1514,13 @@ void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_context *ssl, uint32_t min,
* an entry is still valid in the future. Return 0 if
* successfully cached, return 1 otherwise.
*
* \param ssl SSL context
* \param conf SSL configuration
* \param f_get_cache session get callback
* \param p_get_cache session get parameter
* \param f_set_cache session set callback
* \param p_set_cache session set parameter
*/
void mbedtls_ssl_set_session_cache( mbedtls_ssl_context *ssl,
void mbedtls_ssl_set_session_cache( mbedtls_ssl_config *conf,
int (*f_get_cache)(void *, mbedtls_ssl_session *), void *p_get_cache,
int (*f_set_cache)(void *, const mbedtls_ssl_session *), void *p_set_cache );
#endif /* MBEDTLS_SSL_SRV_C */
@ -1551,17 +1552,18 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
* over the preference of the client unless
* MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
*
* \param ssl SSL context
* \param conf SSL configuration
* \param ciphersuites 0-terminated list of allowed ciphersuites
*/
void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_context *ssl, const int *ciphersuites );
void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_config *conf,
const int *ciphersuites );
/**
* \brief Set the list of allowed ciphersuites and the
* preference order for a specific version of the protocol.
* (Only useful on the server side)
*
* \param ssl SSL context
* \param conf SSL configuration
* \param ciphersuites 0-terminated list of allowed ciphersuites
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3
* supported)
@ -1572,7 +1574,7 @@ void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_context *ssl, const int *ciphersu
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
* and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
*/
void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_context *ssl,
void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_config *conf,
const int *ciphersuites,
int major, int minor );
@ -1642,11 +1644,11 @@ int mbedtls_ssl_set_psk( mbedtls_ssl_context *ssl, const unsigned char *psk, siz
* identity and return 0.
* Any other return value will result in a denied PSK identity.
*
* \param ssl SSL context
* \param conf SSL configuration
* \param f_psk PSK identity function
* \param p_psk PSK identity parameter
*/
void mbedtls_ssl_set_psk_cb( mbedtls_ssl_context *ssl,
void mbedtls_ssl_set_psk_cb( mbedtls_ssl_config *conf,
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
size_t),
void *p_psk );
@ -1658,24 +1660,24 @@ void mbedtls_ssl_set_psk_cb( mbedtls_ssl_context *ssl,
* read as hexadecimal strings (server-side only)
* (Default: MBEDTLS_DHM_RFC5114_MODP_1024_[PG])
*
* \param ssl SSL context
* \param conf SSL configuration
* \param dhm_P Diffie-Hellman-Merkle modulus
* \param dhm_G Diffie-Hellman-Merkle generator
*
* \return 0 if successful
*/
int mbedtls_ssl_set_dh_param( mbedtls_ssl_context *ssl, const char *dhm_P, const char *dhm_G );
int mbedtls_ssl_set_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G );
/**
* \brief Set the Diffie-Hellman public P and G values,
* read from existing context (server-side only)
*
* \param ssl SSL context
* \param conf SSL configuration
* \param dhm_ctx Diffie-Hellman-Merkle context
*
* \return 0 if successful
*/
int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context *dhm_ctx );
int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
#endif /* MBEDTLS_DHM_C */
#if defined(MBEDTLS_SSL_SET_CURVES)
@ -1693,11 +1695,11 @@ int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context
* Both sides: limits the set of curves used by peer to the
* listed curves for any use (ECDH(E), certificates).
*
* \param ssl SSL context
* \param conf SSL configuration
* \param curves Ordered list of allowed curves,
* terminated by MBEDTLS_ECP_DP_NONE.
*/
void mbedtls_ssl_set_curves( mbedtls_ssl_context *ssl, const mbedtls_ecp_group_id *curves );
void mbedtls_ssl_set_curves( mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves );
#endif /* MBEDTLS_SSL_SET_CURVES */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@ -1728,11 +1730,11 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
* callback should return -1 to abort the handshake at this
* point.
*
* \param ssl SSL context
* \param conf SSL configuration
* \param f_sni verification function
* \param p_sni verification parameter
*/
void mbedtls_ssl_set_sni( mbedtls_ssl_context *ssl,
void mbedtls_ssl_set_sni( mbedtls_ssl_config *conf,
int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
size_t),
void *p_sni );
@ -1742,13 +1744,13 @@ void mbedtls_ssl_set_sni( mbedtls_ssl_context *ssl,
/**
* \brief Set the supported Application Layer Protocols.
*
* \param ssl SSL context
* \param conf SSL configuration
* \param protos NULL-terminated list of supported protocols,
* in decreasing preference order.
*
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
*/
int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_context *ssl, const char **protos );
int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
/**
* \brief Get the name of the negotiated Application Layer Protocol.
@ -1769,7 +1771,7 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
*
* Note: This ignores ciphersuites from 'higher' versions.
*
* \param ssl SSL context
* \param conf SSL configuration
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
* \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
@ -1779,7 +1781,7 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
*/
int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor );
int mbedtls_ssl_set_max_version( mbedtls_ssl_config *conf, int major, int minor );
/**
* \brief Set the minimum accepted SSL/TLS protocol version
@ -1790,7 +1792,7 @@ int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor
*
* \note MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided.
*
* \param ssl SSL context
* \param conf SSL configuration
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
* \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
@ -1800,7 +1802,7 @@ int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
*/
int mbedtls_ssl_set_min_version( mbedtls_ssl_context *ssl, int major, int minor );
int mbedtls_ssl_set_min_version( mbedtls_ssl_config *conf, int major, int minor );
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
/**
@ -1834,10 +1836,10 @@ void mbedtls_ssl_set_fallback( mbedtls_ssl_context *ssl, char fallback );
* improvement, and should not cause any interoperability
* issue (used only if the peer supports it too).
*
* \param ssl SSL context
* \param conf SSL configuration
* \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
*/
void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_context *ssl, char etm );
void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
@ -1849,10 +1851,10 @@ void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_context *ssl, char etm );
* protocol, and should not cause any interoperability issue
* (used only if the peer supports it too).
*
* \param ssl SSL context
* \param conf SSL configuration
* \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
*/
void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_context *ssl, char ems );
void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_config *conf, char ems );
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
/**
@ -1865,10 +1867,10 @@ void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_context *ssl, char ems
* \note This function will likely be removed in future versions as
* RC4 will then be disabled by default at compile time.
*
* \param ssl SSL context
* \param conf SSL configuration
* \param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
*/
void mbedtls_ssl_set_arc4_support( mbedtls_ssl_context *ssl, char arc4 );
void mbedtls_ssl_set_arc4_support( mbedtls_ssl_config *conf, char arc4 );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
/**
@ -1895,13 +1897,13 @@ int mbedtls_ssl_set_max_frag_len( mbedtls_ssl_context *ssl, unsigned char mfl_co
* (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED on client,
* MBEDTLS_SSL_TRUNC_HMAC_ENABLED on server.)
*
* \param ssl SSL context
* \param conf SSL configuration
* \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or
* MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
*
* \return Always 0.
*/
int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_context *ssl, int truncate );
int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
@ -1942,10 +1944,10 @@ int mbedtls_ssl_set_session_tickets( mbedtls_ssl_context *ssl, int use_tickets )
* \brief Set session ticket lifetime (server only)
* (Default: MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day))
*
* \param ssl SSL context
* \param conf SSL configuration
* \param lifetime session ticket lifetime
*/
void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_context *ssl, int lifetime );
void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_config *conf, int lifetime );
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@ -1958,11 +1960,11 @@ void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_context *ssl, int life
* resource DoS by a malicious client. You should enable this on
* a client to enable server-initiated renegotiation.
*
* \param ssl SSL context
* \param conf SSL configuration
* \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
* MBEDTLS_SSL_RENEGOTIATION_DISABLED)
*/
void mbedtls_ssl_set_renegotiation( mbedtls_ssl_context *ssl, int renegotiation );
void mbedtls_ssl_set_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/**
@ -1987,12 +1989,12 @@ void mbedtls_ssl_set_renegotiation( mbedtls_ssl_context *ssl, int renegotiation
* that do not support renegotiation altogether.
* (Most secure option, interoperability issues)
*
* \param ssl SSL context
* \param conf SSL configuration
* \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
* SSL_ALLOW_LEGACY_RENEGOTIATION or
* MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
*/
void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_context *ssl, int allow_legacy );
void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
#if defined(MBEDTLS_SSL_RENEGOTIATION)
/**
@ -2027,12 +2029,12 @@ void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_context *ssl, int allow_legac
* if we receive application data from the server, we need a
* place to write it, which only happens during mbedtls_ssl_read().
*
* \param ssl SSL context
* \param conf SSL configuration
* \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
* enforce renegotiation, or a non-negative value to enforce
* it but allow for a grace period of max_records records.
*/
void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_context *ssl, int max_records );
void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
/**
* \brief Set record counter threshold for periodic renegotiation.
@ -2047,11 +2049,11 @@ void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_context *ssl, int max_r
* Lower values can be used to enforce policies such as "keys
* must be refreshed every N packets with cipher X".
*
* \param ssl SSL context
* \param conf SSL configuration
* \param period The threshold value: a big-endian 64-bit number.
* Set to 2^64 - 1 to disable periodic renegotiation
*/
void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_context *ssl,
void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_config *conf,
const unsigned char period[8] );
#endif /* MBEDTLS_SSL_RENEGOTIATION */

View File

@ -377,14 +377,14 @@ int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
return( 0 );
}
void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl,
void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_config *conf,
mbedtls_ssl_cookie_write_t *f_cookie_write,
mbedtls_ssl_cookie_check_t *f_cookie_check,
void *p_cookie )
{
ssl->conf->f_cookie_write = f_cookie_write;
ssl->conf->f_cookie_check = f_cookie_check;
ssl->conf->p_cookie = p_cookie;
conf->f_cookie_write = f_cookie_write;
conf->f_cookie_check = f_cookie_check;
conf->p_cookie = p_cookie;
}
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */

View File

@ -5168,52 +5168,52 @@ static int ssl_ticket_keys_init( mbedtls_ssl_context *ssl )
/*
* SSL set accessors
*/
void mbedtls_ssl_set_endpoint( mbedtls_ssl_context *ssl, int endpoint )
void mbedtls_ssl_set_endpoint( mbedtls_ssl_config *conf, int endpoint )
{
ssl->conf->endpoint = endpoint;
conf->endpoint = endpoint;
}
int mbedtls_ssl_set_transport( mbedtls_ssl_context *ssl, int transport )
int mbedtls_ssl_set_transport( mbedtls_ssl_config *conf, int transport )
{
ssl->conf->transport = transport;
conf->transport = transport;
return( 0 );
}
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode )
void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_config *conf, char mode )
{
ssl->conf->anti_replay = mode;
conf->anti_replay = mode;
}
#endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit )
void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit )
{
ssl->conf->badmac_limit = limit;
conf->badmac_limit = limit;
}
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_context *ssl, uint32_t min, uint32_t max )
void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max )
{
ssl->conf->hs_timeout_min = min;
ssl->conf->hs_timeout_max = max;
conf->hs_timeout_min = min;
conf->hs_timeout_max = max;
}
#endif
void mbedtls_ssl_set_authmode( mbedtls_ssl_context *ssl, int authmode )
void mbedtls_ssl_set_authmode( mbedtls_ssl_config *conf, int authmode )
{
ssl->conf->authmode = authmode;
conf->authmode = authmode;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
void mbedtls_ssl_set_verify( mbedtls_ssl_config *conf,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, int *),
void *p_vrfy )
{
ssl->conf->f_vrfy = f_vrfy;
ssl->conf->p_vrfy = p_vrfy;
conf->f_vrfy = f_vrfy;
conf->p_vrfy = p_vrfy;
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@ -5225,12 +5225,12 @@ void mbedtls_ssl_set_rng( mbedtls_ssl_context *ssl,
ssl->p_rng = p_rng;
}
void mbedtls_ssl_set_dbg( mbedtls_ssl_context *ssl,
void mbedtls_ssl_set_dbg( mbedtls_ssl_config *conf,
void (*f_dbg)(void *, int, const char *),
void *p_dbg )
{
ssl->conf->f_dbg = f_dbg;
ssl->conf->p_dbg = p_dbg;
conf->f_dbg = f_dbg;
conf->p_dbg = p_dbg;
}
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
@ -5267,14 +5267,14 @@ void mbedtls_ssl_set_bio_timeout( mbedtls_ssl_context *ssl,
}
#if defined(MBEDTLS_SSL_SRV_C)
void mbedtls_ssl_set_session_cache( mbedtls_ssl_context *ssl,
void mbedtls_ssl_set_session_cache( mbedtls_ssl_config *conf,
int (*f_get_cache)(void *, mbedtls_ssl_session *), void *p_get_cache,
int (*f_set_cache)(void *, const mbedtls_ssl_session *), void *p_set_cache )
{
ssl->conf->f_get_cache = f_get_cache;
ssl->conf->p_get_cache = p_get_cache;
ssl->conf->f_set_cache = f_set_cache;
ssl->conf->p_set_cache = p_set_cache;
conf->f_get_cache = f_get_cache;
conf->p_get_cache = p_get_cache;
conf->f_set_cache = f_set_cache;
conf->p_set_cache = p_set_cache;
}
#endif /* MBEDTLS_SSL_SRV_C */
@ -5300,15 +5300,16 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
}
#endif /* MBEDTLS_SSL_CLI_C */
void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_context *ssl, const int *ciphersuites )
void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_config *conf,
const int *ciphersuites )
{
ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites;
ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites;
ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites;
ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites;
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites;
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites;
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites;
conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites;
}
void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_context *ssl,
void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_config *conf,
const int *ciphersuites,
int major, int minor )
{
@ -5318,7 +5319,7 @@ void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_context *ssl,
if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 )
return;
ssl->conf->ciphersuite_list[minor] = ciphersuites;
conf->ciphersuite_list[minor] = ciphersuites;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@ -5407,51 +5408,39 @@ int mbedtls_ssl_set_psk( mbedtls_ssl_context *ssl, const unsigned char *psk, siz
return( 0 );
}
void mbedtls_ssl_set_psk_cb( mbedtls_ssl_context *ssl,
void mbedtls_ssl_set_psk_cb( mbedtls_ssl_config *conf,
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
size_t),
void *p_psk )
{
ssl->conf->f_psk = f_psk;
ssl->conf->p_psk = p_psk;
conf->f_psk = f_psk;
conf->p_psk = p_psk;
}
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
#if defined(MBEDTLS_DHM_C)
int mbedtls_ssl_set_dh_param( mbedtls_ssl_context *ssl, const char *dhm_P, const char *dhm_G )
int mbedtls_ssl_set_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G )
{
int ret;
if( ( ret = mbedtls_mpi_read_string( &ssl->conf->dhm_P, 16, dhm_P ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_read_string", ret );
if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 )
return( ret );
}
if( ( ret = mbedtls_mpi_read_string( &ssl->conf->dhm_G, 16, dhm_G ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_read_string", ret );
if( ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 )
return( ret );
}
return( 0 );
}
int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context *dhm_ctx )
int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx )
{
int ret;
if( ( ret = mbedtls_mpi_copy( &ssl->conf->dhm_P, &dhm_ctx->P ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret );
if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 )
return( ret );
}
if( ( ret = mbedtls_mpi_copy( &ssl->conf->dhm_G, &dhm_ctx->G ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret );
if( ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 )
return( ret );
}
return( 0 );
}
@ -5461,9 +5450,10 @@ int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context
/*
* Set the allowed elliptic curves
*/
void mbedtls_ssl_set_curves( mbedtls_ssl_context *ssl, const mbedtls_ecp_group_id *curve_list )
void mbedtls_ssl_set_curves( mbedtls_ssl_config *conf,
const mbedtls_ecp_group_id *curve_list )
{
ssl->conf->curve_list = curve_list;
conf->curve_list = curve_list;
}
#endif
@ -5491,18 +5481,18 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
return( 0 );
}
void mbedtls_ssl_set_sni( mbedtls_ssl_context *ssl,
void mbedtls_ssl_set_sni( mbedtls_ssl_config *conf,
int (*f_sni)(void *, mbedtls_ssl_context *,
const unsigned char *, size_t),
void *p_sni )
{
ssl->conf->f_sni = f_sni;
ssl->conf->p_sni = p_sni;
conf->f_sni = f_sni;
conf->p_sni = p_sni;
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_ALPN)
int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_context *ssl, const char **protos )
int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_config *conf, const char **protos )
{
size_t cur_len, tot_len;
const char **p;
@ -5521,7 +5511,7 @@ int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_context *ssl, const char **proto
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
ssl->conf->alpn_list = protos;
conf->alpn_list = protos;
return( 0 );
}
@ -5532,16 +5522,19 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl )
}
#endif /* MBEDTLS_SSL_ALPN */
static int ssl_check_version( const mbedtls_ssl_context *ssl, int major, int minor )
static int ssl_check_version( const mbedtls_ssl_config *conf,
int major, int minor )
{
if( major < MBEDTLS_SSL_MIN_MAJOR_VERSION || major > MBEDTLS_SSL_MAX_MAJOR_VERSION ||
minor < MBEDTLS_SSL_MIN_MINOR_VERSION || minor > MBEDTLS_SSL_MAX_MINOR_VERSION )
if( major < MBEDTLS_SSL_MIN_MAJOR_VERSION ||
major > MBEDTLS_SSL_MAX_MAJOR_VERSION ||
minor < MBEDTLS_SSL_MIN_MINOR_VERSION ||
minor > MBEDTLS_SSL_MAX_MINOR_VERSION )
{
return( -1 );
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
minor < MBEDTLS_SSL_MINOR_VERSION_2 )
{
return( -1 );
@ -5553,24 +5546,24 @@ static int ssl_check_version( const mbedtls_ssl_context *ssl, int major, int min
return( 0 );
}
int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor )
int mbedtls_ssl_set_max_version( mbedtls_ssl_config *conf, int major, int minor )
{
if( ssl_check_version( ssl, major, minor ) != 0 )
if( ssl_check_version( conf, major, minor ) != 0 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
ssl->conf->max_major_ver = major;
ssl->conf->max_minor_ver = minor;
conf->max_major_ver = major;
conf->max_minor_ver = minor;
return( 0 );
}
int mbedtls_ssl_set_min_version( mbedtls_ssl_context *ssl, int major, int minor )
int mbedtls_ssl_set_min_version( mbedtls_ssl_config *conf, int major, int minor )
{
if( ssl_check_version( ssl, major, minor ) != 0 )
if( ssl_check_version( conf, major, minor ) != 0 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
ssl->conf->min_major_ver = major;
ssl->conf->min_minor_ver = minor;
conf->min_major_ver = major;
conf->min_minor_ver = minor;
return( 0 );
}
@ -5583,22 +5576,22 @@ void mbedtls_ssl_set_fallback( mbedtls_ssl_context *ssl, char fallback )
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_context *ssl, char etm )
void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_config *conf, char etm )
{
ssl->conf->encrypt_then_mac = etm;
conf->encrypt_then_mac = etm;
}
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_context *ssl, char ems )
void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_config *conf, char ems )
{
ssl->conf->extended_ms = ems;
conf->extended_ms = ems;
}
#endif
void mbedtls_ssl_set_arc4_support( mbedtls_ssl_context *ssl, char arc4 )
void mbedtls_ssl_set_arc4_support( mbedtls_ssl_config *conf, char arc4 )
{
ssl->conf->arc4_disabled = arc4;
conf->arc4_disabled = arc4;
}
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@ -5617,9 +5610,9 @@ int mbedtls_ssl_set_max_frag_len( mbedtls_ssl_context *ssl, unsigned char mfl_co
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_context *ssl, int truncate )
int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_config *conf, int truncate )
{
ssl->conf->trunc_hmac = truncate;
conf->trunc_hmac = truncate;
return( 0 );
}
@ -5632,26 +5625,26 @@ void mbedtls_ssl_set_cbc_record_splitting( mbedtls_ssl_context *ssl, char split
}
#endif
void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_context *ssl, int allow_legacy )
void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy )
{
ssl->conf->allow_legacy_renegotiation = allow_legacy;
conf->allow_legacy_renegotiation = allow_legacy;
}
#if defined(MBEDTLS_SSL_RENEGOTIATION)
void mbedtls_ssl_set_renegotiation( mbedtls_ssl_context *ssl, int renegotiation )
void mbedtls_ssl_set_renegotiation( mbedtls_ssl_config *conf, int renegotiation )
{
ssl->conf->disable_renegotiation = renegotiation;
conf->disable_renegotiation = renegotiation;
}
void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_context *ssl, int max_records )
void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records )
{
ssl->conf->renego_max_records = max_records;
conf->renego_max_records = max_records;
}
void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_context *ssl,
void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_config *conf,
const unsigned char period[8] )
{
memcpy( ssl->conf->renego_period, period, 8 );
memcpy( conf->renego_period, period, 8 );
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
@ -5674,9 +5667,9 @@ int mbedtls_ssl_set_session_tickets( mbedtls_ssl_context *ssl, int use_tickets )
return( ssl_ticket_keys_init( ssl ) );
}
void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_context *ssl, int lifetime )
void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_config *conf, int lifetime )
{
ssl->conf->ticket_lifetime = lifetime;
conf->ticket_lifetime = lifetime;
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */

View File

@ -181,11 +181,11 @@ int main( int argc, char *argv[] )
/* OPTIONAL is usually a bad choice for security, but makes interop easier
* in this simplified example, in which the ca chain is hardcoded.
* Production code should set a proper ca chain and use REQUIRED. */
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, SERVER_NAME );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd,
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout,

View File

@ -206,13 +206,12 @@ int main( void )
goto exit;
}
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
mbedtls_ssl_set_session_cache( &conf,
mbedtls_ssl_cache_get, &cache,
mbedtls_ssl_cache_set, &cache );
#endif
@ -230,7 +229,7 @@ int main( void )
goto exit;
}
mbedtls_ssl_set_dtls_cookies( &ssl, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
mbedtls_ssl_set_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
&cookie_ctx );
printf( " ok\n" );

View File

@ -217,7 +217,7 @@ int main( void )
}
mbedtls_ssl_set_ca_chain( &ssl, &ca, NULL, HOSTNAME );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_REQUIRED );
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
#endif
/*

View File

@ -168,11 +168,11 @@ int main( void )
/* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, "mbed TLS Server 1" );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
/*

View File

@ -1065,15 +1065,15 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if( opt.debug_level > 0 )
mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
mbedtls_ssl_set_verify( &conf, my_verify, NULL );
#endif
if( opt.auth_mode != DFL_AUTH_MODE )
mbedtls_ssl_set_authmode( &ssl, opt.auth_mode );
mbedtls_ssl_set_authmode( &conf, opt.auth_mode );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max );
mbedtls_ssl_set_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@ -1086,17 +1086,17 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
mbedtls_ssl_set_truncated_hmac( &ssl, opt.trunc_hmac );
mbedtls_ssl_set_truncated_hmac( &conf, opt.trunc_hmac );
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
if( opt.extended_ms != DFL_EXTENDED_MS )
mbedtls_ssl_set_extended_master_secret( &ssl, opt.extended_ms );
mbedtls_ssl_set_extended_master_secret( &conf, opt.extended_ms );
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( opt.etm != DFL_ETM )
mbedtls_ssl_set_encrypt_then_mac( &ssl, opt.etm );
mbedtls_ssl_set_encrypt_then_mac( &conf, opt.etm );
#endif
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
@ -1108,7 +1108,7 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
if( ( ret = mbedtls_ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
if( ( ret = mbedtls_ssl_set_alpn_protocols( &conf, alpn_list ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_alpn_protocols returned %d\n\n", ret );
goto exit;
@ -1116,7 +1116,7 @@ int main( int argc, char *argv[] )
#endif
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
if( opt.nbio == 2 )
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, my_send, my_recv, NULL,
@ -1139,15 +1139,15 @@ int main( int argc, char *argv[] )
#endif
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
if( opt.arc4 != DFL_ARC4 )
mbedtls_ssl_set_arc4_support( &ssl, opt.arc4 );
mbedtls_ssl_set_arc4_support( &conf, opt.arc4 );
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
mbedtls_ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
mbedtls_ssl_legacy_renegotiation( &conf, opt.allow_legacy );
#if defined(MBEDTLS_SSL_RENEGOTIATION)
mbedtls_ssl_set_renegotiation( &ssl, opt.renegotiation );
mbedtls_ssl_set_renegotiation( &conf, opt.renegotiation );
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@ -1187,7 +1187,7 @@ int main( int argc, char *argv[] )
if( opt.min_version != DFL_MIN_VERSION )
{
ret = mbedtls_ssl_set_min_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
ret = mbedtls_ssl_set_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! selected min_version is not available\n" );
@ -1197,7 +1197,7 @@ int main( int argc, char *argv[] )
if( opt.max_version != DFL_MAX_VERSION )
{
ret = mbedtls_ssl_set_max_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
ret = mbedtls_ssl_set_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! selected max_version is not available\n" );

View File

@ -265,10 +265,8 @@ int main( void )
mbedtls_printf( " ok\n" );
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );

View File

@ -602,14 +602,14 @@ int main( int argc, char *argv[] )
/* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )

View File

@ -176,16 +176,15 @@ static void *handle_ssl_connection( void *data )
goto thread_exit;
}
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_mutexed_debug, stdout );
mbedtls_ssl_set_dbg( &conf, my_mutexed_debug, stdout );
/* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
* MBEDTLS_THREADING_C is set.
*/
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, thread_info->cache,
mbedtls_ssl_set_session_cache( &conf,
mbedtls_ssl_cache_get, thread_info->cache,
mbedtls_ssl_cache_set, thread_info->cache );
#endif

View File

@ -205,13 +205,12 @@ int main( void )
goto exit;
}
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
mbedtls_ssl_set_session_cache( &conf,
mbedtls_ssl_cache_get, &cache,
mbedtls_ssl_cache_set, &cache );
#endif

View File

@ -1534,13 +1534,12 @@ int main( int argc, char *argv[] )
goto exit;
}
mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
if( opt.auth_mode != DFL_AUTH_MODE )
mbedtls_ssl_set_authmode( &ssl, opt.auth_mode );
mbedtls_ssl_set_authmode( &conf, opt.auth_mode );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max );
mbedtls_ssl_set_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@ -1553,22 +1552,22 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
mbedtls_ssl_set_truncated_hmac( &ssl, opt.trunc_hmac );
mbedtls_ssl_set_truncated_hmac( &conf, opt.trunc_hmac );
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
if( opt.extended_ms != DFL_EXTENDED_MS )
mbedtls_ssl_set_extended_master_secret( &ssl, opt.extended_ms );
mbedtls_ssl_set_extended_master_secret( &conf, opt.extended_ms );
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( opt.etm != DFL_ETM )
mbedtls_ssl_set_encrypt_then_mac( &ssl, opt.etm );
mbedtls_ssl_set_encrypt_then_mac( &conf, opt.etm );
#endif
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
if( ( ret = mbedtls_ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
if( ( ret = mbedtls_ssl_set_alpn_protocols( &conf, alpn_list ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_alpn_protocols returned %d\n\n", ret );
goto exit;
@ -1576,7 +1575,7 @@ int main( int argc, char *argv[] )
#endif
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C)
if( opt.cache_max != -1 )
@ -1585,7 +1584,8 @@ int main( int argc, char *argv[] )
if( opt.cache_timeout != -1 )
mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout );
mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
mbedtls_ssl_set_session_cache( &conf,
mbedtls_ssl_cache_get, &cache,
mbedtls_ssl_cache_set, &cache );
#endif
@ -1597,7 +1597,7 @@ int main( int argc, char *argv[] )
}
if( opt.ticket_timeout != -1 )
mbedtls_ssl_set_session_ticket_lifetime( &ssl, opt.ticket_timeout );
mbedtls_ssl_set_session_ticket_lifetime( &conf, opt.ticket_timeout );
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -1613,7 +1613,7 @@ int main( int argc, char *argv[] )
goto exit;
}
mbedtls_ssl_set_dtls_cookies( &ssl, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
mbedtls_ssl_set_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
&cookie_ctx );
}
else
@ -1621,7 +1621,7 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
if( opt.cookies == 0 )
{
mbedtls_ssl_set_dtls_cookies( &ssl, NULL, NULL, NULL );
mbedtls_ssl_set_dtls_cookies( &conf, NULL, NULL, NULL );
}
else
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
@ -1631,50 +1631,50 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
if( opt.anti_replay != DFL_ANTI_REPLAY )
mbedtls_ssl_set_dtls_anti_replay( &ssl, opt.anti_replay );
mbedtls_ssl_set_dtls_anti_replay( &conf, opt.anti_replay );
#endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
if( opt.badmac_limit != DFL_BADMAC_LIMIT )
mbedtls_ssl_set_dtls_badmac_limit( &ssl, opt.badmac_limit );
mbedtls_ssl_set_dtls_badmac_limit( &conf, opt.badmac_limit );
#endif
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
if( opt.arc4 != DFL_ARC4 )
mbedtls_ssl_set_arc4_support( &ssl, opt.arc4 );
mbedtls_ssl_set_arc4_support( &conf, opt.arc4 );
if( opt.version_suites != NULL )
{
mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[0],
mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[0],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_0 );
mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[1],
mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[1],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_1 );
mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[2],
mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[2],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_2 );
mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[3],
mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[3],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_3 );
}
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
mbedtls_ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
mbedtls_ssl_legacy_renegotiation( &conf, opt.allow_legacy );
#if defined(MBEDTLS_SSL_RENEGOTIATION)
mbedtls_ssl_set_renegotiation( &ssl, opt.renegotiation );
mbedtls_ssl_set_renegotiation( &conf, opt.renegotiation );
if( opt.renego_delay != DFL_RENEGO_DELAY )
mbedtls_ssl_set_renegotiation_enforced( &ssl, opt.renego_delay );
mbedtls_ssl_set_renegotiation_enforced( &conf, opt.renego_delay );
if( opt.renego_period != DFL_RENEGO_PERIOD )
{
renego_period[7] = opt.renego_period;
mbedtls_ssl_set_renegotiation_period( &ssl, renego_period );
mbedtls_ssl_set_renegotiation_period( &conf, renego_period );
}
#endif
@ -1700,7 +1700,7 @@ int main( int argc, char *argv[] )
#if defined(SNI_OPTION)
if( opt.sni != NULL )
mbedtls_ssl_set_sni( &ssl, sni_callback, sni_info );
mbedtls_ssl_set_sni( &conf, sni_callback, sni_info );
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
@ -1717,7 +1717,7 @@ int main( int argc, char *argv[] )
}
if( opt.psk_list != NULL )
mbedtls_ssl_set_psk_cb( &ssl, psk_callback, psk_info );
mbedtls_ssl_set_psk_cb( &conf, psk_callback, psk_info );
#endif
#if defined(MBEDTLS_DHM_C)
@ -1726,10 +1726,10 @@ int main( int argc, char *argv[] )
*/
#if defined(MBEDTLS_FS_IO)
if( opt.dhm_file != NULL )
ret = mbedtls_ssl_set_dh_param_ctx( &ssl, &dhm );
ret = mbedtls_ssl_set_dh_param_ctx( &conf, &dhm );
else
#endif
ret = mbedtls_ssl_set_dh_param( &ssl, MBEDTLS_DHM_RFC5114_MODP_2048_P,
ret = mbedtls_ssl_set_dh_param( &conf, MBEDTLS_DHM_RFC5114_MODP_2048_P,
MBEDTLS_DHM_RFC5114_MODP_2048_G );
if( ret != 0 )
@ -1741,7 +1741,7 @@ int main( int argc, char *argv[] )
if( opt.min_version != DFL_MIN_VERSION )
{
ret = mbedtls_ssl_set_min_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
ret = mbedtls_ssl_set_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! selected min_version is not available\n" );
@ -1751,7 +1751,7 @@ int main( int argc, char *argv[] )
if( opt.max_version != DFL_MIN_VERSION )
{
ret = mbedtls_ssl_set_max_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
ret = mbedtls_ssl_set_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! selected max_version is not available\n" );

View File

@ -412,15 +412,15 @@ int main( int argc, char *argv[] )
if( verify )
{
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_REQUIRED );
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
mbedtls_ssl_set_verify( &conf, my_verify, NULL );
}
else
mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )

View File

@ -46,7 +46,7 @@ void debug_print_msg_threshold( int threshold, int level, char *file, int line,
mbedtls_debug_set_log_mode( MBEDTLS_DEBUG_LOG_FULL );
mbedtls_debug_set_threshold( threshold );
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_msg( &ssl, level, file, line,
mbedtls_debug_fmt("Text message, 2 == %d", 2 ) );
@ -75,7 +75,7 @@ void mbedtls_debug_print_ret( int mode, char *file, int line, char *text, int va
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_set_log_mode( mode );
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_ret( &ssl, 0, file, line, text, value);
@ -108,7 +108,7 @@ void mbedtls_debug_print_buf( int mode, char *file, int line, char *text,
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_set_log_mode( mode );
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_buf( &ssl, 0, file, line, text, data, data_len );
@ -138,7 +138,7 @@ void mbedtls_debug_print_crt( int mode, char *crt_file, char *file, int line,
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_set_log_mode( mode );
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
mbedtls_debug_print_crt( &ssl, 0, file, line, prefix, &crt);
@ -172,7 +172,7 @@ void mbedtls_debug_print_mpi( int mode, int radix, char *value, char *file, int
TEST_ASSERT( mbedtls_mpi_read_string( &val, radix, value ) == 0 );
mbedtls_debug_set_log_mode( mode );
mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val);