lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

Add ssl_set_hs_ca_chain()

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard
2015-05-11 08:46:37 +02:00
parent 1897af9e93
commit 22bfa4bb53
3 changed files with 58 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
library/ssl_tls.c
View File

@ -4029,7 +4029,21 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
if( ssl->conf->authmode != MBEDTLS_SSL_VERIFY_NONE )
{
if( ssl->conf->ca_chain == NULL )
mbedtls_x509_crt *ca_chain;
mbedtls_x509_crl *ca_crl;
if( ssl->handshake->sni_ca_chain != NULL )
{
ca_chain = ssl->handshake->sni_ca_chain;
ca_crl = ssl->handshake->sni_ca_crl;
}
else
{
ca_chain = ssl->conf->ca_chain;
ca_crl = ssl->conf->ca_crl;
}
if( ca_chain == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
return( MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED );
@ -4039,7 +4053,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
* Main check: verify certificate
*/
ret = mbedtls_x509_crt_verify( ssl->session_negotiate->peer_cert,
ssl->conf->ca_chain, ssl->conf->ca_crl, ssl->hostname,
ca_chain, ca_crl, ssl->hostname,
&ssl->session_negotiate->verify_result,
ssl->conf->f_vrfy, ssl->conf->p_vrfy );
@ -5360,6 +5374,14 @@ int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
return( ssl_append_key_cert( &ssl->handshake->sni_key_cert,
own_cert, pk_key ) );
}
void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
mbedtls_x509_crt *ca_chain,
mbedtls_x509_crl *ca_crl )
{
ssl->handshake->sni_ca_chain = ca_chain;
ssl->handshake->sni_ca_crl = ca_crl;
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)