mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-30 22:43:08 +03:00
Replace x509_CRT_PARSE_C with KEY_EXCHANGE_WITH_CERT_ENABLED
SSL programs use certificates in an exchange, so it's more natural to have such dependency instead of just certificate parsing. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek
@ -116,7 +116,7 @@ int main( void )
|
|||||||
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
|
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
|
||||||
#define GET_REQUEST_END "\r\n\r\n"
|
#define GET_REQUEST_END "\r\n\r\n"
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
#define USAGE_CONTEXT_CRT_CB \
|
#define USAGE_CONTEXT_CRT_CB \
|
||||||
" context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \
|
" context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \
|
||||||
" to the SSL configuration of the SSL context.\n" \
|
" to the SSL configuration of the SSL context.\n" \
|
||||||
@ -125,8 +125,8 @@ int main( void )
|
|||||||
" - 1: Use CRT callback bound to SSL context\n"
|
" - 1: Use CRT callback bound to SSL context\n"
|
||||||
#else
|
#else
|
||||||
#define USAGE_CONTEXT_CRT_CB ""
|
#define USAGE_CONTEXT_CRT_CB ""
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
#if defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_FS_IO)
|
||||||
#define USAGE_IO \
|
#define USAGE_IO \
|
||||||
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
||||||
@ -144,10 +144,10 @@ int main( void )
|
|||||||
#define USAGE_IO \
|
#define USAGE_IO \
|
||||||
" No file operations available (MBEDTLS_FS_IO not defined)\n"
|
" No file operations available (MBEDTLS_FS_IO not defined)\n"
|
||||||
#endif /* MBEDTLS_FS_IO */
|
#endif /* MBEDTLS_FS_IO */
|
||||||
#else /* MBEDTLS_X509_CRT_PARSE_C */
|
#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
#define USAGE_IO ""
|
#define USAGE_IO ""
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
#define USAGE_KEY_OPAQUE \
|
#define USAGE_KEY_OPAQUE \
|
||||||
" key_opaque=%%d Handle your private key as if it were opaque\n" \
|
" key_opaque=%%d Handle your private key as if it were opaque\n" \
|
||||||
" default: 0 (disabled)\n"
|
" default: 0 (disabled)\n"
|
||||||
@ -689,9 +689,6 @@ int main( int argc, char *argv[] )
|
|||||||
psa_status_t status;
|
psa_status_t status;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
|
||||||
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
|
|
||||||
#endif
|
|
||||||
rng_context_t rng;
|
rng_context_t rng;
|
||||||
mbedtls_ssl_context ssl;
|
mbedtls_ssl_context ssl;
|
||||||
mbedtls_ssl_config conf;
|
mbedtls_ssl_config conf;
|
||||||
@ -701,17 +698,16 @@ int main( int argc, char *argv[] )
|
|||||||
#if defined(MBEDTLS_TIMING_C)
|
#if defined(MBEDTLS_TIMING_C)
|
||||||
mbedtls_timing_delay_context timer;
|
mbedtls_timing_delay_context timer;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
uint32_t flags;
|
uint32_t flags;
|
||||||
#endif
|
|
||||||
mbedtls_x509_crt cacert;
|
mbedtls_x509_crt cacert;
|
||||||
mbedtls_x509_crt clicert;
|
mbedtls_x509_crt clicert;
|
||||||
mbedtls_pk_context pkey;
|
mbedtls_pk_context pkey;
|
||||||
|
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_key_id_t key_slot = 0; /* invalid key slot */
|
psa_key_id_t key_slot = 0; /* invalid key slot */
|
||||||
#endif
|
#endif
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
char *p, *q;
|
char *p, *q;
|
||||||
const int *list;
|
const int *list;
|
||||||
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
||||||
@ -754,7 +750,7 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_ssl_config_init( &conf );
|
mbedtls_ssl_config_init( &conf );
|
||||||
memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
|
memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
|
||||||
rng_init( &rng );
|
rng_init( &rng );
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
mbedtls_x509_crt_init( &cacert );
|
mbedtls_x509_crt_init( &cacert );
|
||||||
mbedtls_x509_crt_init( &clicert );
|
mbedtls_x509_crt_init( &clicert );
|
||||||
mbedtls_pk_init( &pkey );
|
mbedtls_pk_init( &pkey );
|
||||||
@ -948,7 +944,7 @@ int main( int argc, char *argv[] )
|
|||||||
opt.key_file = q;
|
opt.key_file = q;
|
||||||
else if( strcmp( p, "key_pwd" ) == 0 )
|
else if( strcmp( p, "key_pwd" ) == 0 )
|
||||||
opt.key_pwd = q;
|
opt.key_pwd = q;
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
else if( strcmp( p, "key_opaque" ) == 0 )
|
else if( strcmp( p, "key_opaque" ) == 0 )
|
||||||
opt.key_opaque = atoi( q );
|
opt.key_opaque = atoi( q );
|
||||||
#endif
|
#endif
|
||||||
@ -1544,7 +1540,7 @@ int main( int argc, char *argv[] )
|
|||||||
goto exit;
|
goto exit;
|
||||||
mbedtls_printf( " ok\n" );
|
mbedtls_printf( " ok\n" );
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
/*
|
/*
|
||||||
* 1.1. Load the trusted CA
|
* 1.1. Load the trusted CA
|
||||||
*/
|
*/
|
||||||
@ -1673,7 +1669,7 @@ int main( int argc, char *argv[] )
|
|||||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
mbedtls_printf( " ok (key type: %s)\n", mbedtls_pk_get_name( &pkey ) );
|
mbedtls_printf( " ok (key type: %s)\n", mbedtls_pk_get_name( &pkey ) );
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 2. Start the connection
|
* 2. Start the connection
|
||||||
@ -1725,7 +1721,7 @@ int main( int argc, char *argv[] )
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
/* The default algorithms profile disables SHA-1, but our tests still
|
/* The default algorithms profile disables SHA-1, but our tests still
|
||||||
rely on it heavily. */
|
rely on it heavily. */
|
||||||
if( opt.allow_sha1 > 0 )
|
if( opt.allow_sha1 > 0 )
|
||||||
@ -1739,7 +1735,7 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
|
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
|
||||||
|
|
||||||
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
|
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
|
if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
|
||||||
@ -1910,7 +1906,7 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
|
mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
if( strcmp( opt.ca_path, "none" ) != 0 &&
|
if( strcmp( opt.ca_path, "none" ) != 0 &&
|
||||||
strcmp( opt.ca_file, "none" ) != 0 )
|
strcmp( opt.ca_file, "none" ) != 0 )
|
||||||
{
|
{
|
||||||
@ -1931,7 +1927,7 @@ int main( int argc, char *argv[] )
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_C)
|
#if defined(MBEDTLS_ECP_C)
|
||||||
if( opt.curves != NULL &&
|
if( opt.curves != NULL &&
|
||||||
@ -2001,7 +1997,7 @@ int main( int argc, char *argv[] )
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
|
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
|
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
|
||||||
@ -2024,11 +2020,10 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
|
||||||
if( opt.context_crt_cb == 1 )
|
if( opt.context_crt_cb == 1 )
|
||||||
mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
|
mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
io_ctx.ssl = &ssl;
|
io_ctx.ssl = &ssl;
|
||||||
io_ctx.net = &server_fd;
|
io_ctx.net = &server_fd;
|
||||||
@ -2328,8 +2323,7 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
|
||||||
/*
|
/*
|
||||||
* 5. Verify the server certificate
|
* 5. Verify the server certificate
|
||||||
*/
|
*/
|
||||||
@ -2351,7 +2345,7 @@ int main( int argc, char *argv[] )
|
|||||||
|
|
||||||
mbedtls_printf( " . Peer certificate information ...\n" );
|
mbedtls_printf( " . Peer certificate information ...\n" );
|
||||||
mbedtls_printf( "%s\n", peer_crt_info );
|
mbedtls_printf( "%s\n", peer_crt_info );
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
ret = report_cid_usage( &ssl, "initial handshake" );
|
ret = report_cid_usage( &ssl, "initial handshake" );
|
||||||
@ -2679,10 +2673,9 @@ send_request:
|
|||||||
mbedtls_printf( " . Restarting connection from same port..." );
|
mbedtls_printf( " . Restarting connection from same port..." );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
|
||||||
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
|
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
@ -2916,10 +2909,9 @@ reconnect:
|
|||||||
|
|
||||||
mbedtls_printf( " . Reconnecting with saved session..." );
|
mbedtls_printf( " . Reconnecting with saved session..." );
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
|
||||||
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
|
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
|
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
|
||||||
{
|
{
|
||||||
@ -3013,14 +3005,14 @@ exit:
|
|||||||
mbedtls_free( context_buf );
|
mbedtls_free( context_buf );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
mbedtls_x509_crt_free( &clicert );
|
mbedtls_x509_crt_free( &clicert );
|
||||||
mbedtls_x509_crt_free( &cacert );
|
mbedtls_x509_crt_free( &cacert );
|
||||||
mbedtls_pk_free( &pkey );
|
mbedtls_pk_free( &pkey );
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_destroy_key( key_slot );
|
psa_destroy_key( key_slot );
|
||||||
#endif
|
#endif
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
|
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
|
||||||
defined(MBEDTLS_USE_PSA_CRYPTO)
|
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
|
|||||||
@ -168,7 +168,7 @@ int main( void )
|
|||||||
*/
|
*/
|
||||||
#define DFL_IO_BUF_LEN 200
|
#define DFL_IO_BUF_LEN 200
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
#if defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_FS_IO)
|
||||||
#define USAGE_IO \
|
#define USAGE_IO \
|
||||||
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
||||||
@ -199,8 +199,8 @@ int main( void )
|
|||||||
#endif /* MBEDTLS_FS_IO */
|
#endif /* MBEDTLS_FS_IO */
|
||||||
#else
|
#else
|
||||||
#define USAGE_IO ""
|
#define USAGE_IO ""
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
#define USAGE_KEY_OPAQUE \
|
#define USAGE_KEY_OPAQUE \
|
||||||
" key_opaque=%%d Handle your private keys as if they were opaque\n" \
|
" key_opaque=%%d Handle your private keys as if they were opaque\n" \
|
||||||
" default: 0 (disabled)\n"
|
" default: 0 (disabled)\n"
|
||||||
@ -1300,11 +1300,6 @@ int main( int argc, char *argv[] )
|
|||||||
#if defined(MBEDTLS_SSL_COOKIE_C)
|
#if defined(MBEDTLS_SSL_COOKIE_C)
|
||||||
mbedtls_ssl_cookie_ctx cookie_ctx;
|
mbedtls_ssl_cookie_ctx cookie_ctx;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
|
||||||
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
|
|
||||||
#endif
|
|
||||||
rng_context_t rng;
|
rng_context_t rng;
|
||||||
mbedtls_ssl_context ssl;
|
mbedtls_ssl_context ssl;
|
||||||
mbedtls_ssl_config conf;
|
mbedtls_ssl_config conf;
|
||||||
@ -1314,13 +1309,14 @@ int main( int argc, char *argv[] )
|
|||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
unsigned char renego_period[8] = { 0 };
|
unsigned char renego_period[8] = { 0 };
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
uint32_t flags;
|
uint32_t flags;
|
||||||
mbedtls_x509_crt cacert;
|
mbedtls_x509_crt cacert;
|
||||||
mbedtls_x509_crt srvcert;
|
mbedtls_x509_crt srvcert;
|
||||||
mbedtls_pk_context pkey;
|
mbedtls_pk_context pkey;
|
||||||
mbedtls_x509_crt srvcert2;
|
mbedtls_x509_crt srvcert2;
|
||||||
mbedtls_pk_context pkey2;
|
mbedtls_pk_context pkey2;
|
||||||
|
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_key_id_t key_slot = 0; /* invalid key slot */
|
psa_key_id_t key_slot = 0; /* invalid key slot */
|
||||||
psa_key_id_t key_slot2 = 0; /* invalid key slot */
|
psa_key_id_t key_slot2 = 0; /* invalid key slot */
|
||||||
@ -1329,7 +1325,7 @@ int main( int argc, char *argv[] )
|
|||||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||||
ssl_async_key_context_t ssl_async_keys;
|
ssl_async_key_context_t ssl_async_keys;
|
||||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
|
||||||
mbedtls_dhm_context dhm;
|
mbedtls_dhm_context dhm;
|
||||||
#endif
|
#endif
|
||||||
@ -1408,7 +1404,7 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_ssl_init( &ssl );
|
mbedtls_ssl_init( &ssl );
|
||||||
mbedtls_ssl_config_init( &conf );
|
mbedtls_ssl_config_init( &conf );
|
||||||
rng_init( &rng );
|
rng_init( &rng );
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
mbedtls_x509_crt_init( &cacert );
|
mbedtls_x509_crt_init( &cacert );
|
||||||
mbedtls_x509_crt_init( &srvcert );
|
mbedtls_x509_crt_init( &srvcert );
|
||||||
mbedtls_pk_init( &pkey );
|
mbedtls_pk_init( &pkey );
|
||||||
@ -1627,7 +1623,7 @@ int main( int argc, char *argv[] )
|
|||||||
opt.key_file = q;
|
opt.key_file = q;
|
||||||
else if( strcmp( p, "key_pwd" ) == 0 )
|
else if( strcmp( p, "key_pwd" ) == 0 )
|
||||||
opt.key_pwd = q;
|
opt.key_pwd = q;
|
||||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
else if( strcmp( p, "key_opaque" ) == 0 )
|
else if( strcmp( p, "key_opaque" ) == 0 )
|
||||||
opt.key_opaque = atoi( q );
|
opt.key_opaque = atoi( q );
|
||||||
#endif
|
#endif
|
||||||
@ -2347,7 +2343,7 @@ int main( int argc, char *argv[] )
|
|||||||
goto exit;
|
goto exit;
|
||||||
mbedtls_printf( " ok\n" );
|
mbedtls_printf( " ok\n" );
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
/*
|
/*
|
||||||
* 1.1. Load the trusted CA
|
* 1.1. Load the trusted CA
|
||||||
*/
|
*/
|
||||||
@ -2543,7 +2539,7 @@ int main( int argc, char *argv[] )
|
|||||||
#endif /* MBEDTLS_CERTS_C */
|
#endif /* MBEDTLS_CERTS_C */
|
||||||
|
|
||||||
mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) );
|
mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) );
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
|
||||||
if( opt.dhm_file != NULL )
|
if( opt.dhm_file != NULL )
|
||||||
@ -2612,7 +2608,7 @@ int main( int argc, char *argv[] )
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
/* The default algorithms profile disables SHA-1, but our tests still
|
/* The default algorithms profile disables SHA-1, but our tests still
|
||||||
rely on it heavily. Hence we allow it here. A real-world server
|
rely on it heavily. Hence we allow it here. A real-world server
|
||||||
should use the default profile unless there is a good reason not to. */
|
should use the default profile unless there is a good reason not to. */
|
||||||
@ -2622,7 +2618,7 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
|
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
|
||||||
mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
|
mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
if( opt.auth_mode != DFL_AUTH_MODE )
|
if( opt.auth_mode != DFL_AUTH_MODE )
|
||||||
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
|
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
|
||||||
@ -2876,7 +2872,7 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
if( strcmp( opt.ca_path, "none" ) != 0 &&
|
if( strcmp( opt.ca_path, "none" ) != 0 &&
|
||||||
strcmp( opt.ca_file, "none" ) != 0 )
|
strcmp( opt.ca_file, "none" ) != 0 )
|
||||||
{
|
{
|
||||||
@ -2965,7 +2961,7 @@ int main( int argc, char *argv[] )
|
|||||||
&ssl_async_keys );
|
&ssl_async_keys );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(SNI_OPTION)
|
#if defined(SNI_OPTION)
|
||||||
if( opt.sni != NULL )
|
if( opt.sni != NULL )
|
||||||
@ -3215,8 +3211,6 @@ reset:
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
mbedtls_printf( " ok\n" );
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 4. Handshake
|
* 4. Handshake
|
||||||
*/
|
*/
|
||||||
@ -3261,7 +3255,7 @@ handshake:
|
|||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
|
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
|
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
|
||||||
{
|
{
|
||||||
char vrfy_buf[512];
|
char vrfy_buf[512];
|
||||||
@ -3307,7 +3301,7 @@ handshake:
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
/*
|
/*
|
||||||
* 5. Verify the client certificate
|
* 5. Verify the client certificate
|
||||||
*/
|
*/
|
||||||
@ -3335,7 +3329,7 @@ handshake:
|
|||||||
mbedtls_ssl_get_peer_cert( &ssl ) );
|
mbedtls_ssl_get_peer_cert( &ssl ) );
|
||||||
mbedtls_printf( "%s\n", crt_buf );
|
mbedtls_printf( "%s\n", crt_buf );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
|
||||||
if( opt.eap_tls != 0 )
|
if( opt.eap_tls != 0 )
|
||||||
@ -4031,7 +4025,7 @@ exit:
|
|||||||
mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
|
mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||||
mbedtls_x509_crt_free( &cacert );
|
mbedtls_x509_crt_free( &cacert );
|
||||||
mbedtls_x509_crt_free( &srvcert );
|
mbedtls_x509_crt_free( &srvcert );
|
||||||
mbedtls_pk_free( &pkey );
|
mbedtls_pk_free( &pkey );
|
||||||
|
|||||||
Reference in New Issue
Block a user