mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-08-01 10:06:53 +03:00
Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.3rc0-pr
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
This commit is contained in:
Minos Galanakis
@ -68,6 +68,7 @@ int main(void)
|
||||
#define DFL_MAX_VERSION -1
|
||||
#define DFL_SHA1 -1
|
||||
#define DFL_AUTH_MODE -1
|
||||
#define DFL_SET_HOSTNAME 1
|
||||
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
|
||||
#define DFL_TRUNC_HMAC -1
|
||||
#define DFL_RECSPLIT -1
|
||||
@ -407,6 +408,9 @@ int main(void)
|
||||
#define USAGE2 \
|
||||
" auth_mode=%%s default: (library default: none)\n" \
|
||||
" options: none, optional, required\n" \
|
||||
" set_hostname=%%s call mbedtls_ssl_set_hostname()?" \
|
||||
" options: no, server_name, NULL\n" \
|
||||
" default: server_name (but ignored if certs disabled)\n" \
|
||||
USAGE_IO \
|
||||
USAGE_KEY_OPAQUE \
|
||||
USAGE_CA_CALLBACK \
|
||||
@ -509,6 +513,8 @@ struct options {
|
||||
int max_version; /* maximum protocol version accepted */
|
||||
int allow_sha1; /* flag for SHA-1 support */
|
||||
int auth_mode; /* verify mode for connection */
|
||||
int set_hostname; /* call mbedtls_ssl_set_hostname()? */
|
||||
/* 0=no, 1=yes, -1=NULL */
|
||||
unsigned char mfl_code; /* code for maximum fragment length */
|
||||
int trunc_hmac; /* negotiate truncated hmac or not */
|
||||
int recsplit; /* enable record splitting? */
|
||||
@ -965,6 +971,7 @@ int main(int argc, char *argv[])
|
||||
opt.max_version = DFL_MAX_VERSION;
|
||||
opt.allow_sha1 = DFL_SHA1;
|
||||
opt.auth_mode = DFL_AUTH_MODE;
|
||||
opt.set_hostname = DFL_SET_HOSTNAME;
|
||||
opt.mfl_code = DFL_MFL_CODE;
|
||||
opt.trunc_hmac = DFL_TRUNC_HMAC;
|
||||
opt.recsplit = DFL_RECSPLIT;
|
||||
@ -1364,6 +1371,16 @@ usage:
|
||||
} else {
|
||||
goto usage;
|
||||
}
|
||||
} else if (strcmp(p, "set_hostname") == 0) {
|
||||
if (strcmp(q, "no") == 0) {
|
||||
opt.set_hostname = 0;
|
||||
} else if (strcmp(q, "server_name") == 0) {
|
||||
opt.set_hostname = 1;
|
||||
} else if (strcmp(q, "NULL") == 0) {
|
||||
opt.set_hostname = -1;
|
||||
} else {
|
||||
goto usage;
|
||||
}
|
||||
} else if (strcmp(p, "max_frag_len") == 0) {
|
||||
if (strcmp(q, "512") == 0) {
|
||||
opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
|
||||
@ -2081,10 +2098,24 @@ usage:
|
||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
|
||||
ret);
|
||||
goto exit;
|
||||
switch (opt.set_hostname) {
|
||||
case -1:
|
||||
if ((ret = mbedtls_ssl_set_hostname(&ssl, NULL)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
|
||||
ret);
|
||||
goto exit;
|
||||
}
|
||||
break;
|
||||
case 0:
|
||||
/* Skip the call */
|
||||
break;
|
||||
default:
|
||||
if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
|
||||
ret);
|
||||
goto exit;
|
||||
}
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
@ -315,7 +315,7 @@ uint16_t ssl_sig_algs_for_test[] = {
|
||||
};
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
/** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function
|
||||
* for more info.
|
||||
*/
|
||||
@ -350,9 +350,7 @@ static int x509_crt_verify_info(char *buf, size_t size, const char *prefix,
|
||||
return (int) (size - n);
|
||||
#endif /* MBEDTLS_X509_REMOVE_INFO */
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
static void mbedtls_print_supported_sig_algs(void)
|
||||
{
|
||||
mbedtls_printf("supported signature algorithms:\n");
|
||||
|
||||
Reference in New Issue
Block a user