mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-29 11:41:15 +03:00
Merge branch 'Mbed-TLS:development' into ssl_client2-add-build-version
This commit is contained in:
Yanray Wang
GitHub
@ -124,7 +124,7 @@ int main( void )
|
||||
#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
|
||||
#define GET_REQUEST_END "\r\n\r\n"
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#define USAGE_CONTEXT_CRT_CB \
|
||||
" context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \
|
||||
" to the SSL configuration of the SSL context.\n" \
|
||||
@ -133,8 +133,8 @@ int main( void )
|
||||
" - 1: Use CRT callback bound to SSL context\n"
|
||||
#else
|
||||
#define USAGE_CONTEXT_CRT_CB ""
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
#define USAGE_IO \
|
||||
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
||||
@ -152,10 +152,10 @@ int main( void )
|
||||
#define USAGE_IO \
|
||||
" No file operations available (MBEDTLS_FS_IO not defined)\n"
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
#else /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#define USAGE_IO ""
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#define USAGE_KEY_OPAQUE \
|
||||
" key_opaque=%%d Handle your private key as if it were opaque\n" \
|
||||
" default: 0 (disabled)\n"
|
||||
@ -554,7 +554,7 @@ struct options
|
||||
|
||||
#include "ssl_test_common_source.c"
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
static unsigned char peer_crt_info[1024];
|
||||
|
||||
/*
|
||||
@ -592,7 +592,7 @@ static int my_verify( void *data, mbedtls_x509_crt *crt,
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
int report_cid_usage( mbedtls_ssl_context *ssl,
|
||||
@ -781,9 +781,6 @@ int main( int argc, char *argv[] )
|
||||
psa_status_t status;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
|
||||
#endif
|
||||
rng_context_t rng;
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
@ -793,15 +790,16 @@ int main( int argc, char *argv[] )
|
||||
#if defined(MBEDTLS_TIMING_C)
|
||||
mbedtls_timing_delay_context timer;
|
||||
#endif
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
uint32_t flags;
|
||||
mbedtls_x509_crt cacert;
|
||||
mbedtls_x509_crt clicert;
|
||||
mbedtls_pk_context pkey;
|
||||
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
|
||||
#endif
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
char *p, *q;
|
||||
const int *list;
|
||||
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
|
||||
@ -842,7 +840,7 @@ int main( int argc, char *argv[] )
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
|
||||
rng_init( &rng );
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
mbedtls_x509_crt_init( &cacert );
|
||||
mbedtls_x509_crt_init( &clicert );
|
||||
mbedtls_pk_init( &pkey );
|
||||
@ -1056,7 +1054,7 @@ int main( int argc, char *argv[] )
|
||||
opt.key_file = q;
|
||||
else if( strcmp( p, "key_pwd" ) == 0 )
|
||||
opt.key_pwd = q;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
else if( strcmp( p, "key_opaque" ) == 0 )
|
||||
opt.key_opaque = atoi( q );
|
||||
#endif
|
||||
@ -1742,7 +1740,7 @@ int main( int argc, char *argv[] )
|
||||
goto exit;
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
/*
|
||||
* 1.1. Load the trusted CA
|
||||
*/
|
||||
@ -1864,7 +1862,7 @@ int main( int argc, char *argv[] )
|
||||
mbedtls_printf( " ok (key type: %s)\n",
|
||||
strlen( opt.key_file ) || strlen( opt.key_opaque_alg1 ) ?
|
||||
mbedtls_pk_get_name( &pkey ) : "none" );
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
/*
|
||||
* 2. Setup stuff
|
||||
@ -1882,7 +1880,6 @@ int main( int argc, char *argv[] )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
/* The default algorithms profile disables SHA-1, but our tests still
|
||||
rely on it heavily. */
|
||||
@ -1897,7 +1894,6 @@ int main( int argc, char *argv[] )
|
||||
|
||||
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
if( opt.cid_enabled == 1 || opt.cid_enabled_renego == 1 )
|
||||
@ -2034,7 +2030,7 @@ int main( int argc, char *argv[] )
|
||||
mbedtls_ssl_conf_renegotiation( &conf, opt.renegotiation );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
if( strcmp( opt.ca_path, "none" ) != 0 &&
|
||||
strcmp( opt.ca_file, "none" ) != 0 )
|
||||
{
|
||||
@ -2055,7 +2051,7 @@ int main( int argc, char *argv[] )
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
if( opt.curves != NULL &&
|
||||
@ -2065,7 +2061,8 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
if( opt.sig_algs != NULL )
|
||||
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
@ -2142,7 +2139,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
if( ( ret = mbedtls_ssl_set_hostname( &ssl, opt.server_name ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
|
||||
@ -2165,10 +2162,10 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
if( opt.context_crt_cb == 1 )
|
||||
mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
io_ctx.ssl = &ssl;
|
||||
io_ctx.net = &server_fd;
|
||||
@ -2489,7 +2486,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
/*
|
||||
* 5. Verify the server certificate
|
||||
*/
|
||||
@ -2512,7 +2509,7 @@ int main( int argc, char *argv[] )
|
||||
mbedtls_printf( " . Peer certificate information ...\n" );
|
||||
mbedtls_printf( "%s\n", peer_crt_info );
|
||||
#endif /* !MBEDTLS_X509_REMOVE_INFO */
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
ret = report_cid_usage( &ssl, "initial handshake" );
|
||||
@ -2887,9 +2884,9 @@ send_request:
|
||||
mbedtls_printf( " . Restarting connection from same port..." );
|
||||
fflush( stdout );
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
|
||||
{
|
||||
@ -3123,9 +3120,9 @@ reconnect:
|
||||
|
||||
mbedtls_printf( " . Reconnecting with saved session..." );
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
memset( peer_crt_info, 0, sizeof( peer_crt_info ) );
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
if( ( ret = mbedtls_ssl_session_reset( &ssl ) ) != 0 )
|
||||
{
|
||||
@ -3229,14 +3226,14 @@ exit:
|
||||
mbedtls_free( context_buf );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
mbedtls_x509_crt_free( &clicert );
|
||||
mbedtls_x509_crt_free( &cacert );
|
||||
mbedtls_pk_free( &pkey );
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
psa_destroy_key( key_slot );
|
||||
#endif
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) && \
|
||||
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
||||
@ -175,7 +175,7 @@ int main( void )
|
||||
*/
|
||||
#define DFL_IO_BUF_LEN 200
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#if defined(MBEDTLS_FS_IO)
|
||||
#define USAGE_IO \
|
||||
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
||||
@ -206,8 +206,8 @@ int main( void )
|
||||
#endif /* MBEDTLS_FS_IO */
|
||||
#else
|
||||
#define USAGE_IO ""
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
#define USAGE_KEY_OPAQUE \
|
||||
" key_opaque=%%d Handle your private keys as if they were opaque\n" \
|
||||
" default: 0 (disabled)\n"
|
||||
@ -1103,14 +1103,6 @@ typedef enum
|
||||
ASYNC_OP_SIGN,
|
||||
ASYNC_OP_DECRYPT,
|
||||
} ssl_async_operation_type_t;
|
||||
/* Note that the enum above and the array below need to be kept in sync!
|
||||
* `ssl_async_operation_names[op]` is the name of op for each value `op`
|
||||
* of type `ssl_async_operation_type_t`. */
|
||||
static const char *const ssl_async_operation_names[] =
|
||||
{
|
||||
"sign",
|
||||
"decrypt",
|
||||
};
|
||||
|
||||
typedef struct
|
||||
{
|
||||
@ -1122,6 +1114,17 @@ typedef struct
|
||||
unsigned remaining_delay;
|
||||
} ssl_async_operation_context_t;
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
|
||||
/* Note that ssl_async_operation_type_t and the array below need to be kept in sync!
|
||||
* `ssl_async_operation_names[op]` is the name of op for each value `op`
|
||||
* of type `ssl_async_operation_type_t`. */
|
||||
static const char *const ssl_async_operation_names[] =
|
||||
{
|
||||
"sign",
|
||||
"decrypt",
|
||||
};
|
||||
|
||||
static int ssl_async_start( mbedtls_ssl_context *ssl,
|
||||
mbedtls_x509_crt *cert,
|
||||
ssl_async_operation_type_t op_type,
|
||||
@ -1274,6 +1277,7 @@ static void ssl_async_cancel( mbedtls_ssl_context *ssl )
|
||||
mbedtls_printf( "Async cancel callback.\n" );
|
||||
mbedtls_free( ctx );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
@ -1444,9 +1448,6 @@ int main( int argc, char *argv[] )
|
||||
mbedtls_ssl_cookie_ctx cookie_ctx;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
|
||||
#endif
|
||||
mbedtls_ssl_context ssl;
|
||||
mbedtls_ssl_config conf;
|
||||
#if defined(MBEDTLS_TIMING_C)
|
||||
@ -1455,22 +1456,23 @@ int main( int argc, char *argv[] )
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
unsigned char renego_period[8] = { 0 };
|
||||
#endif
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
uint32_t flags;
|
||||
mbedtls_x509_crt cacert;
|
||||
mbedtls_x509_crt srvcert;
|
||||
mbedtls_pk_context pkey;
|
||||
mbedtls_x509_crt srvcert2;
|
||||
mbedtls_pk_context pkey2;
|
||||
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
|
||||
mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
|
||||
#endif
|
||||
int key_cert_init = 0, key_cert_init2 = 0;
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
ssl_async_key_context_t ssl_async_keys;
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
|
||||
mbedtls_dhm_context dhm;
|
||||
#endif
|
||||
@ -1552,16 +1554,16 @@ int main( int argc, char *argv[] )
|
||||
mbedtls_ssl_init( &ssl );
|
||||
mbedtls_ssl_config_init( &conf );
|
||||
rng_init( &rng );
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
mbedtls_x509_crt_init( &cacert );
|
||||
mbedtls_x509_crt_init( &srvcert );
|
||||
mbedtls_pk_init( &pkey );
|
||||
mbedtls_x509_crt_init( &srvcert2 );
|
||||
mbedtls_pk_init( &pkey2 );
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
memset( &ssl_async_keys, 0, sizeof( ssl_async_keys ) );
|
||||
#endif
|
||||
#endif
|
||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
|
||||
mbedtls_dhm_init( &dhm );
|
||||
#endif
|
||||
@ -1781,7 +1783,7 @@ int main( int argc, char *argv[] )
|
||||
opt.key_file = q;
|
||||
else if( strcmp( p, "key_pwd" ) == 0 )
|
||||
opt.key_pwd = q;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
else if( strcmp( p, "key_opaque" ) == 0 )
|
||||
opt.key_opaque = atoi( q );
|
||||
#endif
|
||||
@ -2585,7 +2587,7 @@ int main( int argc, char *argv[] )
|
||||
goto exit;
|
||||
mbedtls_printf( " ok\n" );
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
/*
|
||||
* 1.1. Load the trusted CA
|
||||
*/
|
||||
@ -2793,7 +2795,7 @@ int main( int argc, char *argv[] )
|
||||
mbedtls_printf( " ok (key types: %s, %s)\n",
|
||||
key_cert_init ? mbedtls_pk_get_name( &pkey ) : "none",
|
||||
key_cert_init2 ? mbedtls_pk_get_name( &pkey2 ) : "none" );
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
|
||||
if( opt.dhm_file != NULL )
|
||||
@ -2843,7 +2845,6 @@ int main( int argc, char *argv[] )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
/* The default algorithms profile disables SHA-1, but our tests still
|
||||
rely on it heavily. Hence we allow it here. A real-world server
|
||||
@ -2855,7 +2856,6 @@ int main( int argc, char *argv[] )
|
||||
mbedtls_ssl_conf_sig_algs( &conf, ssl_sig_algs_for_test );
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
||||
if( opt.auth_mode != DFL_AUTH_MODE )
|
||||
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
|
||||
@ -2863,7 +2863,6 @@ int main( int argc, char *argv[] )
|
||||
if( opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST )
|
||||
mbedtls_ssl_conf_cert_req_ca_list( &conf, opt.cert_req_ca_list );
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
|
||||
/* exercise setting DN hints for server certificate request
|
||||
* (Intended for use where the client cert expected has been signed by
|
||||
@ -2871,7 +2870,6 @@ int main( int argc, char *argv[] )
|
||||
if( opt.cert_req_dn_hint == 2 && key_cert_init2 )
|
||||
mbedtls_ssl_conf_dn_hints( &conf, &srvcert2 );
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
|
||||
@ -3108,7 +3106,7 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
if( strcmp( opt.ca_path, "none" ) != 0 &&
|
||||
strcmp( opt.ca_file, "none" ) != 0 )
|
||||
{
|
||||
@ -3197,7 +3195,7 @@ int main( int argc, char *argv[] )
|
||||
&ssl_async_keys );
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(SNI_OPTION)
|
||||
if( opt.sni != NULL )
|
||||
@ -3234,7 +3232,8 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
if( opt.sig_algs != NULL )
|
||||
mbedtls_ssl_conf_sig_algs( &conf, sig_alg_list );
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
@ -3490,7 +3489,6 @@ reset:
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
|
||||
/* exercise setting DN hints for server certificate request
|
||||
@ -3501,7 +3499,6 @@ reset:
|
||||
if( opt.cert_req_dn_hint == 3 && key_cert_init2 )
|
||||
mbedtls_ssl_set_hs_dn_hints( &ssl, &srvcert2 );
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
@ -3550,7 +3547,7 @@ handshake:
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
|
||||
{
|
||||
char vrfy_buf[512];
|
||||
@ -3605,7 +3602,7 @@ handshake:
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
/*
|
||||
* 5. Verify the client certificate
|
||||
*/
|
||||
@ -3634,7 +3631,7 @@ handshake:
|
||||
mbedtls_printf( "%s\n", crt_buf );
|
||||
}
|
||||
#endif /* MBEDTLS_X509_REMOVE_INFO */
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
|
||||
|
||||
if( opt.eap_tls != 0 )
|
||||
{
|
||||
@ -4328,7 +4325,7 @@ exit:
|
||||
mbedtls_printf( "Failed to list of opaque PSKs - error was %d\n", ret );
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
mbedtls_x509_crt_free( &cacert );
|
||||
mbedtls_x509_crt_free( &srvcert );
|
||||
mbedtls_pk_free( &pkey );
|
||||
|
||||
Reference in New Issue
Block a user