lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Move ssl_set_ca_chain() to work on config

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard
2015-05-06 11:14:19 +01:00
parent ba26c24769
commit bc2b771af4
14 changed files with 60 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
programs/ssl/dtls_client.c
View File

@ -176,13 +176,16 @@ int main( int argc, char *argv[] )
goto exit;
}
mbedtls_printf( " ok\n" );
/* OPTIONAL is usually a bad choice for security, but makes interop easier
* in this simplified example, in which the ca chain is hardcoded.
* Production code should set a proper ca chain and use REQUIRED. */
mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, SERVER_NAME );
mbedtls_ssl_set_ca_chain( &conf, &cacert, NULL );
if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
goto exit;
}
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
@ -191,6 +194,8 @@ int main( int argc, char *argv[] )
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout,
READ_TIMEOUT_MS );
mbedtls_printf( " ok\n" );
/*
* 4. Handshake
*/