Implement context-specific verification callbacks
This commit is contained in:
parent
726c97a825
commit
8927c83312
2 changed files with 31 additions and 1 deletions
|
@ -1090,6 +1090,12 @@ struct mbedtls_ssl_context
|
|||
unsigned badmac_seen; /*!< records with a bad MAC received */
|
||||
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
/** Callback to customize X.509 certificate chain verification */
|
||||
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
|
||||
void *p_vrfy; /*!< context for X.509 verify calllback */
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_send_t *f_send; /*!< Callback for network send */
|
||||
mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */
|
||||
mbedtls_ssl_recv_timeout_t *f_recv_timeout;
|
||||
|
|
|
@ -6038,6 +6038,9 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
|
|||
mbedtls_x509_crt *ca_chain;
|
||||
mbedtls_x509_crl *ca_crl;
|
||||
|
||||
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
|
||||
void *p_vrfy;
|
||||
|
||||
if( authmode == MBEDTLS_SSL_VERIFY_NONE )
|
||||
return( 0 );
|
||||
|
||||
|
@ -6054,6 +6057,17 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
|
|||
ca_crl = ssl->conf->ca_crl;
|
||||
}
|
||||
|
||||
if( ssl->f_vrfy != NULL )
|
||||
{
|
||||
f_vrfy = ssl->f_vrfy;
|
||||
p_vrfy = ssl->p_vrfy;
|
||||
}
|
||||
else
|
||||
{
|
||||
f_vrfy = ssl->conf->f_vrfy;
|
||||
p_vrfy = ssl->conf->p_vrfy;
|
||||
}
|
||||
|
||||
/*
|
||||
* Main check: verify certificate
|
||||
*/
|
||||
|
@ -6063,7 +6077,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
|
|||
ssl->conf->cert_profile,
|
||||
ssl->hostname,
|
||||
&ssl->session_negotiate->verify_result,
|
||||
ssl->conf->f_vrfy, ssl->conf->p_vrfy, rs_ctx );
|
||||
f_vrfy, p_vrfy, rs_ctx );
|
||||
|
||||
if( ret != 0 )
|
||||
{
|
||||
|
@ -7902,6 +7916,16 @@ void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||
void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
|
||||
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
|
||||
void *p_vrfy )
|
||||
{
|
||||
ssl->f_vrfy = f_vrfy;
|
||||
ssl->p_vrfy = p_vrfy;
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
/*
|
||||
* Set EC J-PAKE password for current handshake
|
||||
|
|
Loading…
Reference in a new issue