RSA and ECDSA key exchanges don't depend on CRL
This commit is contained in:
parent
dfe0ea9f02
commit
cbf3ef3861
8 changed files with 18 additions and 28 deletions
|
@ -286,7 +286,7 @@
|
|||
* Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
|
||||
* (NOT YET IMPLEMENTED)
|
||||
* Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
|
||||
* POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
|
||||
* POLARSSL_X509_CRT_PARSE_C
|
||||
*
|
||||
* This enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
|
@ -307,7 +307,7 @@
|
|||
* Enable the RSA-only based ciphersuite modes in SSL / TLS.
|
||||
*
|
||||
* Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
|
||||
* POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
|
||||
* POLARSSL_X509_CRT_PARSE_C
|
||||
*
|
||||
* This enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
|
@ -333,7 +333,7 @@
|
|||
* Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
|
||||
*
|
||||
* Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
|
||||
* POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
|
||||
* POLARSSL_X509_CRT_PARSE_C
|
||||
*
|
||||
* This enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
|
@ -355,7 +355,7 @@
|
|||
* Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
|
||||
*
|
||||
* Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
|
||||
* POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
|
||||
* POLARSSL_X509_CRT_PARSE_C
|
||||
*
|
||||
* This enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
|
@ -378,7 +378,6 @@
|
|||
* Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
|
||||
*
|
||||
* Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C,
|
||||
* POLARSSL_X509_CRL_PARSE_C
|
||||
*
|
||||
* This enables the following ciphersuites (if other requisites are
|
||||
* enabled as well):
|
||||
|
@ -1683,34 +1682,31 @@
|
|||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
|
||||
( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \
|
||||
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) || \
|
||||
!defined(POLARSSL_X509_CRL_PARSE_C) )
|
||||
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
|
||||
#error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
|
||||
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) || \
|
||||
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) || \
|
||||
!defined(POLARSSL_X509_CRL_PARSE_C) )
|
||||
!defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
|
||||
#error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
|
||||
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) || \
|
||||
!defined(POLARSSL_X509_CRT_PARSE_C) || \
|
||||
!defined(POLARSSL_X509_CRL_PARSE_C) )
|
||||
!defined(POLARSSL_X509_CRT_PARSE_C) )
|
||||
#error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
|
||||
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
|
||||
!defined(POLARSSL_PKCS1_V15) || !defined(POLARSSL_X509_CRL_PARSE_C) )
|
||||
!defined(POLARSSL_PKCS1_V15) )
|
||||
#error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
|
||||
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
|
||||
!defined(POLARSSL_PKCS1_V15) || !defined(POLARSSL_X509_CRL_PARSE_C) )
|
||||
!defined(POLARSSL_PKCS1_V15) )
|
||||
#error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
|
|
@ -58,9 +58,7 @@
|
|||
#include "x509_crt.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_X509_CRL_PARSE_C)
|
||||
#include "x509_crl.h"
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_DHM_C)
|
||||
#include "dhm.h"
|
||||
|
@ -659,9 +657,7 @@ struct _ssl_context
|
|||
x509_crt *ca_chain; /*!< own trusted CA chain */
|
||||
const char *peer_cn; /*!< expected peer CN */
|
||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
||||
#if defined(POLARSSL_X509_CRL_PARSE_C)
|
||||
x509_crl *ca_crl; /*!< trusted CA CRLs */
|
||||
#endif /* POLARSSL_X509_CRL_PARSE_C */
|
||||
|
||||
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
||||
/*
|
||||
|
@ -956,7 +952,6 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl,
|
|||
int major, int minor );
|
||||
|
||||
#if defined(POLARSSL_X509_CRT_PARSE_C)
|
||||
#if defined(POLARSSL_X509_CRL_PARSE_C)
|
||||
/**
|
||||
* \brief Set the data required to verify peer certificate
|
||||
*
|
||||
|
@ -967,7 +962,6 @@ void ssl_set_ciphersuites_for_version( ssl_context *ssl,
|
|||
*/
|
||||
void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
|
||||
x509_crl *ca_crl, const char *peer_cn );
|
||||
#endif /* POLARSSL_X509_CRL_PARSE_C */
|
||||
|
||||
/**
|
||||
* \brief Set own certificate chain and private key
|
||||
|
|
|
@ -31,9 +31,7 @@
|
|||
|
||||
#include "x509.h"
|
||||
|
||||
#if defined(POLARSSL_X509_CRL_PARSE_C)
|
||||
#include "x509_crl.h"
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \addtogroup x509_module
|
||||
|
@ -198,7 +196,6 @@ int x509_crt_parse_path( x509_crt *chain, const char *path );
|
|||
int x509_crt_info( char *buf, size_t size, const char *prefix,
|
||||
const x509_crt *crt );
|
||||
|
||||
#if defined(POLARSSL_X509_CRL_PARSE_C)
|
||||
/**
|
||||
* \brief Verify the certificate signature
|
||||
*
|
||||
|
@ -242,8 +239,9 @@ int x509_crt_verify( x509_crt *crt,
|
|||
int (*f_vrfy)(void *, x509_crt *, int, int *),
|
||||
void *p_vrfy );
|
||||
|
||||
#if defined(POLARSSL_X509_CRL_PARSE_C)
|
||||
/**
|
||||
* \brief Verify the certificate signature
|
||||
* \brief Verify the certificate revocation status
|
||||
*
|
||||
* \param crt a certificate to be verified
|
||||
* \param crl the CRL to verify against
|
||||
|
|
|
@ -1391,6 +1391,8 @@ static int x509_crt_verify_top(
|
|||
#if defined(POLARSSL_X509_CRL_PARSE_C)
|
||||
/* Check trusted CA's CRL for the chain's top crt */
|
||||
*flags |= x509_crt_verifycrl( child, trust_ca, ca_crl );
|
||||
#else
|
||||
((void) ca_crl);
|
||||
#endif
|
||||
|
||||
if( x509_time_expired( &trust_ca->valid_to ) )
|
||||
|
|
|
@ -29,13 +29,14 @@
|
|||
#include <stdio.h>
|
||||
|
||||
#if !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \
|
||||
!defined(POLARSSL_FS_IO)
|
||||
!defined(POLARSSL_FS_IO) || !defined(POLARSSL_X509_CRL_PARSE_C)
|
||||
int main( int argc, char *argv[] )
|
||||
{
|
||||
((void) argc);
|
||||
((void) argv);
|
||||
|
||||
printf("POLARSSL_RSA_C and/or POLARSSL_X509_CRT_PARSE_C "
|
||||
"POLARSSL_FS_IO and/or POLARSSL_X509_CRL_PARSE_C "
|
||||
"not defined.\n");
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -257,4 +258,5 @@ exit:
|
|||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_RSA_C && POLARSSL_X509_CRT_PARSE_C && POLARSSL_FS_IO */
|
||||
#endif /* POLARSSL_RSA_C && POLARSSL_X509_CRT_PARSE_C && POLARSSL_FS_IO &&
|
||||
POLARSSL_X509_CRL_PARSE_C */
|
||||
|
|
|
@ -34,7 +34,6 @@
|
|||
#define POLARSSL_SSL_CLI_C
|
||||
#define POLARSSL_SSL_SRV_C
|
||||
#define POLARSSL_SSL_TLS_C
|
||||
#define POLARSSL_X509_CRL_PARSE_C
|
||||
#define POLARSSL_X509_CRT_PARSE_C
|
||||
#define POLARSSL_X509_USE_C
|
||||
|
||||
|
|
|
@ -34,7 +34,6 @@
|
|||
#define POLARSSL_SSL_CLI_C
|
||||
#define POLARSSL_SSL_SRV_C
|
||||
#define POLARSSL_SSL_TLS_C
|
||||
#define POLARSSL_X509_CRL_PARSE_C
|
||||
#define POLARSSL_X509_CRT_PARSE_C
|
||||
#define POLARSSL_X509_USE_C
|
||||
|
||||
|
|
|
@ -75,7 +75,7 @@ void x509_crl_info( char *crl_file, char *result_str )
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C */
|
||||
/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C:POLARSSL_X509_CRL_PARSE_C */
|
||||
void x509_verify( char *crt_file, char *ca_file, char *crl_file,
|
||||
char *cn_name_str, int result, int flags_result,
|
||||
char *verify_callback )
|
||||
|
|
Loading…
Reference in a new issue