Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-21 21:36:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Change X.509 verify flags to uint32_t

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2015-05-11 19:54:43 +02:00
parent e85fef10b5
commit e6ef16f98c
15 changed files with 56 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

19
programs/ssl/dtls_client.c
View file

@ -85,6 +85,7 @@ static void my_debug( void *ctx, int level, const char *str )
int main( int argc, char *argv[] )
{
int ret, len, server_fd = -1;
uint32_t flags;
unsigned char buf[1024];
const char *pers = "dtls_client";
int retry_left = MAX_RETRY;
@ -221,23 +222,15 @@ int main( int argc, char *argv[] )
/* In real life, we would have used MBEDTLS_SSL_VERIFY_REQUIRED so that the
* handshake would not succeed if the peer's cert is bad. Even if we used
* MBEDTLS_SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */
if( ( ret = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
char vrfy_buf[512];
mbedtls_printf( " failed\n" );
if( ( ret & MBEDTLS_X509_BADCERT_EXPIRED ) != 0 )
mbedtls_printf( " ! server certificate has expired\n" );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
if( ( ret & MBEDTLS_X509_BADCERT_REVOKED ) != 0 )
mbedtls_printf( " ! server certificate has been revoked\n" );
if( ( ret & MBEDTLS_X509_BADCERT_CN_MISMATCH ) != 0 )
mbedtls_printf( " ! CN mismatch (expected CN=%s)\n", SERVER_NAME );
if( ( ret & MBEDTLS_X509_BADCERT_NOT_TRUSTED ) != 0 )
mbedtls_printf( " ! self-signed or not signed by a trusted CA\n" );
mbedtls_printf( "\n" );
mbedtls_printf( "%s\n", vrfy_buf );
}
else
mbedtls_printf( " ok\n" );

5
programs/ssl/ssl_client1.c
View file

@ -77,6 +77,7 @@ static void my_debug( void *ctx, int level, const char *str )
int main( void )
{
int ret, len, server_fd = -1;
uint32_t flags;
unsigned char buf[1024];
const char *pers = "ssl_client1";
@ -204,13 +205,13 @@ int main( void )
mbedtls_printf( " . Verifying peer X.509 certificate..." );
/* In real life, we probably want to bail out when ret != 0 */
if( ( ret = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
char vrfy_buf[512];
mbedtls_printf( " failed\n" );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", ret );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
}

7
programs/ssl/ssl_client2.c
View file

@ -364,7 +364,7 @@ static int my_send( void *ctx, const unsigned char *buf, size_t len )
/*
* Enabled if debug_level > 1 in code below
*/
static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, int *flags )
static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags )
{
char buf[1024];
((void) data);
@ -388,6 +388,7 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, int *flags )
int main( int argc, char *argv[] )
{
int ret = 0, len, tail_len, server_fd, i, written, frags, retry_left;
uint32_t flags;
unsigned char buf[MBEDTLS_SSL_MAX_CONTENT_LEN + 1];
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
@ -1260,13 +1261,13 @@ int main( int argc, char *argv[] )
*/
mbedtls_printf( " . Verifying peer X.509 certificate..." );
if( ( ret = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
char vrfy_buf[512];
mbedtls_printf( " failed\n" );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", ret );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
}

5
programs/ssl/ssl_mail_client.c
View file

@ -166,6 +166,7 @@ static void my_debug( void *ctx, int level, const char *str )
static int do_handshake( mbedtls_ssl_context *ssl )
{
int ret;
uint32_t flags;
unsigned char buf[1024];
memset(buf, 0, 1024);
@ -196,13 +197,13 @@ static int do_handshake( mbedtls_ssl_context *ssl )
mbedtls_printf( " . Verifying peer X.509 certificate..." );
/* In real life, we probably want to bail out when ret != 0 */
if( ( ret = mbedtls_ssl_get_verify_result( ssl ) ) != 0 )
if( ( flags = mbedtls_ssl_get_verify_result( ssl ) ) != 0 )
{
char vrfy_buf[512];
mbedtls_printf( " failed\n" );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", ret );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
}

5
programs/ssl/ssl_server2.c
View file

@ -705,6 +705,7 @@ void term_handler( int sig )
int main( int argc, char *argv[] )
{
int ret = 0, len, written, frags, exchanges_left;
uint32_t flags;
int version_suites[4][2];
unsigned char buf[IO_BUF_LEN];
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
@ -1896,13 +1897,13 @@ reset:
*/
mbedtls_printf( " . Verifying peer X.509 certificate..." );
if( ( ret = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
char vrfy_buf[512];
mbedtls_printf( " failed\n" );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", ret );
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
}