mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-24 11:58:15 +00:00
Move verify_result from ssl_context to session
This commit is contained in:
parent
43fdd617e1
commit
38d1eba3b5
4 changed files with 12 additions and 6 deletions
|
@ -355,6 +355,7 @@ struct _ssl_session
|
||||||
#if defined(POLARSSL_X509_PARSE_C)
|
#if defined(POLARSSL_X509_PARSE_C)
|
||||||
x509_cert *peer_cert; /*!< peer X.509 cert chain */
|
x509_cert *peer_cert; /*!< peer X.509 cert chain */
|
||||||
#endif /* POLARSSL_X509_PARSE_C */
|
#endif /* POLARSSL_X509_PARSE_C */
|
||||||
|
int verify_result; /*!< verification result */
|
||||||
|
|
||||||
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
||||||
unsigned char *ticket; /*!< RFC 5077 session ticket */
|
unsigned char *ticket; /*!< RFC 5077 session ticket */
|
||||||
|
|
|
@ -83,6 +83,8 @@ int ssl_cache_get( void *data, ssl_session *session )
|
||||||
|
|
||||||
memcpy( session->master, entry->session.master, 48 );
|
memcpy( session->master, entry->session.master, 48 );
|
||||||
|
|
||||||
|
session->verify_result = entry->session.verify_result;
|
||||||
|
|
||||||
#if defined(POLARSSL_X509_PARSE_C)
|
#if defined(POLARSSL_X509_PARSE_C)
|
||||||
/*
|
/*
|
||||||
* Restore peer certificate (without rest of the original chain)
|
* Restore peer certificate (without rest of the original chain)
|
||||||
|
|
|
@ -2113,7 +2113,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||||
if( ssl->endpoint == SSL_IS_SERVER &&
|
if( ssl->endpoint == SSL_IS_SERVER &&
|
||||||
ssl->authmode == SSL_VERIFY_NONE )
|
ssl->authmode == SSL_VERIFY_NONE )
|
||||||
{
|
{
|
||||||
ssl->verify_result = BADCERT_SKIP_VERIFY;
|
ssl->session_negotiate->verify_result = BADCERT_SKIP_VERIFY;
|
||||||
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
|
SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
|
||||||
ssl->state++;
|
ssl->state++;
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
@ -2140,7 +2140,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
|
SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
|
||||||
|
|
||||||
ssl->verify_result = BADCERT_MISSING;
|
ssl->session_negotiate->verify_result = BADCERT_MISSING;
|
||||||
if( ssl->authmode == SSL_VERIFY_OPTIONAL )
|
if( ssl->authmode == SSL_VERIFY_OPTIONAL )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
else
|
else
|
||||||
|
@ -2158,7 +2158,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||||
{
|
{
|
||||||
SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
|
SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
|
||||||
|
|
||||||
ssl->verify_result = BADCERT_MISSING;
|
ssl->session_negotiate->verify_result = BADCERT_MISSING;
|
||||||
if( ssl->authmode == SSL_VERIFY_REQUIRED )
|
if( ssl->authmode == SSL_VERIFY_REQUIRED )
|
||||||
return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
|
return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
|
||||||
else
|
else
|
||||||
|
@ -2241,8 +2241,8 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = x509parse_verify( ssl->session_negotiate->peer_cert,
|
ret = x509parse_verify( ssl->session_negotiate->peer_cert,
|
||||||
ssl->ca_chain, ssl->ca_crl,
|
ssl->ca_chain, ssl->ca_crl, ssl->peer_cn,
|
||||||
ssl->peer_cn, &ssl->verify_result,
|
&ssl->session_negotiate->verify_result,
|
||||||
ssl->f_vrfy, ssl->p_vrfy );
|
ssl->f_vrfy, ssl->p_vrfy );
|
||||||
|
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
|
@ -3325,7 +3325,7 @@ size_t ssl_get_bytes_avail( const ssl_context *ssl )
|
||||||
|
|
||||||
int ssl_get_verify_result( const ssl_context *ssl )
|
int ssl_get_verify_result( const ssl_context *ssl )
|
||||||
{
|
{
|
||||||
return( ssl->verify_result );
|
return( ssl->session->verify_result );
|
||||||
}
|
}
|
||||||
|
|
||||||
const char *ssl_get_ciphersuite( const ssl_context *ssl )
|
const char *ssl_get_ciphersuite( const ssl_context *ssl )
|
||||||
|
|
|
@ -859,6 +859,9 @@ send_request:
|
||||||
{
|
{
|
||||||
--opt.reconnect;
|
--opt.reconnect;
|
||||||
|
|
||||||
|
printf( " ! Press a key to reconnect\n" );
|
||||||
|
(void) getchar();
|
||||||
|
|
||||||
printf( " . Reconnecting with saved session..." );
|
printf( " . Reconnecting with saved session..." );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue