3party/mongoose
0
0
Fork 0
mirror of https://github.com/cesanta/mongoose.git synced 2024-12-26 22:41:03 +08:00
Code Issues Projects Releases Wiki Activity

Drop CRL from mbedTLS integration - let customer do a custom init if required

Browse Source
This commit is contained in:
Sergey Lyubka 2022-04-01 16:42:41 +01:00
parent df602c27d5
commit d954851d43
6 changed files with 8 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
examples/zephyr/http-server/CMakeLists.txt
View File

@ -6,8 +6,6 @@
cmake_minimum_required(VERSION 3.20.0)
find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
project(http_server)
#add_definitions(-DMG_ENABLE_LINES=1)
add_definitions(-DMG_ENABLE_SSI=0)
add_definitions(-DMG_ENABLE_MBEDTLS=1)
target_sources(app PRIVATE src/main.c src/mongoose.c)

2
examples/zephyr/http-server/prj.conf
View File

@ -13,3 +13,5 @@ CONFIG_ISR_STACK_SIZE=2048
CONFIG_MAIN_STACK_SIZE=8192
CONFIG_IDLE_STACK_SIZE=1024
CONFIG_NET_CONFIG_SETTINGS=y
CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=2048

15
mongoose.c
View File

@ -4257,7 +4257,6 @@ void mg_tls_free(struct mg_connection *c) {
mbedtls_ssl_free(&tls->ssl);
mbedtls_pk_free(&tls->pk);
mbedtls_x509_crt_free(&tls->ca);
mbedtls_x509_crl_free(&tls->crl);
mbedtls_x509_crt_free(&tls->cert);
mbedtls_ssl_config_free(&tls->conf);
free(tls);
@ -4344,7 +4343,6 @@ void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
mbedtls_ssl_init(&tls->ssl);
mbedtls_ssl_config_init(&tls->conf);
mbedtls_x509_crt_init(&tls->ca);
mbedtls_x509_crl_init(&tls->crl);
mbedtls_x509_crt_init(&tls->cert);
mbedtls_pk_init(&tls->pk);
mbedtls_ssl_conf_dbg(&tls->conf, debug_cb, c);
@ -4362,18 +4360,9 @@ void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
if (opts->ca == NULL || strcmp(opts->ca, "*") == 0) {
mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_NONE);
} else if (opts->ca != NULL && opts->ca[0] != '\0') {
if (opts->crl != NULL && opts->crl[0] != '\0') {
struct mg_str s = mg_loadfile(fs, opts->crl);
rc = mbedtls_x509_crl_parse(&tls->crl, (uint8_t *) s.ptr, s.len + 1);
if (opts->crl[0] != '-') free((char *) s.ptr);
if (rc != 0) {
mg_error(c, "parse(%s) err %#x", opts->crl, -rc);
goto fail;
}
}
#if defined(MBEDTLS_X509_CA_CHAIN_ON_DISK)
tls->cafile = strdup(opts->ca);
rc = mbedtls_ssl_conf_ca_chain_file(&tls->conf, tls->cafile, &tls->crl);
rc = mbedtls_ssl_conf_ca_chain_file(&tls->conf, tls->cafile, NULL);
if (rc != 0) {
mg_error(c, "parse on-disk chain(%s) err %#x", tls->cafile, -rc);
goto fail;
@ -4386,7 +4375,7 @@ void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
mg_error(c, "parse(%s) err %#x", opts->ca, -rc);
goto fail;
}
mbedtls_ssl_conf_ca_chain(&tls->conf, &tls->ca, &tls->crl);
mbedtls_ssl_conf_ca_chain(&tls->conf, &tls->ca, NULL);
#endif
if (opts->srvname.len > 0) {
char mem[128], *buf = mem;

2
mongoose.h
View File

@ -483,6 +483,7 @@ typedef int socklen_t;
#define strerror(x) zsock_gai_strerror(x)
#define FD_CLOEXEC 0
#define F_SETFD 0
#define MG_ENABLE_SSI 0
int rand(void);
int sscanf(const char *, const char *, ...);
@ -1063,7 +1064,6 @@ void mg_tls_handshake(struct mg_connection *);
struct mg_tls {
char *cafile; // CA certificate path
mbedtls_x509_crt ca; // Parsed CA certificate
mbedtls_x509_crl crl; // Parsed Certificate Revocation List
mbedtls_x509_crt cert; // Parsed certificate
mbedtls_ssl_context ssl; // SSL/TLS context
mbedtls_ssl_config conf; // SSL-TLS config

15
src/tls_mbed.c
View File

@ -16,7 +16,6 @@ void mg_tls_free(struct mg_connection *c) {
mbedtls_ssl_free(&tls->ssl);
mbedtls_pk_free(&tls->pk);
mbedtls_x509_crt_free(&tls->ca);
mbedtls_x509_crl_free(&tls->crl);
mbedtls_x509_crt_free(&tls->cert);
mbedtls_ssl_config_free(&tls->conf);
free(tls);
@ -103,7 +102,6 @@ void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
mbedtls_ssl_init(&tls->ssl);
mbedtls_ssl_config_init(&tls->conf);
mbedtls_x509_crt_init(&tls->ca);
mbedtls_x509_crl_init(&tls->crl);
mbedtls_x509_crt_init(&tls->cert);
mbedtls_pk_init(&tls->pk);
mbedtls_ssl_conf_dbg(&tls->conf, debug_cb, c);
@ -121,18 +119,9 @@ void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
if (opts->ca == NULL || strcmp(opts->ca, "*") == 0) {
mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_NONE);
} else if (opts->ca != NULL && opts->ca[0] != '\0') {
if (opts->crl != NULL && opts->crl[0] != '\0') {
struct mg_str s = mg_loadfile(fs, opts->crl);
rc = mbedtls_x509_crl_parse(&tls->crl, (uint8_t *) s.ptr, s.len + 1);
if (opts->crl[0] != '-') free((char *) s.ptr);
if (rc != 0) {
mg_error(c, "parse(%s) err %#x", opts->crl, -rc);
goto fail;
}
}
#if defined(MBEDTLS_X509_CA_CHAIN_ON_DISK)
tls->cafile = strdup(opts->ca);
rc = mbedtls_ssl_conf_ca_chain_file(&tls->conf, tls->cafile, &tls->crl);
rc = mbedtls_ssl_conf_ca_chain_file(&tls->conf, tls->cafile, NULL);
if (rc != 0) {
mg_error(c, "parse on-disk chain(%s) err %#x", tls->cafile, -rc);
goto fail;
@ -145,7 +134,7 @@ void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
mg_error(c, "parse(%s) err %#x", opts->ca, -rc);
goto fail;
}
mbedtls_ssl_conf_ca_chain(&tls->conf, &tls->ca, &tls->crl);
mbedtls_ssl_conf_ca_chain(&tls->conf, &tls->ca, NULL);
#endif
if (opts->srvname.len > 0) {
char mem[128], *buf = mem;

1
src/tls_mbed.h
View File

@ -13,7 +13,6 @@
struct mg_tls {
char *cafile; // CA certificate path
mbedtls_x509_crt ca; // Parsed CA certificate
mbedtls_x509_crl crl; // Parsed Certificate Revocation List
mbedtls_x509_crt cert; // Parsed certificate
mbedtls_ssl_context ssl; // SSL/TLS context
mbedtls_ssl_config conf; // SSL-TLS config