mirror of
https://github.com/cesanta/mongoose.git
synced 2024-12-27 15:01:03 +08:00
Drop CRL from mbedTLS integration - let customer do a custom init if required
This commit is contained in:
parent
df602c27d5
commit
d954851d43
@ -6,8 +6,6 @@
|
||||
cmake_minimum_required(VERSION 3.20.0)
|
||||
find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
|
||||
project(http_server)
|
||||
|
||||
#add_definitions(-DMG_ENABLE_LINES=1)
|
||||
add_definitions(-DMG_ENABLE_SSI=0)
|
||||
|
||||
add_definitions(-DMG_ENABLE_MBEDTLS=1)
|
||||
target_sources(app PRIVATE src/main.c src/mongoose.c)
|
||||
|
@ -13,3 +13,5 @@ CONFIG_ISR_STACK_SIZE=2048
|
||||
CONFIG_MAIN_STACK_SIZE=8192
|
||||
CONFIG_IDLE_STACK_SIZE=1024
|
||||
CONFIG_NET_CONFIG_SETTINGS=y
|
||||
CONFIG_MBEDTLS=y
|
||||
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=2048
|
||||
|
15
mongoose.c
15
mongoose.c
@ -4257,7 +4257,6 @@ void mg_tls_free(struct mg_connection *c) {
|
||||
mbedtls_ssl_free(&tls->ssl);
|
||||
mbedtls_pk_free(&tls->pk);
|
||||
mbedtls_x509_crt_free(&tls->ca);
|
||||
mbedtls_x509_crl_free(&tls->crl);
|
||||
mbedtls_x509_crt_free(&tls->cert);
|
||||
mbedtls_ssl_config_free(&tls->conf);
|
||||
free(tls);
|
||||
@ -4344,7 +4343,6 @@ void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
|
||||
mbedtls_ssl_init(&tls->ssl);
|
||||
mbedtls_ssl_config_init(&tls->conf);
|
||||
mbedtls_x509_crt_init(&tls->ca);
|
||||
mbedtls_x509_crl_init(&tls->crl);
|
||||
mbedtls_x509_crt_init(&tls->cert);
|
||||
mbedtls_pk_init(&tls->pk);
|
||||
mbedtls_ssl_conf_dbg(&tls->conf, debug_cb, c);
|
||||
@ -4362,18 +4360,9 @@ void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
|
||||
if (opts->ca == NULL || strcmp(opts->ca, "*") == 0) {
|
||||
mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_NONE);
|
||||
} else if (opts->ca != NULL && opts->ca[0] != '\0') {
|
||||
if (opts->crl != NULL && opts->crl[0] != '\0') {
|
||||
struct mg_str s = mg_loadfile(fs, opts->crl);
|
||||
rc = mbedtls_x509_crl_parse(&tls->crl, (uint8_t *) s.ptr, s.len + 1);
|
||||
if (opts->crl[0] != '-') free((char *) s.ptr);
|
||||
if (rc != 0) {
|
||||
mg_error(c, "parse(%s) err %#x", opts->crl, -rc);
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
#if defined(MBEDTLS_X509_CA_CHAIN_ON_DISK)
|
||||
tls->cafile = strdup(opts->ca);
|
||||
rc = mbedtls_ssl_conf_ca_chain_file(&tls->conf, tls->cafile, &tls->crl);
|
||||
rc = mbedtls_ssl_conf_ca_chain_file(&tls->conf, tls->cafile, NULL);
|
||||
if (rc != 0) {
|
||||
mg_error(c, "parse on-disk chain(%s) err %#x", tls->cafile, -rc);
|
||||
goto fail;
|
||||
@ -4386,7 +4375,7 @@ void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
|
||||
mg_error(c, "parse(%s) err %#x", opts->ca, -rc);
|
||||
goto fail;
|
||||
}
|
||||
mbedtls_ssl_conf_ca_chain(&tls->conf, &tls->ca, &tls->crl);
|
||||
mbedtls_ssl_conf_ca_chain(&tls->conf, &tls->ca, NULL);
|
||||
#endif
|
||||
if (opts->srvname.len > 0) {
|
||||
char mem[128], *buf = mem;
|
||||
|
@ -483,6 +483,7 @@ typedef int socklen_t;
|
||||
#define strerror(x) zsock_gai_strerror(x)
|
||||
#define FD_CLOEXEC 0
|
||||
#define F_SETFD 0
|
||||
#define MG_ENABLE_SSI 0
|
||||
|
||||
int rand(void);
|
||||
int sscanf(const char *, const char *, ...);
|
||||
@ -1063,7 +1064,6 @@ void mg_tls_handshake(struct mg_connection *);
|
||||
struct mg_tls {
|
||||
char *cafile; // CA certificate path
|
||||
mbedtls_x509_crt ca; // Parsed CA certificate
|
||||
mbedtls_x509_crl crl; // Parsed Certificate Revocation List
|
||||
mbedtls_x509_crt cert; // Parsed certificate
|
||||
mbedtls_ssl_context ssl; // SSL/TLS context
|
||||
mbedtls_ssl_config conf; // SSL-TLS config
|
||||
|
@ -16,7 +16,6 @@ void mg_tls_free(struct mg_connection *c) {
|
||||
mbedtls_ssl_free(&tls->ssl);
|
||||
mbedtls_pk_free(&tls->pk);
|
||||
mbedtls_x509_crt_free(&tls->ca);
|
||||
mbedtls_x509_crl_free(&tls->crl);
|
||||
mbedtls_x509_crt_free(&tls->cert);
|
||||
mbedtls_ssl_config_free(&tls->conf);
|
||||
free(tls);
|
||||
@ -103,7 +102,6 @@ void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
|
||||
mbedtls_ssl_init(&tls->ssl);
|
||||
mbedtls_ssl_config_init(&tls->conf);
|
||||
mbedtls_x509_crt_init(&tls->ca);
|
||||
mbedtls_x509_crl_init(&tls->crl);
|
||||
mbedtls_x509_crt_init(&tls->cert);
|
||||
mbedtls_pk_init(&tls->pk);
|
||||
mbedtls_ssl_conf_dbg(&tls->conf, debug_cb, c);
|
||||
@ -121,18 +119,9 @@ void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
|
||||
if (opts->ca == NULL || strcmp(opts->ca, "*") == 0) {
|
||||
mbedtls_ssl_conf_authmode(&tls->conf, MBEDTLS_SSL_VERIFY_NONE);
|
||||
} else if (opts->ca != NULL && opts->ca[0] != '\0') {
|
||||
if (opts->crl != NULL && opts->crl[0] != '\0') {
|
||||
struct mg_str s = mg_loadfile(fs, opts->crl);
|
||||
rc = mbedtls_x509_crl_parse(&tls->crl, (uint8_t *) s.ptr, s.len + 1);
|
||||
if (opts->crl[0] != '-') free((char *) s.ptr);
|
||||
if (rc != 0) {
|
||||
mg_error(c, "parse(%s) err %#x", opts->crl, -rc);
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
#if defined(MBEDTLS_X509_CA_CHAIN_ON_DISK)
|
||||
tls->cafile = strdup(opts->ca);
|
||||
rc = mbedtls_ssl_conf_ca_chain_file(&tls->conf, tls->cafile, &tls->crl);
|
||||
rc = mbedtls_ssl_conf_ca_chain_file(&tls->conf, tls->cafile, NULL);
|
||||
if (rc != 0) {
|
||||
mg_error(c, "parse on-disk chain(%s) err %#x", tls->cafile, -rc);
|
||||
goto fail;
|
||||
@ -145,7 +134,7 @@ void mg_tls_init(struct mg_connection *c, struct mg_tls_opts *opts) {
|
||||
mg_error(c, "parse(%s) err %#x", opts->ca, -rc);
|
||||
goto fail;
|
||||
}
|
||||
mbedtls_ssl_conf_ca_chain(&tls->conf, &tls->ca, &tls->crl);
|
||||
mbedtls_ssl_conf_ca_chain(&tls->conf, &tls->ca, NULL);
|
||||
#endif
|
||||
if (opts->srvname.len > 0) {
|
||||
char mem[128], *buf = mem;
|
||||
|
@ -13,7 +13,6 @@
|
||||
struct mg_tls {
|
||||
char *cafile; // CA certificate path
|
||||
mbedtls_x509_crt ca; // Parsed CA certificate
|
||||
mbedtls_x509_crl crl; // Parsed Certificate Revocation List
|
||||
mbedtls_x509_crt cert; // Parsed certificate
|
||||
mbedtls_ssl_context ssl; // SSL/TLS context
|
||||
mbedtls_ssl_config conf; // SSL-TLS config
|
||||
|
Loading…
x
Reference in New Issue
Block a user