Simplify the way default certs are used
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index ba65131..2d81e75 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -224,7 +224,7 @@
pk_context pkey;
x509_crt srvcert2;
pk_context pkey2;
- int key_cert_provided = 0;
+ int key_cert_init = 0, key_cert_init2 = 0;
#endif
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_context cache;
@@ -574,7 +574,7 @@
#if defined(POLARSSL_FS_IO)
if( strlen( opt.crt_file ) )
{
- key_cert_provided = 1;
+ key_cert_init++;
if( ( ret = x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse_file returned -0x%x\n\n",
@@ -584,16 +584,22 @@
}
if( strlen( opt.key_file ) )
{
- key_cert_provided = 1;
+ key_cert_init++;
if( ( ret = pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 )
{
printf( " failed\n ! pk_parse_keyfile returned -0x%x\n\n", -ret );
goto exit;
}
}
+ if( key_cert_init == 1 )
+ {
+ printf( " failed\n ! crt_file without key_file or vice-versa\n\n" );
+ goto exit;
+ }
+
if( strlen( opt.crt_file2 ) )
{
- key_cert_provided = 1;
+ key_cert_init2++;
if( ( ret = x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse_file(2) returned -0x%x\n\n",
@@ -603,7 +609,7 @@
}
if( strlen( opt.key_file2 ) )
{
- key_cert_provided = 1;
+ key_cert_init2++;
if( ( ret = pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
{
printf( " failed\n ! pk_parse_keyfile(2) returned -0x%x\n\n",
@@ -611,42 +617,53 @@
goto exit;
}
}
+ if( key_cert_init2 == 1 )
+ {
+ printf( " failed\n ! crt_file2 without key_file2 or vice-versa\n\n" );
+ goto exit;
+ }
#endif
- if( key_cert_provided == 0 )
+ if( key_cert_init == 0 && key_cert_init2 == 0 )
{
#if !defined(POLARSSL_CERTS_C)
printf( "Not certificated or key provided, and \n"
"POLARSSL_CERTS_C not defined!\n" );
goto exit;
#else
+#if defined(POLARSSL_RSA_C)
if( ( ret = x509_crt_parse( &srvcert,
- (const unsigned char *) test_srv_crt,
- strlen( test_srv_crt ) ) ) != 0 )
+ (const unsigned char *) test_srv_crt_rsa,
+ strlen( test_srv_crt_rsa ) ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
- if( ( ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
- strlen( test_srv_key ), NULL, 0 ) ) != 0 )
+ if( ( ret = pk_parse_key( &pkey,
+ (const unsigned char *) test_srv_key_rsa,
+ strlen( test_srv_key_rsa ), NULL, 0 ) ) != 0 )
{
printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
goto exit;
}
-#if defined(POLARSSL_RSA_C) && defined(POLARSSL_ECDSA_C)
+ key_cert_init = 2;
+#endif /* POLARSSL_RSA_C */
+#if defined(POLARSSL_ECDSA_C)
if( ( ret = x509_crt_parse( &srvcert2,
- (const unsigned char *) test_srv_crt2,
- strlen( test_srv_crt2 ) ) ) != 0 )
+ (const unsigned char *) test_srv_crt_ec,
+ strlen( test_srv_crt_ec ) ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret );
goto exit;
}
- if( ( ret = pk_parse_key( &pkey2, (const unsigned char *) test_srv_key2,
- strlen( test_srv_key2 ), NULL, 0 ) ) != 0 )
+ if( ( ret = pk_parse_key( &pkey2,
+ (const unsigned char *) test_srv_key_ec,
+ strlen( test_srv_key_ec ), NULL, 0 ) ) != 0 )
{
printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret );
goto exit;
}
-#endif /* POLARSSL_RSA_C && POLARSSL_ECDSA_C */
+ key_cert_init2 = 2;
+#endif /* POLARSSL_ECDSA_C */
#endif /* POLARSSL_CERTS_C */
}
@@ -706,10 +723,10 @@
#if defined(POLARSSL_X509_CRT_PARSE_C)
ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
- ssl_set_own_cert( &ssl, &srvcert, &pkey );
-#if defined(POLARSSL_RSA_C) && defined(POLARSSL_ECDSA_C)
- ssl_set_own_cert( &ssl, &srvcert2, &pkey2 );
-#endif
+ if( key_cert_init )
+ ssl_set_own_cert( &ssl, &srvcert, &pkey );
+ if( key_cert_init2 )
+ ssl_set_own_cert( &ssl, &srvcert2, &pkey2 );
#endif
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)