TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 06939cebef302804a22cccc1ba50e7461ccfd2bc^! / . / programs / ssl / dtls_client.c
commit06939cebef302804a22cccc1ba50e7461ccfd2bc[log] [tgz]
authorManuel Pégourié-Gonnard <mpg@elzevir.fr>Mon May 11 11:25:46 2015 +0200
committerManuel Pégourié-Gonnard <mpg@elzevir.fr>Mon May 11 14:35:42 2015 +0200
treeb4b90d12c867e69a2ca489ebf692579cb541454a
parent9a1a4d6903c9b5781cded71bee85c9ef103b966a [diff] [blame]
Fix order of ssl_conf vs ssl_setup in programs

Except ssl_phtread_server that will be done later

diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index fb95adf..3886bbd 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c

@@ -170,26 +170,26 @@
         goto exit;
     }
 
+    /* OPTIONAL is usually a bad choice for security, but makes interop easier
+     * in this simplified example, in which the ca chain is hardcoded.
+     * Production code should set a proper ca chain and use REQUIRED. */
+    mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
+    mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+    mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
+    mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
+
     if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
     {
         mbedtls_printf( " failed\n  ! mbedtls_ssl_setup returned %d\n\n", ret );
         goto exit;
     }
 
-    /* OPTIONAL is usually a bad choice for security, but makes interop easier
-     * in this simplified example, in which the ca chain is hardcoded.
-     * Production code should set a proper ca chain and use REQUIRED. */
-    mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
-    mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
     if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
     {
         mbedtls_printf( " failed\n  ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
         goto exit;
     }
 
-    mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
-    mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
-
     mbedtls_ssl_set_bio( &ssl, &server_fd,
                          mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );