Fix some dependencies and warnings in small config
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 8c92faf..34daaa1 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -287,7 +287,8 @@
*
* Enable the RSA-PSK based ciphersuite modes in SSL / TLS
* (NOT YET IMPLEMENTED)
- * Requires: POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, POLARSSL_PKCS1_V15
+ * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ * POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@@ -307,7 +308,8 @@
*
* Enable the RSA-only based ciphersuite modes in SSL / TLS
*
- * Requires: POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C, POLARSSL_PKCS1_V15
+ * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ * POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@@ -332,8 +334,8 @@
*
* Enable the DHE-RSA based ciphersuite modes in SSL / TLS
*
- * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C,
- * POLARSSL_PKCS1_V15
+ * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ * POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@@ -354,8 +356,8 @@
*
* Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS
*
- * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_X509_CRT_PARSE_C,
- * POLARSSL_PKCS1_V15
+ * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
+ * POLARSSL_X509_CRT_PARSE_C, POLARSSL_X509_CRL_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@@ -377,7 +379,8 @@
*
* Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS
*
- * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C
+ * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C,
+ * POLARSSL_X509_CRL_PARSE_C
*
* This enables the following ciphersuites (if other requisites are
* enabled as well):
@@ -1636,31 +1639,34 @@
#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) || \
- !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
+ !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) || \
+ !defined(POLARSSL_X509_CRL_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) || \
- !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
+ !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) || \
+ !defined(POLARSSL_X509_CRL_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \
( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) || \
- !defined(POLARSSL_X509_CRT_PARSE_C) )
+ !defined(POLARSSL_X509_CRT_PARSE_C) || \
+ !defined(POLARSSL_X509_CRL_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
- !defined(POLARSSL_PKCS1_V15) )
+ !defined(POLARSSL_PKCS1_V15) || !defined(POLARSSL_X509_CRL_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
#endif
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) ||\
- !defined(POLARSSL_PKCS1_V15) )
+ !defined(POLARSSL_PKCS1_V15) || !defined(POLARSSL_X509_CRL_PARSE_C) )
#error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
#endif
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index fa313f4..d9e98a4 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -954,6 +954,7 @@
int major, int minor );
#if defined(POLARSSL_X509_CRT_PARSE_C)
+#if defined(POLARSSL_X509_CRL_PARSE_C)
/**
* \brief Set the data required to verify peer certificate
*
@@ -964,6 +965,7 @@
*/
void ssl_set_ca_chain( ssl_context *ssl, x509_crt *ca_chain,
x509_crl *ca_crl, const char *peer_cn );
+#endif /* POLARSSL_X509_CRL_PARSE_C */
/**
* \brief Set own certificate chain and private key
diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h
index f5703be..dab1296 100644
--- a/include/polarssl/x509_crt.h
+++ b/include/polarssl/x509_crt.h
@@ -198,6 +198,7 @@
int x509_crt_info( char *buf, size_t size, const char *prefix,
const x509_crt *crt );
+#if defined(POLARSSL_X509_CRL_PARSE_C)
/**
* \brief Verify the certificate signature
*
@@ -241,7 +242,6 @@
int (*f_vrfy)(void *, x509_crt *, int, int *),
void *p_vrfy );
-#if defined(POLARSSL_X509_CRL_PARSE_C)
/**
* \brief Verify the certificate signature
*
diff --git a/library/pkparse.c b/library/pkparse.c
index 9160e85..2ecf143 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -745,7 +745,10 @@
}
else
#endif /* POLARSSL_PKCS5_C */
+ {
+ ((void) pwd);
return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
+ }
return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) );
}
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index b134b92..80bef35 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -740,13 +740,15 @@
static int ssl_parse_server_hello( ssl_context *ssl )
{
- uint32_t t;
int ret, i, comp;
size_t n;
size_t ext_len = 0;
unsigned char *buf, *ext;
int renegotiation_info_seen = 0;
int handshake_failure = 0;
+#if defined(POLARSSL_DEBUG_C)
+ uint32_t t;
+#endif
SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) );
@@ -807,13 +809,13 @@
| ( (uint32_t) buf[7] << 16 )
| ( (uint32_t) buf[8] << 8 )
| ( (uint32_t) buf[9] );
+ SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
#endif
memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 );
n = buf[38];
- SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 );
if( n > 32 )