Re-implement verify chain if vrfy cbs are disabled This commit re-implements the previously introduced internal verification chain API in the case where verification callbacks are disabled. In this situation, it is not necessary to maintain the list of individual certificates and flags comprising the verification chain - instead, it suffices to just keep track of the length and the total (=merged) flags.

commit: 8d6d3206036e2017cdccf638bc46a2b2e5e00d66 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Fri Aug 16 17:18:15 2019 +0100
committer: Hanno Becker <hanno.becker@arm.com> Mon Sep 09 09:55:31 2019 +0100
tree: 238a574b5f8cdf3ff47b1522cff28c4dee598d88
parent: adc282a5e881293540d02db94c02f6bfb002101a [diff] [blame]
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index e90f6a0..aa0ec97 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h

@@ -214,6 +214,8 @@
 mbedtls_x509write_cert;
 #endif /* MBEDTLS_X509_CRT_WRITE_C */
 
+#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
+
 /**
  * Item in a verification chain: cert and flags for it
  */
@@ -236,6 +238,16 @@
     unsigned len;
 } mbedtls_x509_crt_verify_chain;
 
+#else /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
+
+typedef struct
+{
+    unsigned len;
+    uint32_t flags;
+} mbedtls_x509_crt_verify_chain;
+
+#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
+
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
 
 /**
commit	8d6d3206036e2017cdccf638bc46a2b2e5e00d66	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Fri Aug 16 17:18:15 2019 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Mon Sep 09 09:55:31 2019 +0100
tree	238a574b5f8cdf3ff47b1522cff28c4dee598d88
parent	adc282a5e881293540d02db94c02f6bfb002101a [diff] [blame]