Simplify the way default certs are used
diff --git a/include/polarssl/certs.h b/include/polarssl/certs.h
index 5fcd85d..ba7c028 100644
--- a/include/polarssl/certs.h
+++ b/include/polarssl/certs.h
@@ -34,7 +34,10 @@
/* Concatenation of all available CA certificates */
extern const char test_ca_list[];
-/* First set of certificates: RSA, or ECDSA if RSA is not available */
+/*
+ * Convenience for users who just want a certificate:
+ * RSA by default, or ECDSA if RSA i not available
+ */
extern const char *test_ca_crt;
extern const char *test_ca_key;
extern const char *test_ca_pwd;
@@ -43,17 +46,6 @@
extern const char *test_cli_crt;
extern const char *test_cli_key;
-/* Second set of certificates: ECDSA is both are available */
-#if defined(POLARSSL_RSA_C) && defined(POLARSSL_RSA_C)
-extern const char *test_ca_crt2;
-extern const char *test_ca_key2;
-extern const char *test_ca_pwd2;
-extern const char *test_srv_crt2;
-extern const char *test_srv_key2;
-extern const char *test_cli_crt2;
-extern const char *test_cli_key2;
-#endif
-
#if defined(POLARSSL_ECDSA_C)
extern const char test_ca_crt_ec[];
extern const char test_ca_key_ec[];
diff --git a/library/certs.c b/library/certs.c
index 67172dd..17775b8 100644
--- a/library/certs.c
+++ b/library/certs.c
@@ -302,14 +302,4 @@
const char *test_cli_key = test_cli_key_ec;
#endif
-#if defined(POLARSSL_RSA_C) && defined(POLARSSL_ECDSA_C)
-const char *test_ca_crt2 = test_ca_crt_ec;
-const char *test_ca_key2 = test_ca_key_ec;
-const char *test_ca_pwd2 = test_ca_pwd_ec;
-const char *test_srv_crt2 = test_srv_crt_ec;
-const char *test_srv_key2 = test_srv_key_ec;
-const char *test_cli_crt2 = test_cli_crt_ec;
-const char *test_cli_key2 = test_cli_key_ec;
-#endif
-
#endif /* POLARSSL_CERTS_C */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index ba65131..2d81e75 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -224,7 +224,7 @@
pk_context pkey;
x509_crt srvcert2;
pk_context pkey2;
- int key_cert_provided = 0;
+ int key_cert_init = 0, key_cert_init2 = 0;
#endif
#if defined(POLARSSL_SSL_CACHE_C)
ssl_cache_context cache;
@@ -574,7 +574,7 @@
#if defined(POLARSSL_FS_IO)
if( strlen( opt.crt_file ) )
{
- key_cert_provided = 1;
+ key_cert_init++;
if( ( ret = x509_crt_parse_file( &srvcert, opt.crt_file ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse_file returned -0x%x\n\n",
@@ -584,16 +584,22 @@
}
if( strlen( opt.key_file ) )
{
- key_cert_provided = 1;
+ key_cert_init++;
if( ( ret = pk_parse_keyfile( &pkey, opt.key_file, "" ) ) != 0 )
{
printf( " failed\n ! pk_parse_keyfile returned -0x%x\n\n", -ret );
goto exit;
}
}
+ if( key_cert_init == 1 )
+ {
+ printf( " failed\n ! crt_file without key_file or vice-versa\n\n" );
+ goto exit;
+ }
+
if( strlen( opt.crt_file2 ) )
{
- key_cert_provided = 1;
+ key_cert_init2++;
if( ( ret = x509_crt_parse_file( &srvcert2, opt.crt_file2 ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse_file(2) returned -0x%x\n\n",
@@ -603,7 +609,7 @@
}
if( strlen( opt.key_file2 ) )
{
- key_cert_provided = 1;
+ key_cert_init2++;
if( ( ret = pk_parse_keyfile( &pkey2, opt.key_file2, "" ) ) != 0 )
{
printf( " failed\n ! pk_parse_keyfile(2) returned -0x%x\n\n",
@@ -611,42 +617,53 @@
goto exit;
}
}
+ if( key_cert_init2 == 1 )
+ {
+ printf( " failed\n ! crt_file2 without key_file2 or vice-versa\n\n" );
+ goto exit;
+ }
#endif
- if( key_cert_provided == 0 )
+ if( key_cert_init == 0 && key_cert_init2 == 0 )
{
#if !defined(POLARSSL_CERTS_C)
printf( "Not certificated or key provided, and \n"
"POLARSSL_CERTS_C not defined!\n" );
goto exit;
#else
+#if defined(POLARSSL_RSA_C)
if( ( ret = x509_crt_parse( &srvcert,
- (const unsigned char *) test_srv_crt,
- strlen( test_srv_crt ) ) ) != 0 )
+ (const unsigned char *) test_srv_crt_rsa,
+ strlen( test_srv_crt_rsa ) ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse returned -0x%x\n\n", -ret );
goto exit;
}
- if( ( ret = pk_parse_key( &pkey, (const unsigned char *) test_srv_key,
- strlen( test_srv_key ), NULL, 0 ) ) != 0 )
+ if( ( ret = pk_parse_key( &pkey,
+ (const unsigned char *) test_srv_key_rsa,
+ strlen( test_srv_key_rsa ), NULL, 0 ) ) != 0 )
{
printf( " failed\n ! pk_parse_key returned -0x%x\n\n", -ret );
goto exit;
}
-#if defined(POLARSSL_RSA_C) && defined(POLARSSL_ECDSA_C)
+ key_cert_init = 2;
+#endif /* POLARSSL_RSA_C */
+#if defined(POLARSSL_ECDSA_C)
if( ( ret = x509_crt_parse( &srvcert2,
- (const unsigned char *) test_srv_crt2,
- strlen( test_srv_crt2 ) ) ) != 0 )
+ (const unsigned char *) test_srv_crt_ec,
+ strlen( test_srv_crt_ec ) ) ) != 0 )
{
printf( " failed\n ! x509_crt_parse2 returned -0x%x\n\n", -ret );
goto exit;
}
- if( ( ret = pk_parse_key( &pkey2, (const unsigned char *) test_srv_key2,
- strlen( test_srv_key2 ), NULL, 0 ) ) != 0 )
+ if( ( ret = pk_parse_key( &pkey2,
+ (const unsigned char *) test_srv_key_ec,
+ strlen( test_srv_key_ec ), NULL, 0 ) ) != 0 )
{
printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", -ret );
goto exit;
}
-#endif /* POLARSSL_RSA_C && POLARSSL_ECDSA_C */
+ key_cert_init2 = 2;
+#endif /* POLARSSL_ECDSA_C */
#endif /* POLARSSL_CERTS_C */
}
@@ -706,10 +723,10 @@
#if defined(POLARSSL_X509_CRT_PARSE_C)
ssl_set_ca_chain( &ssl, &cacert, NULL, NULL );
- ssl_set_own_cert( &ssl, &srvcert, &pkey );
-#if defined(POLARSSL_RSA_C) && defined(POLARSSL_ECDSA_C)
- ssl_set_own_cert( &ssl, &srvcert2, &pkey2 );
-#endif
+ if( key_cert_init )
+ ssl_set_own_cert( &ssl, &srvcert, &pkey );
+ if( key_cert_init2 )
+ ssl_set_own_cert( &ssl, &srvcert2, &pkey2 );
#endif
#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)