Move easy ssl_set_xxx() functions to work on conf
mbedtls_ssl_set_alpn_protocols
mbedtls_ssl_set_arc4_support
mbedtls_ssl_set_authmode
mbedtls_ssl_set_ciphersuites
mbedtls_ssl_set_ciphersuites_for_version
mbedtls_ssl_set_curves
mbedtls_ssl_set_dbg
mbedtls_ssl_set_dh_param
mbedtls_ssl_set_dh_param_ctx
mbedtls_ssl_set_dtls_anti_replay
mbedtls_ssl_set_dtls_badmac_limit
mbedtls_ssl_set_dtls_cookies
mbedtls_ssl_set_encrypt_then_mac
mbedtls_ssl_set_endpoint
mbedtls_ssl_set_extended_master_secret
mbedtls_ssl_set_handshake_timeout
mbedtls_ssl_legacy_renegotiation
mbedtls_ssl_set_max_version
mbedtls_ssl_set_min_version
mbedtls_ssl_set_psk_cb
mbedtls_ssl_set_renegotiation
mbedtls_ssl_set_renegotiation_enforced
mbedtls_ssl_set_renegotiation_period
mbedtls_ssl_set_session_cache
mbedtls_ssl_set_session_ticket_lifetime
mbedtls_ssl_set_sni
mbedtls_ssl_set_transport
mbedtls_ssl_set_truncated_hmac
mbedtls_ssl_set_verify
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index d515eb1..4f826e4 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1187,19 +1187,19 @@
/**
* \brief Set the current endpoint type
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
*
* \note This function should be called right after mbedtls_ssl_init() since
* some other ssl_set_foo() functions depend on it.
*/
-void mbedtls_ssl_set_endpoint( mbedtls_ssl_context *ssl, int endpoint );
+void mbedtls_ssl_set_endpoint( mbedtls_ssl_config *conf, int endpoint );
/**
* \brief Set the transport type (TLS or DTLS).
* Default: TLS
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param transport transport type:
* MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
* MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
@@ -1212,12 +1212,13 @@
* doesn't block, or one that handles timeouts, see
* mbedtls_ssl_set_bio_timeout()
*/
-int mbedtls_ssl_set_transport( mbedtls_ssl_context *ssl, int transport );
+int mbedtls_ssl_set_transport( mbedtls_ssl_config *conf, int transport );
/**
* \brief Set the certificate verification mode
+ * Default: NONE on server, REQUIRED on client
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param authmode can be:
*
* MBEDTLS_SSL_VERIFY_NONE: peer certificate is not checked
@@ -1238,7 +1239,7 @@
* the verification as soon as possible. For example, REQUIRED was protecting
* against the "triple handshake" attack even before it was found.
*/
-void mbedtls_ssl_set_authmode( mbedtls_ssl_context *ssl, int authmode );
+void mbedtls_ssl_set_authmode( mbedtls_ssl_config *conf, int authmode );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/**
@@ -1248,11 +1249,11 @@
* certificate in the chain. For implementation
* information, please see \c x509parse_verify()
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param f_vrfy verification function
* \param p_vrfy verification parameter
*/
-void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_set_verify( mbedtls_ssl_config *conf,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, int *),
void *p_vrfy );
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@@ -1271,11 +1272,11 @@
/**
* \brief Set the debug callback
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param f_dbg debug function
* \param p_dbg debug parameter
*/
-void mbedtls_ssl_set_dbg( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_set_dbg( mbedtls_ssl_config *conf,
void (*f_dbg)(void *, int, const char *),
void *p_dbg );
@@ -1404,12 +1405,12 @@
* Only disable if you known this can't happen in your
* particular environment.
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param f_cookie_write Cookie write callback
* \param f_cookie_check Cookie check callback
* \param p_cookie Context for both callbacks
*/
-void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_config *conf,
mbedtls_ssl_cookie_write_t *f_cookie_write,
mbedtls_ssl_cookie_check_t *f_cookie_check,
void *p_cookie );
@@ -1421,7 +1422,7 @@
* (DTLS only, no effect on TLS.)
* Default: enabled.
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param mode MBEDTLS_SSL_ANTI_REPLAY_ENABLED or MBEDTLS_SSL_ANTI_REPLAY_DISABLED.
*
* \warning Disabling this is a security risk unless the application
@@ -1431,7 +1432,7 @@
* packets and needs information about them to adjust its
* transmission strategy, then you'll want to disable this.
*/
-void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode );
+void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
@@ -1441,7 +1442,7 @@
* (DTLS only, no effect on TLS.)
* Default: 0 (disabled).
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param limit Limit, or 0 to disable.
*
* \note If the limit is N, then the connection is terminated when
@@ -1458,7 +1459,7 @@
* might make us waste resources checking authentication on
* many bogus packets.
*/
-void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit );
+void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -1466,7 +1467,7 @@
* \brief Set retransmit timeout values for the DTLS handshale.
* (DTLS only, no effect on TLS.)
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param min Initial timeout value in milliseconds.
* Default: 1000 (1 second).
* \param max Maximum timeout value in milliseconds.
@@ -1478,7 +1479,7 @@
* handshake latency. Lower values may increase the risk of
* network congestion by causing more retransmissions.
*/
-void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_context *ssl, uint32_t min, uint32_t max );
+void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
/**
@@ -1513,13 +1514,13 @@
* an entry is still valid in the future. Return 0 if
* successfully cached, return 1 otherwise.
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param f_get_cache session get callback
* \param p_get_cache session get parameter
* \param f_set_cache session set callback
* \param p_set_cache session set parameter
*/
-void mbedtls_ssl_set_session_cache( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_set_session_cache( mbedtls_ssl_config *conf,
int (*f_get_cache)(void *, mbedtls_ssl_session *), void *p_get_cache,
int (*f_set_cache)(void *, const mbedtls_ssl_session *), void *p_set_cache );
#endif /* MBEDTLS_SSL_SRV_C */
@@ -1551,17 +1552,18 @@
* over the preference of the client unless
* MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined!
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param ciphersuites 0-terminated list of allowed ciphersuites
*/
-void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_context *ssl, const int *ciphersuites );
+void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_config *conf,
+ const int *ciphersuites );
/**
* \brief Set the list of allowed ciphersuites and the
* preference order for a specific version of the protocol.
* (Only useful on the server side)
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param ciphersuites 0-terminated list of allowed ciphersuites
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3
* supported)
@@ -1572,7 +1574,7 @@
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
* and MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
*/
-void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_config *conf,
const int *ciphersuites,
int major, int minor );
@@ -1642,11 +1644,11 @@
* identity and return 0.
* Any other return value will result in a denied PSK identity.
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param f_psk PSK identity function
* \param p_psk PSK identity parameter
*/
-void mbedtls_ssl_set_psk_cb( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_set_psk_cb( mbedtls_ssl_config *conf,
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
size_t),
void *p_psk );
@@ -1658,24 +1660,24 @@
* read as hexadecimal strings (server-side only)
* (Default: MBEDTLS_DHM_RFC5114_MODP_1024_[PG])
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param dhm_P Diffie-Hellman-Merkle modulus
* \param dhm_G Diffie-Hellman-Merkle generator
*
* \return 0 if successful
*/
-int mbedtls_ssl_set_dh_param( mbedtls_ssl_context *ssl, const char *dhm_P, const char *dhm_G );
+int mbedtls_ssl_set_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G );
/**
* \brief Set the Diffie-Hellman public P and G values,
* read from existing context (server-side only)
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param dhm_ctx Diffie-Hellman-Merkle context
*
* \return 0 if successful
*/
-int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context *dhm_ctx );
+int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
#endif /* MBEDTLS_DHM_C */
#if defined(MBEDTLS_SSL_SET_CURVES)
@@ -1693,11 +1695,11 @@
* Both sides: limits the set of curves used by peer to the
* listed curves for any use (ECDH(E), certificates).
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param curves Ordered list of allowed curves,
* terminated by MBEDTLS_ECP_DP_NONE.
*/
-void mbedtls_ssl_set_curves( mbedtls_ssl_context *ssl, const mbedtls_ecp_group_id *curves );
+void mbedtls_ssl_set_curves( mbedtls_ssl_config *conf, const mbedtls_ecp_group_id *curves );
#endif /* MBEDTLS_SSL_SET_CURVES */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@@ -1728,11 +1730,11 @@
* callback should return -1 to abort the handshake at this
* point.
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param f_sni verification function
* \param p_sni verification parameter
*/
-void mbedtls_ssl_set_sni( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_set_sni( mbedtls_ssl_config *conf,
int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
size_t),
void *p_sni );
@@ -1742,13 +1744,13 @@
/**
* \brief Set the supported Application Layer Protocols.
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param protos NULL-terminated list of supported protocols,
* in decreasing preference order.
*
* \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
*/
-int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_context *ssl, const char **protos );
+int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
/**
* \brief Get the name of the negotiated Application Layer Protocol.
@@ -1769,7 +1771,7 @@
*
* Note: This ignores ciphersuites from 'higher' versions.
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
* \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
@@ -1779,7 +1781,7 @@
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
*/
-int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor );
+int mbedtls_ssl_set_max_version( mbedtls_ssl_config *conf, int major, int minor );
/**
* \brief Set the minimum accepted SSL/TLS protocol version
@@ -1790,7 +1792,7 @@
*
* \note MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided.
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
* \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
* MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
@@ -1800,7 +1802,7 @@
* \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
* MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
*/
-int mbedtls_ssl_set_min_version( mbedtls_ssl_context *ssl, int major, int minor );
+int mbedtls_ssl_set_min_version( mbedtls_ssl_config *conf, int major, int minor );
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
/**
@@ -1834,10 +1836,10 @@
* improvement, and should not cause any interoperability
* issue (used only if the peer supports it too).
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param etm MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
*/
-void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_context *ssl, char etm );
+void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
@@ -1849,10 +1851,10 @@
* protocol, and should not cause any interoperability issue
* (used only if the peer supports it too).
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param ems MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
*/
-void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_context *ssl, char ems );
+void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_config *conf, char ems );
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
/**
@@ -1865,10 +1867,10 @@
* \note This function will likely be removed in future versions as
* RC4 will then be disabled by default at compile time.
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param arc4 MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
*/
-void mbedtls_ssl_set_arc4_support( mbedtls_ssl_context *ssl, char arc4 );
+void mbedtls_ssl_set_arc4_support( mbedtls_ssl_config *conf, char arc4 );
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
/**
@@ -1895,13 +1897,13 @@
* (Default: MBEDTLS_SSL_TRUNC_HMAC_DISABLED on client,
* MBEDTLS_SSL_TRUNC_HMAC_ENABLED on server.)
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param truncate Enable or disable (MBEDTLS_SSL_TRUNC_HMAC_ENABLED or
* MBEDTLS_SSL_TRUNC_HMAC_DISABLED)
*
* \return Always 0.
*/
-int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_context *ssl, int truncate );
+int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
@@ -1942,10 +1944,10 @@
* \brief Set session ticket lifetime (server only)
* (Default: MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME (86400 secs / 1 day))
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param lifetime session ticket lifetime
*/
-void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_context *ssl, int lifetime );
+void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_config *conf, int lifetime );
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -1958,11 +1960,11 @@
* resource DoS by a malicious client. You should enable this on
* a client to enable server-initiated renegotiation.
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param renegotiation Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
* MBEDTLS_SSL_RENEGOTIATION_DISABLED)
*/
-void mbedtls_ssl_set_renegotiation( mbedtls_ssl_context *ssl, int renegotiation );
+void mbedtls_ssl_set_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
#endif /* MBEDTLS_SSL_RENEGOTIATION */
/**
@@ -1987,12 +1989,12 @@
* that do not support renegotiation altogether.
* (Most secure option, interoperability issues)
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param allow_legacy Prevent or allow (SSL_NO_LEGACY_RENEGOTIATION,
* SSL_ALLOW_LEGACY_RENEGOTIATION or
* MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
*/
-void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_context *ssl, int allow_legacy );
+void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
#if defined(MBEDTLS_SSL_RENEGOTIATION)
/**
@@ -2027,12 +2029,12 @@
* if we receive application data from the server, we need a
* place to write it, which only happens during mbedtls_ssl_read().
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param max_records Use MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED if you don't want to
* enforce renegotiation, or a non-negative value to enforce
* it but allow for a grace period of max_records records.
*/
-void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_context *ssl, int max_records );
+void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
/**
* \brief Set record counter threshold for periodic renegotiation.
@@ -2047,11 +2049,11 @@
* Lower values can be used to enforce policies such as "keys
* must be refreshed every N packets with cipher X".
*
- * \param ssl SSL context
+ * \param conf SSL configuration
* \param period The threshold value: a big-endian 64-bit number.
* Set to 2^64 - 1 to disable periodic renegotiation
*/
-void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_config *conf,
const unsigned char period[8] );
#endif /* MBEDTLS_SSL_RENEGOTIATION */
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index bb5e7e0..e91d13c 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -377,14 +377,14 @@
return( 0 );
}
-void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_set_dtls_cookies( mbedtls_ssl_config *conf,
mbedtls_ssl_cookie_write_t *f_cookie_write,
mbedtls_ssl_cookie_check_t *f_cookie_check,
void *p_cookie )
{
- ssl->conf->f_cookie_write = f_cookie_write;
- ssl->conf->f_cookie_check = f_cookie_check;
- ssl->conf->p_cookie = p_cookie;
+ conf->f_cookie_write = f_cookie_write;
+ conf->f_cookie_check = f_cookie_check;
+ conf->p_cookie = p_cookie;
}
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index dd477c7..6702c8b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5168,52 +5168,52 @@
/*
* SSL set accessors
*/
-void mbedtls_ssl_set_endpoint( mbedtls_ssl_context *ssl, int endpoint )
+void mbedtls_ssl_set_endpoint( mbedtls_ssl_config *conf, int endpoint )
{
- ssl->conf->endpoint = endpoint;
+ conf->endpoint = endpoint;
}
-int mbedtls_ssl_set_transport( mbedtls_ssl_context *ssl, int transport )
+int mbedtls_ssl_set_transport( mbedtls_ssl_config *conf, int transport )
{
- ssl->conf->transport = transport;
+ conf->transport = transport;
return( 0 );
}
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_context *ssl, char mode )
+void mbedtls_ssl_set_dtls_anti_replay( mbedtls_ssl_config *conf, char mode )
{
- ssl->conf->anti_replay = mode;
+ conf->anti_replay = mode;
}
#endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
-void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_context *ssl, unsigned limit )
+void mbedtls_ssl_set_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit )
{
- ssl->conf->badmac_limit = limit;
+ conf->badmac_limit = limit;
}
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
-void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_context *ssl, uint32_t min, uint32_t max )
+void mbedtls_ssl_set_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max )
{
- ssl->conf->hs_timeout_min = min;
- ssl->conf->hs_timeout_max = max;
+ conf->hs_timeout_min = min;
+ conf->hs_timeout_max = max;
}
#endif
-void mbedtls_ssl_set_authmode( mbedtls_ssl_context *ssl, int authmode )
+void mbedtls_ssl_set_authmode( mbedtls_ssl_config *conf, int authmode )
{
- ssl->conf->authmode = authmode;
+ conf->authmode = authmode;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
-void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_set_verify( mbedtls_ssl_config *conf,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, int *),
void *p_vrfy )
{
- ssl->conf->f_vrfy = f_vrfy;
- ssl->conf->p_vrfy = p_vrfy;
+ conf->f_vrfy = f_vrfy;
+ conf->p_vrfy = p_vrfy;
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@@ -5225,12 +5225,12 @@
ssl->p_rng = p_rng;
}
-void mbedtls_ssl_set_dbg( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_set_dbg( mbedtls_ssl_config *conf,
void (*f_dbg)(void *, int, const char *),
void *p_dbg )
{
- ssl->conf->f_dbg = f_dbg;
- ssl->conf->p_dbg = p_dbg;
+ conf->f_dbg = f_dbg;
+ conf->p_dbg = p_dbg;
}
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
@@ -5267,14 +5267,14 @@
}
#if defined(MBEDTLS_SSL_SRV_C)
-void mbedtls_ssl_set_session_cache( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_set_session_cache( mbedtls_ssl_config *conf,
int (*f_get_cache)(void *, mbedtls_ssl_session *), void *p_get_cache,
int (*f_set_cache)(void *, const mbedtls_ssl_session *), void *p_set_cache )
{
- ssl->conf->f_get_cache = f_get_cache;
- ssl->conf->p_get_cache = p_get_cache;
- ssl->conf->f_set_cache = f_set_cache;
- ssl->conf->p_set_cache = p_set_cache;
+ conf->f_get_cache = f_get_cache;
+ conf->p_get_cache = p_get_cache;
+ conf->f_set_cache = f_set_cache;
+ conf->p_set_cache = p_set_cache;
}
#endif /* MBEDTLS_SSL_SRV_C */
@@ -5300,15 +5300,16 @@
}
#endif /* MBEDTLS_SSL_CLI_C */
-void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_context *ssl, const int *ciphersuites )
+void mbedtls_ssl_set_ciphersuites( mbedtls_ssl_config *conf,
+ const int *ciphersuites )
{
- ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites;
- ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites;
- ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites;
- ssl->conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites;
+ conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_0] = ciphersuites;
+ conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_1] = ciphersuites;
+ conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_2] = ciphersuites;
+ conf->ciphersuite_list[MBEDTLS_SSL_MINOR_VERSION_3] = ciphersuites;
}
-void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_set_ciphersuites_for_version( mbedtls_ssl_config *conf,
const int *ciphersuites,
int major, int minor )
{
@@ -5318,7 +5319,7 @@
if( minor < MBEDTLS_SSL_MINOR_VERSION_0 || minor > MBEDTLS_SSL_MINOR_VERSION_3 )
return;
- ssl->conf->ciphersuite_list[minor] = ciphersuites;
+ conf->ciphersuite_list[minor] = ciphersuites;
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -5407,51 +5408,39 @@
return( 0 );
}
-void mbedtls_ssl_set_psk_cb( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_set_psk_cb( mbedtls_ssl_config *conf,
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
size_t),
void *p_psk )
{
- ssl->conf->f_psk = f_psk;
- ssl->conf->p_psk = p_psk;
+ conf->f_psk = f_psk;
+ conf->p_psk = p_psk;
}
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
#if defined(MBEDTLS_DHM_C)
-int mbedtls_ssl_set_dh_param( mbedtls_ssl_context *ssl, const char *dhm_P, const char *dhm_G )
+int mbedtls_ssl_set_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G )
{
int ret;
- if( ( ret = mbedtls_mpi_read_string( &ssl->conf->dhm_P, 16, dhm_P ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_read_string", ret );
+ if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 )
return( ret );
- }
- if( ( ret = mbedtls_mpi_read_string( &ssl->conf->dhm_G, 16, dhm_G ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_read_string", ret );
+ if( ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 )
return( ret );
- }
return( 0 );
}
-int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_context *ssl, mbedtls_dhm_context *dhm_ctx )
+int mbedtls_ssl_set_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx )
{
int ret;
- if( ( ret = mbedtls_mpi_copy( &ssl->conf->dhm_P, &dhm_ctx->P ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret );
+ if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 )
return( ret );
- }
- if( ( ret = mbedtls_mpi_copy( &ssl->conf->dhm_G, &dhm_ctx->G ) ) != 0 )
- {
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret );
+ if( ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 )
return( ret );
- }
return( 0 );
}
@@ -5461,9 +5450,10 @@
/*
* Set the allowed elliptic curves
*/
-void mbedtls_ssl_set_curves( mbedtls_ssl_context *ssl, const mbedtls_ecp_group_id *curve_list )
+void mbedtls_ssl_set_curves( mbedtls_ssl_config *conf,
+ const mbedtls_ecp_group_id *curve_list )
{
- ssl->conf->curve_list = curve_list;
+ conf->curve_list = curve_list;
}
#endif
@@ -5491,18 +5481,18 @@
return( 0 );
}
-void mbedtls_ssl_set_sni( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_set_sni( mbedtls_ssl_config *conf,
int (*f_sni)(void *, mbedtls_ssl_context *,
const unsigned char *, size_t),
void *p_sni )
{
- ssl->conf->f_sni = f_sni;
- ssl->conf->p_sni = p_sni;
+ conf->f_sni = f_sni;
+ conf->p_sni = p_sni;
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_ALPN)
-int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_context *ssl, const char **protos )
+int mbedtls_ssl_set_alpn_protocols( mbedtls_ssl_config *conf, const char **protos )
{
size_t cur_len, tot_len;
const char **p;
@@ -5521,7 +5511,7 @@
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- ssl->conf->alpn_list = protos;
+ conf->alpn_list = protos;
return( 0 );
}
@@ -5532,16 +5522,19 @@
}
#endif /* MBEDTLS_SSL_ALPN */
-static int ssl_check_version( const mbedtls_ssl_context *ssl, int major, int minor )
+static int ssl_check_version( const mbedtls_ssl_config *conf,
+ int major, int minor )
{
- if( major < MBEDTLS_SSL_MIN_MAJOR_VERSION || major > MBEDTLS_SSL_MAX_MAJOR_VERSION ||
- minor < MBEDTLS_SSL_MIN_MINOR_VERSION || minor > MBEDTLS_SSL_MAX_MINOR_VERSION )
+ if( major < MBEDTLS_SSL_MIN_MAJOR_VERSION ||
+ major > MBEDTLS_SSL_MAX_MAJOR_VERSION ||
+ minor < MBEDTLS_SSL_MIN_MINOR_VERSION ||
+ minor > MBEDTLS_SSL_MAX_MINOR_VERSION )
{
return( -1 );
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
minor < MBEDTLS_SSL_MINOR_VERSION_2 )
{
return( -1 );
@@ -5553,24 +5546,24 @@
return( 0 );
}
-int mbedtls_ssl_set_max_version( mbedtls_ssl_context *ssl, int major, int minor )
+int mbedtls_ssl_set_max_version( mbedtls_ssl_config *conf, int major, int minor )
{
- if( ssl_check_version( ssl, major, minor ) != 0 )
+ if( ssl_check_version( conf, major, minor ) != 0 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- ssl->conf->max_major_ver = major;
- ssl->conf->max_minor_ver = minor;
+ conf->max_major_ver = major;
+ conf->max_minor_ver = minor;
return( 0 );
}
-int mbedtls_ssl_set_min_version( mbedtls_ssl_context *ssl, int major, int minor )
+int mbedtls_ssl_set_min_version( mbedtls_ssl_config *conf, int major, int minor )
{
- if( ssl_check_version( ssl, major, minor ) != 0 )
+ if( ssl_check_version( conf, major, minor ) != 0 )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- ssl->conf->min_major_ver = major;
- ssl->conf->min_minor_ver = minor;
+ conf->min_major_ver = major;
+ conf->min_minor_ver = minor;
return( 0 );
}
@@ -5583,22 +5576,22 @@
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_context *ssl, char etm )
+void mbedtls_ssl_set_encrypt_then_mac( mbedtls_ssl_config *conf, char etm )
{
- ssl->conf->encrypt_then_mac = etm;
+ conf->encrypt_then_mac = etm;
}
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_context *ssl, char ems )
+void mbedtls_ssl_set_extended_master_secret( mbedtls_ssl_config *conf, char ems )
{
- ssl->conf->extended_ms = ems;
+ conf->extended_ms = ems;
}
#endif
-void mbedtls_ssl_set_arc4_support( mbedtls_ssl_context *ssl, char arc4 )
+void mbedtls_ssl_set_arc4_support( mbedtls_ssl_config *conf, char arc4 )
{
- ssl->conf->arc4_disabled = arc4;
+ conf->arc4_disabled = arc4;
}
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -5617,9 +5610,9 @@
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_context *ssl, int truncate )
+int mbedtls_ssl_set_truncated_hmac( mbedtls_ssl_config *conf, int truncate )
{
- ssl->conf->trunc_hmac = truncate;
+ conf->trunc_hmac = truncate;
return( 0 );
}
@@ -5632,26 +5625,26 @@
}
#endif
-void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_context *ssl, int allow_legacy )
+void mbedtls_ssl_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy )
{
- ssl->conf->allow_legacy_renegotiation = allow_legacy;
+ conf->allow_legacy_renegotiation = allow_legacy;
}
#if defined(MBEDTLS_SSL_RENEGOTIATION)
-void mbedtls_ssl_set_renegotiation( mbedtls_ssl_context *ssl, int renegotiation )
+void mbedtls_ssl_set_renegotiation( mbedtls_ssl_config *conf, int renegotiation )
{
- ssl->conf->disable_renegotiation = renegotiation;
+ conf->disable_renegotiation = renegotiation;
}
-void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_context *ssl, int max_records )
+void mbedtls_ssl_set_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records )
{
- ssl->conf->renego_max_records = max_records;
+ conf->renego_max_records = max_records;
}
-void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_context *ssl,
+void mbedtls_ssl_set_renegotiation_period( mbedtls_ssl_config *conf,
const unsigned char period[8] )
{
- memcpy( ssl->conf->renego_period, period, 8 );
+ memcpy( conf->renego_period, period, 8 );
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
@@ -5674,9 +5667,9 @@
return( ssl_ticket_keys_init( ssl ) );
}
-void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_context *ssl, int lifetime )
+void mbedtls_ssl_set_session_ticket_lifetime( mbedtls_ssl_config *conf, int lifetime )
{
- ssl->conf->ticket_lifetime = lifetime;
+ conf->ticket_lifetime = lifetime;
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 09cea3b..eb27f3c 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -181,11 +181,11 @@
/* OPTIONAL is usually a bad choice for security, but makes interop easier
* in this simplified example, in which the ca chain is hardcoded.
* Production code should set a proper ca chain and use REQUIRED. */
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
+ mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, SERVER_NAME );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd,
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout,
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 4512943..96cb136 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -206,14 +206,13 @@
goto exit;
}
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
-
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
- mbedtls_ssl_cache_set, &cache );
+ mbedtls_ssl_set_session_cache( &conf,
+ mbedtls_ssl_cache_get, &cache,
+ mbedtls_ssl_cache_set, &cache );
#endif
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
@@ -230,7 +229,7 @@
goto exit;
}
- mbedtls_ssl_set_dtls_cookies( &ssl, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
+ mbedtls_ssl_set_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
&cookie_ctx );
printf( " ok\n" );
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 694bf40..5d140b9 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -217,7 +217,7 @@
}
mbedtls_ssl_set_ca_chain( &ssl, &ca, NULL, HOSTNAME );
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_REQUIRED );
+ mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
#endif
/*
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 4804235..38a510c 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -168,11 +168,11 @@
/* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
+ mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, "mbed TLS Server 1" );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
/*
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 1454067..0f2313c 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1065,15 +1065,15 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if( opt.debug_level > 0 )
- mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
+ mbedtls_ssl_set_verify( &conf, my_verify, NULL );
#endif
if( opt.auth_mode != DFL_AUTH_MODE )
- mbedtls_ssl_set_authmode( &ssl, opt.auth_mode );
+ mbedtls_ssl_set_authmode( &conf, opt.auth_mode );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
- mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max );
+ mbedtls_ssl_set_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -1086,17 +1086,17 @@
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
- mbedtls_ssl_set_truncated_hmac( &ssl, opt.trunc_hmac );
+ mbedtls_ssl_set_truncated_hmac( &conf, opt.trunc_hmac );
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
if( opt.extended_ms != DFL_EXTENDED_MS )
- mbedtls_ssl_set_extended_master_secret( &ssl, opt.extended_ms );
+ mbedtls_ssl_set_extended_master_secret( &conf, opt.extended_ms );
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( opt.etm != DFL_ETM )
- mbedtls_ssl_set_encrypt_then_mac( &ssl, opt.etm );
+ mbedtls_ssl_set_encrypt_then_mac( &conf, opt.etm );
#endif
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
@@ -1108,7 +1108,7 @@
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
- if( ( ret = mbedtls_ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
+ if( ( ret = mbedtls_ssl_set_alpn_protocols( &conf, alpn_list ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_alpn_protocols returned %d\n\n", ret );
goto exit;
@@ -1116,7 +1116,7 @@
#endif
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
if( opt.nbio == 2 )
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, my_send, my_recv, NULL,
@@ -1139,15 +1139,15 @@
#endif
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
- mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
+ mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
if( opt.arc4 != DFL_ARC4 )
- mbedtls_ssl_set_arc4_support( &ssl, opt.arc4 );
+ mbedtls_ssl_set_arc4_support( &conf, opt.arc4 );
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
- mbedtls_ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
+ mbedtls_ssl_legacy_renegotiation( &conf, opt.allow_legacy );
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- mbedtls_ssl_set_renegotiation( &ssl, opt.renegotiation );
+ mbedtls_ssl_set_renegotiation( &conf, opt.renegotiation );
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -1187,7 +1187,7 @@
if( opt.min_version != DFL_MIN_VERSION )
{
- ret = mbedtls_ssl_set_min_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
+ ret = mbedtls_ssl_set_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! selected min_version is not available\n" );
@@ -1197,7 +1197,7 @@
if( opt.max_version != DFL_MAX_VERSION )
{
- ret = mbedtls_ssl_set_max_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
+ ret = mbedtls_ssl_set_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! selected max_version is not available\n" );
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 3837466..877f958 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -265,10 +265,8 @@
mbedtls_printf( " ok\n" );
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
-
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 26972f8..000ed09 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -602,14 +602,14 @@
/* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
+ mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
- mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
+ mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 6896e97..e951b3a 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -176,17 +176,16 @@
goto thread_exit;
}
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
-
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_mutexed_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_mutexed_debug, stdout );
/* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
* MBEDTLS_THREADING_C is set.
*/
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, thread_info->cache,
- mbedtls_ssl_cache_set, thread_info->cache );
+ mbedtls_ssl_set_session_cache( &conf,
+ mbedtls_ssl_cache_get, thread_info->cache,
+ mbedtls_ssl_cache_set, thread_info->cache );
#endif
mbedtls_ssl_set_ca_chain( &ssl, thread_info->ca_chain, NULL, NULL );
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 5c2a7d2..2302f06 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -205,14 +205,13 @@
goto exit;
}
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
-
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
- mbedtls_ssl_cache_set, &cache );
+ mbedtls_ssl_set_session_cache( &conf,
+ mbedtls_ssl_cache_get, &cache,
+ mbedtls_ssl_cache_set, &cache );
#endif
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 8955acf..e4f8163 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1534,13 +1534,12 @@
goto exit;
}
- mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
if( opt.auth_mode != DFL_AUTH_MODE )
- mbedtls_ssl_set_authmode( &ssl, opt.auth_mode );
+ mbedtls_ssl_set_authmode( &conf, opt.auth_mode );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
- mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max );
+ mbedtls_ssl_set_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -1553,22 +1552,22 @@
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
- mbedtls_ssl_set_truncated_hmac( &ssl, opt.trunc_hmac );
+ mbedtls_ssl_set_truncated_hmac( &conf, opt.trunc_hmac );
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
if( opt.extended_ms != DFL_EXTENDED_MS )
- mbedtls_ssl_set_extended_master_secret( &ssl, opt.extended_ms );
+ mbedtls_ssl_set_extended_master_secret( &conf, opt.extended_ms );
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( opt.etm != DFL_ETM )
- mbedtls_ssl_set_encrypt_then_mac( &ssl, opt.etm );
+ mbedtls_ssl_set_encrypt_then_mac( &conf, opt.etm );
#endif
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
- if( ( ret = mbedtls_ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
+ if( ( ret = mbedtls_ssl_set_alpn_protocols( &conf, alpn_list ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_alpn_protocols returned %d\n\n", ret );
goto exit;
@@ -1576,7 +1575,7 @@
#endif
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C)
if( opt.cache_max != -1 )
@@ -1585,8 +1584,9 @@
if( opt.cache_timeout != -1 )
mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout );
- mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
- mbedtls_ssl_cache_set, &cache );
+ mbedtls_ssl_set_session_cache( &conf,
+ mbedtls_ssl_cache_get, &cache,
+ mbedtls_ssl_cache_set, &cache );
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
@@ -1597,7 +1597,7 @@
}
if( opt.ticket_timeout != -1 )
- mbedtls_ssl_set_session_ticket_lifetime( &ssl, opt.ticket_timeout );
+ mbedtls_ssl_set_session_ticket_lifetime( &conf, opt.ticket_timeout );
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -1613,7 +1613,7 @@
goto exit;
}
- mbedtls_ssl_set_dtls_cookies( &ssl, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
+ mbedtls_ssl_set_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
&cookie_ctx );
}
else
@@ -1621,7 +1621,7 @@
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
if( opt.cookies == 0 )
{
- mbedtls_ssl_set_dtls_cookies( &ssl, NULL, NULL, NULL );
+ mbedtls_ssl_set_dtls_cookies( &conf, NULL, NULL, NULL );
}
else
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
@@ -1631,50 +1631,50 @@
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
if( opt.anti_replay != DFL_ANTI_REPLAY )
- mbedtls_ssl_set_dtls_anti_replay( &ssl, opt.anti_replay );
+ mbedtls_ssl_set_dtls_anti_replay( &conf, opt.anti_replay );
#endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
if( opt.badmac_limit != DFL_BADMAC_LIMIT )
- mbedtls_ssl_set_dtls_badmac_limit( &ssl, opt.badmac_limit );
+ mbedtls_ssl_set_dtls_badmac_limit( &conf, opt.badmac_limit );
#endif
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
- mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
+ mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
if( opt.arc4 != DFL_ARC4 )
- mbedtls_ssl_set_arc4_support( &ssl, opt.arc4 );
+ mbedtls_ssl_set_arc4_support( &conf, opt.arc4 );
if( opt.version_suites != NULL )
{
- mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[0],
+ mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[0],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_0 );
- mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[1],
+ mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[1],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_1 );
- mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[2],
+ mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[2],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_2 );
- mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[3],
+ mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[3],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_3 );
}
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
- mbedtls_ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
+ mbedtls_ssl_legacy_renegotiation( &conf, opt.allow_legacy );
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- mbedtls_ssl_set_renegotiation( &ssl, opt.renegotiation );
+ mbedtls_ssl_set_renegotiation( &conf, opt.renegotiation );
if( opt.renego_delay != DFL_RENEGO_DELAY )
- mbedtls_ssl_set_renegotiation_enforced( &ssl, opt.renego_delay );
+ mbedtls_ssl_set_renegotiation_enforced( &conf, opt.renego_delay );
if( opt.renego_period != DFL_RENEGO_PERIOD )
{
renego_period[7] = opt.renego_period;
- mbedtls_ssl_set_renegotiation_period( &ssl, renego_period );
+ mbedtls_ssl_set_renegotiation_period( &conf, renego_period );
}
#endif
@@ -1700,7 +1700,7 @@
#if defined(SNI_OPTION)
if( opt.sni != NULL )
- mbedtls_ssl_set_sni( &ssl, sni_callback, sni_info );
+ mbedtls_ssl_set_sni( &conf, sni_callback, sni_info );
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
@@ -1717,7 +1717,7 @@
}
if( opt.psk_list != NULL )
- mbedtls_ssl_set_psk_cb( &ssl, psk_callback, psk_info );
+ mbedtls_ssl_set_psk_cb( &conf, psk_callback, psk_info );
#endif
#if defined(MBEDTLS_DHM_C)
@@ -1726,11 +1726,11 @@
*/
#if defined(MBEDTLS_FS_IO)
if( opt.dhm_file != NULL )
- ret = mbedtls_ssl_set_dh_param_ctx( &ssl, &dhm );
+ ret = mbedtls_ssl_set_dh_param_ctx( &conf, &dhm );
else
#endif
- ret = mbedtls_ssl_set_dh_param( &ssl, MBEDTLS_DHM_RFC5114_MODP_2048_P,
- MBEDTLS_DHM_RFC5114_MODP_2048_G );
+ ret = mbedtls_ssl_set_dh_param( &conf, MBEDTLS_DHM_RFC5114_MODP_2048_P,
+ MBEDTLS_DHM_RFC5114_MODP_2048_G );
if( ret != 0 )
{
@@ -1741,7 +1741,7 @@
if( opt.min_version != DFL_MIN_VERSION )
{
- ret = mbedtls_ssl_set_min_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
+ ret = mbedtls_ssl_set_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! selected min_version is not available\n" );
@@ -1751,7 +1751,7 @@
if( opt.max_version != DFL_MIN_VERSION )
{
- ret = mbedtls_ssl_set_max_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
+ ret = mbedtls_ssl_set_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! selected max_version is not available\n" );
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index a8bc64a..9f6356d 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -412,15 +412,15 @@
if( verify )
{
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_REQUIRED );
+ mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
- mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
+ mbedtls_ssl_set_verify( &conf, my_verify, NULL );
}
else
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
+ mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index f170332..5fd5d34 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -46,7 +46,7 @@
mbedtls_debug_set_log_mode( MBEDTLS_DEBUG_LOG_FULL );
mbedtls_debug_set_threshold( threshold );
- mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
+ mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_msg( &ssl, level, file, line,
mbedtls_debug_fmt("Text message, 2 == %d", 2 ) );
@@ -75,7 +75,7 @@
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_set_log_mode( mode );
- mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
+ mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_ret( &ssl, 0, file, line, text, value);
@@ -108,7 +108,7 @@
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_set_log_mode( mode );
- mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
+ mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_buf( &ssl, 0, file, line, text, data, data_len );
@@ -138,7 +138,7 @@
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_set_log_mode( mode );
- mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
+ mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
mbedtls_debug_print_crt( &ssl, 0, file, line, prefix, &crt);
@@ -172,7 +172,7 @@
TEST_ASSERT( mbedtls_mpi_read_string( &val, radix, value ) == 0 );
mbedtls_debug_set_log_mode( mode );
- mbedtls_ssl_set_dbg(&ssl, string_debug, &buffer);
+ mbedtls_ssl_set_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val);