Move easy ssl_set_xxx() functions to work on conf
mbedtls_ssl_set_alpn_protocols
mbedtls_ssl_set_arc4_support
mbedtls_ssl_set_authmode
mbedtls_ssl_set_ciphersuites
mbedtls_ssl_set_ciphersuites_for_version
mbedtls_ssl_set_curves
mbedtls_ssl_set_dbg
mbedtls_ssl_set_dh_param
mbedtls_ssl_set_dh_param_ctx
mbedtls_ssl_set_dtls_anti_replay
mbedtls_ssl_set_dtls_badmac_limit
mbedtls_ssl_set_dtls_cookies
mbedtls_ssl_set_encrypt_then_mac
mbedtls_ssl_set_endpoint
mbedtls_ssl_set_extended_master_secret
mbedtls_ssl_set_handshake_timeout
mbedtls_ssl_legacy_renegotiation
mbedtls_ssl_set_max_version
mbedtls_ssl_set_min_version
mbedtls_ssl_set_psk_cb
mbedtls_ssl_set_renegotiation
mbedtls_ssl_set_renegotiation_enforced
mbedtls_ssl_set_renegotiation_period
mbedtls_ssl_set_session_cache
mbedtls_ssl_set_session_ticket_lifetime
mbedtls_ssl_set_sni
mbedtls_ssl_set_transport
mbedtls_ssl_set_truncated_hmac
mbedtls_ssl_set_verify
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 09cea3b..eb27f3c 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -181,11 +181,11 @@
/* OPTIONAL is usually a bad choice for security, but makes interop easier
* in this simplified example, in which the ca chain is hardcoded.
* Production code should set a proper ca chain and use REQUIRED. */
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
+ mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, SERVER_NAME );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd,
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout,
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 4512943..96cb136 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -206,14 +206,13 @@
goto exit;
}
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
-
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
- mbedtls_ssl_cache_set, &cache );
+ mbedtls_ssl_set_session_cache( &conf,
+ mbedtls_ssl_cache_get, &cache,
+ mbedtls_ssl_cache_set, &cache );
#endif
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
@@ -230,7 +229,7 @@
goto exit;
}
- mbedtls_ssl_set_dtls_cookies( &ssl, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
+ mbedtls_ssl_set_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
&cookie_ctx );
printf( " ok\n" );
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 694bf40..5d140b9 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -217,7 +217,7 @@
}
mbedtls_ssl_set_ca_chain( &ssl, &ca, NULL, HOSTNAME );
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_REQUIRED );
+ mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
#endif
/*
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 4804235..38a510c 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -168,11 +168,11 @@
/* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
+ mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, "mbed TLS Server 1" );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
/*
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 1454067..0f2313c 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1065,15 +1065,15 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
if( opt.debug_level > 0 )
- mbedtls_ssl_set_verify( &ssl, my_verify, NULL );
+ mbedtls_ssl_set_verify( &conf, my_verify, NULL );
#endif
if( opt.auth_mode != DFL_AUTH_MODE )
- mbedtls_ssl_set_authmode( &ssl, opt.auth_mode );
+ mbedtls_ssl_set_authmode( &conf, opt.auth_mode );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
- mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max );
+ mbedtls_ssl_set_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -1086,17 +1086,17 @@
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
- mbedtls_ssl_set_truncated_hmac( &ssl, opt.trunc_hmac );
+ mbedtls_ssl_set_truncated_hmac( &conf, opt.trunc_hmac );
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
if( opt.extended_ms != DFL_EXTENDED_MS )
- mbedtls_ssl_set_extended_master_secret( &ssl, opt.extended_ms );
+ mbedtls_ssl_set_extended_master_secret( &conf, opt.extended_ms );
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( opt.etm != DFL_ETM )
- mbedtls_ssl_set_encrypt_then_mac( &ssl, opt.etm );
+ mbedtls_ssl_set_encrypt_then_mac( &conf, opt.etm );
#endif
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
@@ -1108,7 +1108,7 @@
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
- if( ( ret = mbedtls_ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
+ if( ( ret = mbedtls_ssl_set_alpn_protocols( &conf, alpn_list ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_alpn_protocols returned %d\n\n", ret );
goto exit;
@@ -1116,7 +1116,7 @@
#endif
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
if( opt.nbio == 2 )
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, my_send, my_recv, NULL,
@@ -1139,15 +1139,15 @@
#endif
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
- mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
+ mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
if( opt.arc4 != DFL_ARC4 )
- mbedtls_ssl_set_arc4_support( &ssl, opt.arc4 );
+ mbedtls_ssl_set_arc4_support( &conf, opt.arc4 );
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
- mbedtls_ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
+ mbedtls_ssl_legacy_renegotiation( &conf, opt.allow_legacy );
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- mbedtls_ssl_set_renegotiation( &ssl, opt.renegotiation );
+ mbedtls_ssl_set_renegotiation( &conf, opt.renegotiation );
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -1187,7 +1187,7 @@
if( opt.min_version != DFL_MIN_VERSION )
{
- ret = mbedtls_ssl_set_min_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
+ ret = mbedtls_ssl_set_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! selected min_version is not available\n" );
@@ -1197,7 +1197,7 @@
if( opt.max_version != DFL_MAX_VERSION )
{
- ret = mbedtls_ssl_set_max_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
+ ret = mbedtls_ssl_set_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! selected max_version is not available\n" );
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 3837466..877f958 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -265,10 +265,8 @@
mbedtls_printf( " ok\n" );
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
-
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 26972f8..000ed09 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -602,14 +602,14 @@
/* OPTIONAL is not optimal for security,
* but makes interop easier in this simplified example */
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_OPTIONAL );
+ mbedtls_ssl_set_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
- mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
+ mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
mbedtls_ssl_set_ca_chain( &ssl, &cacert, NULL, opt.server_name );
if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 6896e97..e951b3a 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -176,17 +176,16 @@
goto thread_exit;
}
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
-
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_mutexed_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_mutexed_debug, stdout );
/* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
* MBEDTLS_THREADING_C is set.
*/
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, thread_info->cache,
- mbedtls_ssl_cache_set, thread_info->cache );
+ mbedtls_ssl_set_session_cache( &conf,
+ mbedtls_ssl_cache_get, thread_info->cache,
+ mbedtls_ssl_cache_set, thread_info->cache );
#endif
mbedtls_ssl_set_ca_chain( &ssl, thread_info->ca_chain, NULL, NULL );
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 5c2a7d2..2302f06 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -205,14 +205,13 @@
goto exit;
}
- mbedtls_ssl_set_authmode( &ssl, MBEDTLS_SSL_VERIFY_NONE );
-
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C)
- mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
- mbedtls_ssl_cache_set, &cache );
+ mbedtls_ssl_set_session_cache( &conf,
+ mbedtls_ssl_cache_get, &cache,
+ mbedtls_ssl_cache_set, &cache );
#endif
mbedtls_ssl_set_ca_chain( &ssl, srvcert.next, NULL, NULL );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 8955acf..e4f8163 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1534,13 +1534,12 @@
goto exit;
}
- mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
if( opt.auth_mode != DFL_AUTH_MODE )
- mbedtls_ssl_set_authmode( &ssl, opt.auth_mode );
+ mbedtls_ssl_set_authmode( &conf, opt.auth_mode );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
- mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max );
+ mbedtls_ssl_set_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
#endif /* MBEDTLS_SSL_PROTO_DTLS */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -1553,22 +1552,22 @@
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
if( opt.trunc_hmac != DFL_TRUNC_HMAC )
- mbedtls_ssl_set_truncated_hmac( &ssl, opt.trunc_hmac );
+ mbedtls_ssl_set_truncated_hmac( &conf, opt.trunc_hmac );
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
if( opt.extended_ms != DFL_EXTENDED_MS )
- mbedtls_ssl_set_extended_master_secret( &ssl, opt.extended_ms );
+ mbedtls_ssl_set_extended_master_secret( &conf, opt.extended_ms );
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
if( opt.etm != DFL_ETM )
- mbedtls_ssl_set_encrypt_then_mac( &ssl, opt.etm );
+ mbedtls_ssl_set_encrypt_then_mac( &conf, opt.etm );
#endif
#if defined(MBEDTLS_SSL_ALPN)
if( opt.alpn_string != NULL )
- if( ( ret = mbedtls_ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
+ if( ( ret = mbedtls_ssl_set_alpn_protocols( &conf, alpn_list ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_set_alpn_protocols returned %d\n\n", ret );
goto exit;
@@ -1576,7 +1575,7 @@
#endif
mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
- mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+ mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
#if defined(MBEDTLS_SSL_CACHE_C)
if( opt.cache_max != -1 )
@@ -1585,8 +1584,9 @@
if( opt.cache_timeout != -1 )
mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout );
- mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
- mbedtls_ssl_cache_set, &cache );
+ mbedtls_ssl_set_session_cache( &conf,
+ mbedtls_ssl_cache_get, &cache,
+ mbedtls_ssl_cache_set, &cache );
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
@@ -1597,7 +1597,7 @@
}
if( opt.ticket_timeout != -1 )
- mbedtls_ssl_set_session_ticket_lifetime( &ssl, opt.ticket_timeout );
+ mbedtls_ssl_set_session_ticket_lifetime( &conf, opt.ticket_timeout );
#endif
#if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -1613,7 +1613,7 @@
goto exit;
}
- mbedtls_ssl_set_dtls_cookies( &ssl, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
+ mbedtls_ssl_set_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
&cookie_ctx );
}
else
@@ -1621,7 +1621,7 @@
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
if( opt.cookies == 0 )
{
- mbedtls_ssl_set_dtls_cookies( &ssl, NULL, NULL, NULL );
+ mbedtls_ssl_set_dtls_cookies( &conf, NULL, NULL, NULL );
}
else
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
@@ -1631,50 +1631,50 @@
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
if( opt.anti_replay != DFL_ANTI_REPLAY )
- mbedtls_ssl_set_dtls_anti_replay( &ssl, opt.anti_replay );
+ mbedtls_ssl_set_dtls_anti_replay( &conf, opt.anti_replay );
#endif
#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
if( opt.badmac_limit != DFL_BADMAC_LIMIT )
- mbedtls_ssl_set_dtls_badmac_limit( &ssl, opt.badmac_limit );
+ mbedtls_ssl_set_dtls_badmac_limit( &conf, opt.badmac_limit );
#endif
}
#endif /* MBEDTLS_SSL_PROTO_DTLS */
if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
- mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
+ mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
if( opt.arc4 != DFL_ARC4 )
- mbedtls_ssl_set_arc4_support( &ssl, opt.arc4 );
+ mbedtls_ssl_set_arc4_support( &conf, opt.arc4 );
if( opt.version_suites != NULL )
{
- mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[0],
+ mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[0],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_0 );
- mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[1],
+ mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[1],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_1 );
- mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[2],
+ mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[2],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_2 );
- mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[3],
+ mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[3],
MBEDTLS_SSL_MAJOR_VERSION_3,
MBEDTLS_SSL_MINOR_VERSION_3 );
}
if( opt.allow_legacy != DFL_ALLOW_LEGACY )
- mbedtls_ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
+ mbedtls_ssl_legacy_renegotiation( &conf, opt.allow_legacy );
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- mbedtls_ssl_set_renegotiation( &ssl, opt.renegotiation );
+ mbedtls_ssl_set_renegotiation( &conf, opt.renegotiation );
if( opt.renego_delay != DFL_RENEGO_DELAY )
- mbedtls_ssl_set_renegotiation_enforced( &ssl, opt.renego_delay );
+ mbedtls_ssl_set_renegotiation_enforced( &conf, opt.renego_delay );
if( opt.renego_period != DFL_RENEGO_PERIOD )
{
renego_period[7] = opt.renego_period;
- mbedtls_ssl_set_renegotiation_period( &ssl, renego_period );
+ mbedtls_ssl_set_renegotiation_period( &conf, renego_period );
}
#endif
@@ -1700,7 +1700,7 @@
#if defined(SNI_OPTION)
if( opt.sni != NULL )
- mbedtls_ssl_set_sni( &ssl, sni_callback, sni_info );
+ mbedtls_ssl_set_sni( &conf, sni_callback, sni_info );
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
@@ -1717,7 +1717,7 @@
}
if( opt.psk_list != NULL )
- mbedtls_ssl_set_psk_cb( &ssl, psk_callback, psk_info );
+ mbedtls_ssl_set_psk_cb( &conf, psk_callback, psk_info );
#endif
#if defined(MBEDTLS_DHM_C)
@@ -1726,11 +1726,11 @@
*/
#if defined(MBEDTLS_FS_IO)
if( opt.dhm_file != NULL )
- ret = mbedtls_ssl_set_dh_param_ctx( &ssl, &dhm );
+ ret = mbedtls_ssl_set_dh_param_ctx( &conf, &dhm );
else
#endif
- ret = mbedtls_ssl_set_dh_param( &ssl, MBEDTLS_DHM_RFC5114_MODP_2048_P,
- MBEDTLS_DHM_RFC5114_MODP_2048_G );
+ ret = mbedtls_ssl_set_dh_param( &conf, MBEDTLS_DHM_RFC5114_MODP_2048_P,
+ MBEDTLS_DHM_RFC5114_MODP_2048_G );
if( ret != 0 )
{
@@ -1741,7 +1741,7 @@
if( opt.min_version != DFL_MIN_VERSION )
{
- ret = mbedtls_ssl_set_min_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
+ ret = mbedtls_ssl_set_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! selected min_version is not available\n" );
@@ -1751,7 +1751,7 @@
if( opt.max_version != DFL_MIN_VERSION )
{
- ret = mbedtls_ssl_set_max_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
+ ret = mbedtls_ssl_set_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! selected max_version is not available\n" );