Fix some X509 macro names
For some reason, during the great renaming, some names that should have been
prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_
diff --git a/library/oid.c b/library/oid.c
index f3ab1bb..70b70a8 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -261,7 +261,7 @@
{
{
{ ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" },
- MBEDTLS_EXT_BASIC_CONSTRAINTS,
+ MBEDTLS_X509_EXT_BASIC_CONSTRAINTS,
},
{
{ ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" },
@@ -273,7 +273,7 @@
},
{
{ ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" },
- MBEDTLS_EXT_SUBJECT_ALT_NAME,
+ MBEDTLS_X509_EXT_SUBJECT_ALT_NAME,
},
{
{ ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" },
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 99b41d7..55c04b5 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3852,7 +3852,7 @@
( ssl->authmode == MBEDTLS_SSL_VERIFY_NONE ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) )
{
- ssl->session_negotiate->verify_result = MBEDTLS_BADCERT_SKIP_VERIFY;
+ ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
ssl->state++;
return( 0 );
@@ -3882,7 +3882,7 @@
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
- ssl->session_negotiate->verify_result = MBEDTLS_BADCERT_MISSING;
+ ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
if( ssl->authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
return( 0 );
else
@@ -3903,7 +3903,7 @@
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
- ssl->session_negotiate->verify_result = MBEDTLS_BADCERT_MISSING;
+ ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
if( ssl->authmode == MBEDTLS_SSL_VERIFY_REQUIRED )
return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
else
@@ -6817,7 +6817,7 @@
{
case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
- usage = MBEDTLS_KU_KEY_ENCIPHERMENT;
+ usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
break;
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
@@ -6828,7 +6828,7 @@
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- usage = MBEDTLS_KU_KEY_AGREEMENT;
+ usage = MBEDTLS_X509_KU_KEY_AGREEMENT;
break;
/* Don't use default: we want warnings when adding new values */
@@ -6847,7 +6847,7 @@
if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 )
{
- *flags |= MBEDTLS_BADCERT_KEY_USAGE;
+ *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE;
ret = -1;
}
#else
@@ -6868,7 +6868,7 @@
if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 )
{
- *flags |= MBEDTLS_BADCERT_EXT_KEY_USAGE;
+ *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
ret = -1;
}
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 7a94dd0..c3dfd57 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -485,7 +485,7 @@
switch( ext_type )
{
- case MBEDTLS_EXT_BASIC_CONSTRAINTS:
+ case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS:
/* Parse basic constraints */
if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
&crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
@@ -506,7 +506,7 @@
return( ret );
break;
- case MBEDTLS_EXT_SUBJECT_ALT_NAME:
+ case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
/* Parse subject alt name */
if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
&crt->subject_alt_names ) ) != 0 )
@@ -1182,13 +1182,13 @@
const char *sep = "";
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" );
- CERT_TYPE( MBEDTLS_NS_CERT_TYPE_SSL_SERVER, "SSL Server" );
+ CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server" );
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" );
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" );
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" );
- CERT_TYPE( MBEDTLS_NS_CERT_TYPE_SSL_CA, "SSL CA" );
- CERT_TYPE( MBEDTLS_NS_CERT_TYPE_EMAIL_CA, "Email CA" );
- CERT_TYPE( MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" );
+ CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA" );
+ CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA" );
+ CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" );
*size = n;
*buf = p;
@@ -1210,9 +1210,9 @@
KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" );
KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" );
- KEY_USAGE( MBEDTLS_KU_KEY_ENCIPHERMENT, "Key Encipherment" );
- KEY_USAGE( MBEDTLS_KU_DATA_ENCIPHERMENT, "Data Encipherment" );
- KEY_USAGE( MBEDTLS_KU_KEY_AGREEMENT, "Key Agreement" );
+ KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment" );
+ KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment" );
+ KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" );
KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" );
KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" );
@@ -1323,7 +1323,7 @@
* Optional extensions
*/
- if( crt->ext_types & MBEDTLS_EXT_BASIC_CONSTRAINTS )
+ if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS )
{
ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix,
crt->ca_istrue ? "true" : "false" );
@@ -1336,7 +1336,7 @@
}
}
- if( crt->ext_types & MBEDTLS_EXT_SUBJECT_ALT_NAME )
+ if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
{
ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix );
SAFE_SNPRINTF();
@@ -1386,20 +1386,20 @@
};
static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
- { MBEDTLS_BADCERT_EXPIRED, "The certificate validity has expired" },
+ { MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" },
{ MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" },
{ MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" },
{ MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" },
{ MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" },
{ MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" },
- { MBEDTLS_BADCERT_MISSING, "Certificate was missing" },
- { MBEDTLS_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" },
- { MBEDTLS_BADCERT_OTHER, "Other reason (can be used by verify callback)" },
+ { MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" },
+ { MBEDTLS_X509_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" },
+ { MBEDTLS_X509_BADCERT_OTHER, "Other reason (can be used by verify callback)" },
{ MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" },
- { MBEDTLS_BADCRL_FUTURE, "The CRL is from the future" },
- { MBEDTLS_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" },
- { MBEDTLS_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
- { MBEDTLS_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" },
+ { MBEDTLS_X509_BADCRL_FUTURE, "The CRL is from the future" },
+ { MBEDTLS_X509_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" },
+ { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
+ { MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" },
{ 0, NULL }
};
@@ -1568,7 +1568,7 @@
flags |= MBEDTLS_X509_BADCRL_EXPIRED;
if( mbedtls_x509_time_future( &crl_list->this_update ) )
- flags |= MBEDTLS_BADCRL_FUTURE;
+ flags |= MBEDTLS_X509_BADCRL_FUTURE;
/*
* Check if certificate is revoked
@@ -1773,7 +1773,7 @@
const mbedtls_md_info_t *md_info;
if( mbedtls_x509_time_expired( &child->valid_to ) )
- *flags |= MBEDTLS_BADCERT_EXPIRED;
+ *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_future( &child->valid_from ) )
*flags |= MBEDTLS_X509_BADCERT_FUTURE;
@@ -1848,7 +1848,7 @@
#endif
if( mbedtls_x509_time_expired( &trust_ca->valid_to ) )
- ca_flags |= MBEDTLS_BADCERT_EXPIRED;
+ ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_future( &trust_ca->valid_from ) )
ca_flags |= MBEDTLS_X509_BADCERT_FUTURE;
@@ -1895,7 +1895,7 @@
}
if( mbedtls_x509_time_expired( &child->valid_to ) )
- *flags |= MBEDTLS_BADCERT_EXPIRED;
+ *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_future( &child->valid_from ) )
*flags |= MBEDTLS_X509_BADCERT_FUTURE;
@@ -1985,7 +1985,7 @@
name = &crt->subject;
cn_len = strlen( cn );
- if( crt->ext_types & MBEDTLS_EXT_SUBJECT_ALT_NAME )
+ if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
{
cur = &crt->subject_alt_names;