Flag certificate verification functions with MBEDTLS_X509_CRT_PARSE_C.

If Mbed TLS support for X509 is not compiled in, this class would not compile anymore. However, there might be other uses for it, even if certificates are not used. Therefore add flagging for X509 only on specific functions.
2018-10-18 11:54:41 +03:00 · 2018-10-18 11:54:41 +03:00 · c7643ea9c8
parent e942582045
commit c7643ea9c8
2 changed files with 26 additions and 3 deletions
--- a/features/netsocket/TLSSocketWrapper.cpp
+++ b/features/netsocket/TLSSocketWrapper.cpp
@ -28,8 +28,10 @@

 TLSSocketWrapper::TLSSocketWrapper(Socket *transport, const char *hostname, control_transport control) :
    _transport(transport),
+#ifdef MBEDTLS_X509_CRT_PARSE_C
    _cacert(NULL),
    _clicert(NULL),
+#endif
    _ssl_conf(NULL),
    _connect_transport(control==TRANSPORT_CONNECT || control==TRANSPORT_CONNECT_AND_CLOSE),
    _close_transport(control==TRANSPORT_CLOSE || control==TRANSPORT_CONNECT_AND_CLOSE),
@ -57,20 +59,24 @@ TLSSocketWrapper::~TLSSocketWrapper() {
    mbedtls_ssl_free(&_ssl);
    mbedtls_pk_free(&_pkctx);

+#ifdef MBEDTLS_X509_CRT_PARSE_C
    set_own_cert(NULL);
    set_ca_chain(NULL);
+#endif
    set_ssl_config(NULL);
 }

 void TLSSocketWrapper::set_hostname(const char *hostname)
 {
+#ifdef MBEDTLS_X509_CRT_PARSE_C
    mbedtls_ssl_set_hostname(&_ssl, hostname);
+#endif
 }

 nsapi_error_t TLSSocketWrapper::set_root_ca_cert(const void *root_ca, size_t len)
 {
 #if !defined(MBEDTLS_X509_CRT_PARSE_C)
-    return NSAPI_ERROR_UNSUPPORTED
+    return NSAPI_ERROR_UNSUPPORTED;
 #else
    mbedtls_x509_crt *crt;

@ -108,7 +114,7 @@ nsapi_error_t TLSSocketWrapper::set_client_cert_key(const void *client_cert, siz
        const void *client_private_key_pem, size_t client_private_key_len)
 {
 #if !defined(MBEDTLS_X509_CRT_PARSE_C)
-    return NSAPI_ERROR_UNSUPPORTED
+    return NSAPI_ERROR_UNSUPPORTED;
 #else

    int ret;
@ -173,8 +179,12 @@ nsapi_error_t TLSSocketWrapper::do_handshake() {

    mbedtls_ssl_set_bio(&_ssl, this, ssl_send, ssl_recv, NULL );

+#ifdef MBEDTLS_X509_CRT_PARSE_C
    /* Start the handshake, the rest will be done in onReceive() */
    tr_info("Starting TLS handshake with %s", _ssl.hostname);
+#else
+    tr_info("Starting TLS handshake");
+#endif

    do {
        ret = mbedtls_ssl_handshake(&_ssl);
@ -185,9 +195,14 @@ nsapi_error_t TLSSocketWrapper::do_handshake() {
        return ret;
    }

+#ifdef MBEDTLS_X509_CRT_PARSE_C
    /* It also means the handshake is done, time to print info */
-    tr_info("TLS connection to %s established\r\n", _ssl.hostname);
+    tr_info("TLS connection to %s established", _ssl.hostname);
+#else
+    tr_info("TLS connection established");
+#endif

+#ifdef MBEDTLS_X509_CRT_PARSE_C
    /* Prints the server certificate and verify it. */
    const size_t buf_size = 1024;
    char* buf = new char[buf_size];
@ -205,6 +220,7 @@ nsapi_error_t TLSSocketWrapper::do_handshake() {
        tr_info("Certificate verification passed");
    }
    delete[] buf;
+#endif

    _handshake_completed = true;

@ -368,6 +384,7 @@ int TLSSocketWrapper::ssl_send(void *ctx, const unsigned char *buf, size_t len)
    return size;
 }

+#ifdef MBEDTLS_X509_CRT_PARSE_C

 mbedtls_x509_crt *TLSSocketWrapper::get_own_cert()
 {
@ -408,6 +425,8 @@ void TLSSocketWrapper::set_ca_chain(mbedtls_x509_crt *crt)
    mbedtls_ssl_conf_ca_chain(get_ssl_config(), _cacert, NULL);
 }

+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
 mbedtls_ssl_config *TLSSocketWrapper::get_ssl_config()
 {
    if (!_ssl_conf) {
--- a/features/netsocket/TLSSocketWrapper.h
+++ b/features/netsocket/TLSSocketWrapper.h
@ -133,6 +133,7 @@ public:
    virtual Socket *accept(nsapi_error_t *error = NULL);
    virtual nsapi_error_t listen(int backlog = 1);

+#if defined(MBEDTLS_X509_CRT_PARSE_C) || defined(DOXYGEN)
    /** Get own certificate directly from Mbed TLS
     * @return internal Mbed TLS X509 structure
     */
@ -153,6 +154,7 @@ public:
     * @param crt Mbed TLS X509 certificate chain.
     */
    void set_ca_chain(mbedtls_x509_crt *crt);
+#endif

    /** Get internal Mbed TLS configuration structure
     * @return Mbed TLS SSL config
@ -216,8 +218,10 @@ private:

    Socket *_transport;

+#ifdef MBEDTLS_X509_CRT_PARSE_C
    mbedtls_x509_crt* _cacert;
    mbedtls_x509_crt* _clicert;
+#endif
    mbedtls_ssl_config* _ssl_conf;

    bool _connect_transport:1;