From c7643ea9c80953435ff5cf68b3bdf380bb705da4 Mon Sep 17 00:00:00 2001 From: Seppo Takalo Date: Thu, 18 Oct 2018 11:54:41 +0300 Subject: [PATCH] Flag certificate verification functions with MBEDTLS_X509_CRT_PARSE_C. If Mbed TLS support for X509 is not compiled in, this class would not compile anymore. However, there might be other uses for it, even if certificates are not used. Therefore add flagging for X509 only on specific functions. --- features/netsocket/TLSSocketWrapper.cpp | 25 ++++++++++++++++++++++--- features/netsocket/TLSSocketWrapper.h | 4 ++++ 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/features/netsocket/TLSSocketWrapper.cpp b/features/netsocket/TLSSocketWrapper.cpp index 0778a7b685..f2ee4bb44e 100644 --- a/features/netsocket/TLSSocketWrapper.cpp +++ b/features/netsocket/TLSSocketWrapper.cpp @@ -28,8 +28,10 @@ TLSSocketWrapper::TLSSocketWrapper(Socket *transport, const char *hostname, control_transport control) : _transport(transport), +#ifdef MBEDTLS_X509_CRT_PARSE_C _cacert(NULL), _clicert(NULL), +#endif _ssl_conf(NULL), _connect_transport(control==TRANSPORT_CONNECT || control==TRANSPORT_CONNECT_AND_CLOSE), _close_transport(control==TRANSPORT_CLOSE || control==TRANSPORT_CONNECT_AND_CLOSE), @@ -57,20 +59,24 @@ TLSSocketWrapper::~TLSSocketWrapper() { mbedtls_ssl_free(&_ssl); mbedtls_pk_free(&_pkctx); +#ifdef MBEDTLS_X509_CRT_PARSE_C set_own_cert(NULL); set_ca_chain(NULL); +#endif set_ssl_config(NULL); } void TLSSocketWrapper::set_hostname(const char *hostname) { +#ifdef MBEDTLS_X509_CRT_PARSE_C mbedtls_ssl_set_hostname(&_ssl, hostname); +#endif } nsapi_error_t TLSSocketWrapper::set_root_ca_cert(const void *root_ca, size_t len) { #if !defined(MBEDTLS_X509_CRT_PARSE_C) - return NSAPI_ERROR_UNSUPPORTED + return NSAPI_ERROR_UNSUPPORTED; #else mbedtls_x509_crt *crt; @@ -108,7 +114,7 @@ nsapi_error_t TLSSocketWrapper::set_client_cert_key(const void *client_cert, siz const void *client_private_key_pem, size_t client_private_key_len) { #if !defined(MBEDTLS_X509_CRT_PARSE_C) - return NSAPI_ERROR_UNSUPPORTED + return NSAPI_ERROR_UNSUPPORTED; #else int ret; @@ -173,8 +179,12 @@ nsapi_error_t TLSSocketWrapper::do_handshake() { mbedtls_ssl_set_bio(&_ssl, this, ssl_send, ssl_recv, NULL ); +#ifdef MBEDTLS_X509_CRT_PARSE_C /* Start the handshake, the rest will be done in onReceive() */ tr_info("Starting TLS handshake with %s", _ssl.hostname); +#else + tr_info("Starting TLS handshake"); +#endif do { ret = mbedtls_ssl_handshake(&_ssl); @@ -185,9 +195,14 @@ nsapi_error_t TLSSocketWrapper::do_handshake() { return ret; } +#ifdef MBEDTLS_X509_CRT_PARSE_C /* It also means the handshake is done, time to print info */ - tr_info("TLS connection to %s established\r\n", _ssl.hostname); + tr_info("TLS connection to %s established", _ssl.hostname); +#else + tr_info("TLS connection established"); +#endif +#ifdef MBEDTLS_X509_CRT_PARSE_C /* Prints the server certificate and verify it. */ const size_t buf_size = 1024; char* buf = new char[buf_size]; @@ -205,6 +220,7 @@ nsapi_error_t TLSSocketWrapper::do_handshake() { tr_info("Certificate verification passed"); } delete[] buf; +#endif _handshake_completed = true; @@ -368,6 +384,7 @@ int TLSSocketWrapper::ssl_send(void *ctx, const unsigned char *buf, size_t len) return size; } +#ifdef MBEDTLS_X509_CRT_PARSE_C mbedtls_x509_crt *TLSSocketWrapper::get_own_cert() { @@ -408,6 +425,8 @@ void TLSSocketWrapper::set_ca_chain(mbedtls_x509_crt *crt) mbedtls_ssl_conf_ca_chain(get_ssl_config(), _cacert, NULL); } +#endif /* MBEDTLS_X509_CRT_PARSE_C */ + mbedtls_ssl_config *TLSSocketWrapper::get_ssl_config() { if (!_ssl_conf) { diff --git a/features/netsocket/TLSSocketWrapper.h b/features/netsocket/TLSSocketWrapper.h index 65d3838f79..b906275af3 100644 --- a/features/netsocket/TLSSocketWrapper.h +++ b/features/netsocket/TLSSocketWrapper.h @@ -133,6 +133,7 @@ public: virtual Socket *accept(nsapi_error_t *error = NULL); virtual nsapi_error_t listen(int backlog = 1); +#if defined(MBEDTLS_X509_CRT_PARSE_C) || defined(DOXYGEN) /** Get own certificate directly from Mbed TLS * @return internal Mbed TLS X509 structure */ @@ -153,6 +154,7 @@ public: * @param crt Mbed TLS X509 certificate chain. */ void set_ca_chain(mbedtls_x509_crt *crt); +#endif /** Get internal Mbed TLS configuration structure * @return Mbed TLS SSL config @@ -216,8 +218,10 @@ private: Socket *_transport; +#ifdef MBEDTLS_X509_CRT_PARSE_C mbedtls_x509_crt* _cacert; mbedtls_x509_crt* _clicert; +#endif mbedtls_ssl_config* _ssl_conf; bool _connect_transport:1;