X509: Remove MBEDTLS_SSL_PREVERIFY_CB
Add a callback typedef
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 845a299..be80332 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -600,11 +600,6 @@
#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
#endif
-#if defined(MBEDTLS_SSL_PREVERIFY_CB) && \
- !defined(MBEDTLS_X509_CRT_PARSE_C)
-#error "MBEDTLS_SSL_PREVERIFY_CB defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_THREADING_PTHREAD)
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index dc3ba9d..b5905ef 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1437,15 +1437,6 @@
//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
/**
- * \def MBEDTLS_SSL_PREVERIFY_CB
- *
- * Enable support for a pre-verification callback for received certificates.
- *
- * Uncomment this to enable support for the preverification callback
- */
-//#define MBEDTLS_SSL_PREVERIFY_CB
-
-/**
* \def MBEDTLS_THREADING_ALT
*
* Provide your own alternate threading implementation.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 4d0d6a1..fa5ae2f 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -535,6 +535,16 @@
*/
typedef int mbedtls_ssl_get_timer_t( void * ctx );
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * \brief Callback type: receive notification before X.509 chain
+ * building
+ *
+ * \param ctx Context pointer
+ * \param crt X.509 certificate pointer
+ */
+typedef void mbedtls_ssl_pre_verify_t( void *ctx, mbedtls_x509_crt *crt );
+#endif
/* Defined below */
typedef struct mbedtls_ssl_session mbedtls_ssl_session;
@@ -624,17 +634,15 @@
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ /** Callback to receive notification before X.509 chain building */
+ mbedtls_ssl_pre_verify_t *f_pre_vrfy;
+ void *p_pre_vrfy; /*!< context for pre-verify calllback */
+
/** Callback to customize X.509 certificate chain verification */
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
void *p_vrfy; /*!< context for X.509 verify calllback */
#endif
-#if defined(MBEDTLS_SSL_PREVERIFY_CB)
- /** Callback to receive notification before X.509 chain building */
- void (*f_pre_vrfy)(void *, mbedtls_x509_crt *);
- void *p_pre_vrfy; /*!< context for pre-verify calllback */
-#endif
-
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
/** Callback to retrieve PSK key from identity */
int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
@@ -1082,9 +1090,7 @@
void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
void *p_vrfy );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-#if defined(MBEDTLS_SSL_PREVERIFY_CB)
/**
* \brief Set the pre-verification callback (Optional).
*
@@ -1096,10 +1102,10 @@
* \param f_pre_vrfy pre-verification function
* \param p_pre_vrfy pre-verification parameter
*/
-void mbedtls_ssl_conf_pre_verify(mbedtls_ssl_config *conf,
- void(*f_pre_vrfy)(void *, mbedtls_x509_crt *),
- void *p_pre_vrfy);
-#endif /* MBEDTLS_SSL_PREVERIFY_CB */
+void mbedtls_ssl_conf_pre_verify( mbedtls_ssl_config *conf,
+ mbedtls_ssl_pre_verify_t *f_pre_vrfy,
+ void *p_pre_vrfy);
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
/**
* \brief Set the random number generator callback