Add X.509 CA callback to SSL configuration and implement setter API

commit: 5adaad98467ef7becfcf3333412640b564f5d3e2 [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Wed Mar 27 16:54:37 2019 +0000
committer: Hanno Becker <hanno.becker@arm.com> Thu Mar 28 16:13:43 2019 +0000
tree: 6e8a740d9302335b61927133386687cd9802baaa
parent: 1b4a2bad7ab78f45f951f1129769a9c25ac0b8b8 [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 660d548..01f5dcc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -7875,7 +7875,29 @@
 {
     conf->ca_chain   = ca_chain;
     conf->ca_crl     = ca_crl;
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+    /* mbedtls_ssl_conf_ca_chain() and mbedtls_ssl_conf_ca_cb()
+     * cannot be used together. */
+    conf->f_ca_cb = NULL;
+    conf->p_ca_cb = NULL;
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
 }
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
+                             mbedtls_x509_ca_cb_t f_ca_cb,
+                             void *p_ca_cb )
+{
+    conf->f_ca_cb = f_ca_cb;
+    conf->p_ca_cb = p_ca_cb;
+
+    /* mbedtls_ssl_conf_ca_chain() and mbedtls_ssl_conf_ca_cb()
+     * cannot be used together. */
+    conf->ca_chain   = NULL;
+    conf->ca_crl     = NULL;
+}
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
commit	5adaad98467ef7becfcf3333412640b564f5d3e2	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Wed Mar 27 16:54:37 2019 +0000
committer	Hanno Becker <hanno.becker@arm.com>	Thu Mar 28 16:13:43 2019 +0000
tree	6e8a740d9302335b61927133386687cd9802baaa
parent	1b4a2bad7ab78f45f951f1129769a9c25ac0b8b8 [diff] [blame]