Move things to conf substructure
A simple series of sed invocations.
This is the first step, purely internal changes. The conf substructure is not
ready to be shared between contexts yet.
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 3a6a3fe..bb5e7e0 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -333,7 +333,7 @@
#if defined(MBEDTLS_HAVE_TIME)
/* Check if still valid */
- if( (int) ( time( NULL) - session.start ) > ssl->ticket_lifetime )
+ if( (int) ( time( NULL) - session.start ) > ssl->conf->ticket_lifetime )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "session ticket expired" ) );
mbedtls_ssl_session_free( &session );
@@ -363,7 +363,7 @@
const unsigned char *info,
size_t ilen )
{
- if( ssl->endpoint != MBEDTLS_SSL_IS_SERVER )
+ if( ssl->conf->endpoint != MBEDTLS_SSL_IS_SERVER )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
mbedtls_free( ssl->cli_id );
@@ -382,9 +382,9 @@
mbedtls_ssl_cookie_check_t *f_cookie_check,
void *p_cookie )
{
- ssl->f_cookie_write = f_cookie_write;
- ssl->f_cookie_check = f_cookie_check;
- ssl->p_cookie = p_cookie;
+ ssl->conf->f_cookie_write = f_cookie_write;
+ ssl->conf->f_cookie_check = f_cookie_check;
+ ssl->conf->p_cookie = p_cookie;
}
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
@@ -397,13 +397,13 @@
const unsigned char* name, size_t len )
{
int ret;
- mbedtls_ssl_key_cert *key_cert_ori = ssl->key_cert;
+ mbedtls_ssl_key_cert *key_cert_ori = ssl->conf->key_cert;
- ssl->key_cert = NULL;
- ret = ssl->f_sni( ssl->p_sni, ssl, name, len );
- ssl->handshake->sni_key_cert = ssl->key_cert;
+ ssl->conf->key_cert = NULL;
+ ret = ssl->conf->f_sni( ssl->conf->p_sni, ssl, name, len );
+ ssl->handshake->sni_key_cert = ssl->conf->key_cert;
- ssl->key_cert = key_cert_ori;
+ ssl->conf->key_cert = key_cert_ori;
return( ret );
}
@@ -670,7 +670,7 @@
((void) buf);
- if( ssl->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
+ if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_ENABLED )
ssl->session_negotiate->trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED;
return( 0 );
@@ -690,7 +690,7 @@
((void) buf);
- if( ssl->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
+ if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_ENABLED &&
ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
{
ssl->session_negotiate->encrypt_then_mac = MBEDTLS_SSL_ETM_ENABLED;
@@ -713,7 +713,7 @@
((void) buf);
- if( ssl->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED &&
+ if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED &&
ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_0 )
{
ssl->handshake->extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
@@ -730,7 +730,7 @@
{
int ret;
- if( ssl->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
+ if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
return( 0 );
/* Remember the client asked us to send a new ticket */
@@ -778,7 +778,7 @@
const char **ours;
/* If ALPN not configured, just ignore the extension */
- if( ssl->alpn_list == NULL )
+ if( ssl->conf->alpn_list == NULL )
return( 0 );
/*
@@ -802,7 +802,7 @@
*/
start = buf + 2;
end = buf + len;
- for( ours = ssl->alpn_list; *ours != NULL; ours++ )
+ for( ours = ssl->conf->alpn_list; *ours != NULL; ours++ )
{
ours_len = strlen( *ours );
for( theirs = start; theirs != end; theirs += cur_len )
@@ -982,12 +982,12 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
( suite_info->flags & MBEDTLS_CIPHERSUITE_NODTLS ) )
return( 0 );
#endif
- if( ssl->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
+ if( ssl->conf->arc4_disabled == MBEDTLS_SSL_ARC4_DISABLED &&
suite_info->cipher == MBEDTLS_CIPHER_ARC4_128 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: rc4" ) );
@@ -1009,9 +1009,9 @@
/* If the ciphersuite requires a pre-shared key and we don't
* have one, skip it now rather than failing later */
if( mbedtls_ssl_ciphersuite_uses_psk( suite_info ) &&
- ssl->f_psk == NULL &&
- ( ssl->psk == NULL || ssl->psk_identity == NULL ||
- ssl->psk_identity_len == 0 || ssl->psk_len == 0 ) )
+ ssl->conf->f_psk == NULL &&
+ ( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ||
+ ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no pre-shared key" ) );
return( 0 );
@@ -1100,15 +1100,15 @@
}
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
- ssl->minor_ver = ( buf[4] <= ssl->max_minor_ver )
- ? buf[4] : ssl->max_minor_ver;
+ ssl->minor_ver = ( buf[4] <= ssl->conf->max_minor_ver )
+ ? buf[4] : ssl->conf->max_minor_ver;
- if( ssl->minor_ver < ssl->min_minor_ver )
+ if( ssl->minor_ver < ssl->conf->min_minor_ver )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
" [%d:%d] < [%d:%d]",
ssl->major_ver, ssl->minor_ver,
- ssl->min_major_ver, ssl->min_minor_ver ) );
+ ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
@@ -1224,7 +1224,7 @@
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "received FALLBACK_SCSV" ) );
- if( ssl->minor_ver < ssl->max_minor_ver )
+ if( ssl->minor_ver < ssl->conf->max_minor_ver )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
@@ -1240,7 +1240,7 @@
#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
got_common_suite = 0;
- ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
+ ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
ciphersuite_info = NULL;
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
@@ -1291,7 +1291,7 @@
* SSLv2 Client Hello relevant renegotiation security checks
*/
if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
- ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
+ ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
@@ -1353,7 +1353,7 @@
#if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_STREAM )
#endif
if( ( buf[0] & 0x80 ) != 0 )
return ssl_parse_client_hello_v2( ssl );
@@ -1385,7 +1385,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, protocol version: [%d:%d]",
buf[1], buf[2] ) );
- mbedtls_ssl_read_version( &major, &minor, ssl->transport, buf + 1 );
+ mbedtls_ssl_read_version( &major, &minor, ssl->conf->transport, buf + 1 );
/* According to RFC 5246 Appendix E.1, the version here is typically
* "{03,00}, the lowest version number supported by the client, [or] the
@@ -1400,7 +1400,7 @@
/* For DTLS if this is the initial handshake, remember the client sequence
* number to use it in our next message (RFC 6347 4.2.1) */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
#endif
@@ -1455,7 +1455,7 @@
/* Done reading this record, get ready for the next one */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
ssl->next_record_offset = msg_len + mbedtls_ssl_hdr_len( ssl );
else
#endif
@@ -1502,7 +1502,7 @@
}
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
/*
* Copy the client's handshake message_seq on initial handshakes,
@@ -1583,18 +1583,18 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, version", buf, 2 );
mbedtls_ssl_read_version( &ssl->major_ver, &ssl->minor_ver,
- ssl->transport, buf );
+ ssl->conf->transport, buf );
ssl->handshake->max_major_ver = ssl->major_ver;
ssl->handshake->max_minor_ver = ssl->minor_ver;
- if( ssl->major_ver < ssl->min_major_ver ||
- ssl->minor_ver < ssl->min_minor_ver )
+ if( ssl->major_ver < ssl->conf->min_major_ver ||
+ ssl->minor_ver < ssl->conf->min_minor_ver )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "client only supports ssl smaller than minimum"
" [%d:%d] < [%d:%d]",
ssl->major_ver, ssl->minor_ver,
- ssl->min_major_ver, ssl->min_minor_ver ) );
+ ssl->conf->min_major_ver, ssl->conf->min_minor_ver ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
@@ -1602,13 +1602,13 @@
return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
}
- if( ssl->major_ver > ssl->max_major_ver )
+ if( ssl->major_ver > ssl->conf->max_major_ver )
{
- ssl->major_ver = ssl->max_major_ver;
- ssl->minor_ver = ssl->max_minor_ver;
+ ssl->major_ver = ssl->conf->max_major_ver;
+ ssl->minor_ver = ssl->conf->max_minor_ver;
}
- else if( ssl->minor_ver > ssl->max_minor_ver )
- ssl->minor_ver = ssl->max_minor_ver;
+ else if( ssl->minor_ver > ssl->conf->max_minor_ver )
+ ssl->minor_ver = ssl->conf->max_minor_ver;
/*
* Save client random (inc. Unix time)
@@ -1641,7 +1641,7 @@
* Check the cookie length and content
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
cookie_offset = 35 + sess_len;
cookie_len = buf[cookie_offset];
@@ -1656,13 +1656,13 @@
buf + cookie_offset + 1, cookie_len );
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
- if( ssl->f_cookie_check != NULL
+ if( ssl->conf->f_cookie_check != NULL
#if defined(MBEDTLS_SSL_RENEGOTIATION)
&& ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE
#endif
)
{
- if( ssl->f_cookie_check( ssl->p_cookie,
+ if( ssl->conf->f_cookie_check( ssl->conf->p_cookie,
buf + cookie_offset + 1, cookie_len,
ssl->cli_id, ssl->cli_id_len ) != 0 )
{
@@ -1743,7 +1743,7 @@
/* See comments in ssl_write_client_hello() */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
ssl->session_negotiate->compression = MBEDTLS_SSL_COMPRESS_NULL;
#endif
@@ -1793,7 +1793,7 @@
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
case MBEDTLS_TLS_EXT_SERVERNAME:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found ServerName extension" ) );
- if( ssl->f_sni == NULL )
+ if( ssl->conf->f_sni == NULL )
break;
ret = ssl_parse_servername_ext( ssl, ext + 4, ext_size );
@@ -1931,7 +1931,7 @@
{
MBEDTLS_SSL_DEBUG_MSG( 0, ( "received FALLBACK_SCSV" ) );
- if( ssl->minor_ver < ssl->max_minor_ver )
+ if( ssl->minor_ver < ssl->conf->max_minor_ver )
{
MBEDTLS_SSL_DEBUG_MSG( 0, ( "inapropriate fallback" ) );
@@ -1974,7 +1974,7 @@
* Renegotiation security checks
*/
if( ssl->secure_renegotiation != MBEDTLS_SSL_SECURE_RENEGOTIATION &&
- ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
+ ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
handshake_failure = 1;
@@ -1989,7 +1989,7 @@
}
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
- ssl->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
+ ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
handshake_failure = 1;
@@ -2017,7 +2017,7 @@
* and certificate from the SNI callback triggered by the SNI extension.)
*/
got_common_suite = 0;
- ciphersuites = ssl->ciphersuite_list[ssl->minor_ver];
+ ciphersuites = ssl->conf->ciphersuite_list[ssl->minor_ver];
ciphersuite_info = NULL;
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
@@ -2068,7 +2068,7 @@
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
mbedtls_ssl_recv_flight_completed( ssl );
#endif
@@ -2351,12 +2351,12 @@
/* The RFC is not clear on this point, but sending the actual negotiated
* version looks like the most interoperable thing to do. */
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
- ssl->transport, p );
+ ssl->conf->transport, p );
MBEDTLS_SSL_DEBUG_BUF( 3, "server version", p, 2 );
p += 2;
/* If we get here, f_cookie_check is not null */
- if( ssl->f_cookie_write == NULL )
+ if( ssl->conf->f_cookie_write == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "inconsistent cookie callbacks" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
@@ -2365,7 +2365,7 @@
/* Skip length byte until we know the length */
cookie_len_byte = p++;
- if( ( ret = ssl->f_cookie_write( ssl->p_cookie,
+ if( ( ret = ssl->conf->f_cookie_write( ssl->conf->p_cookie,
&p, ssl->out_buf + MBEDTLS_SSL_BUFFER_LEN,
ssl->cli_id, ssl->cli_id_len ) ) != 0 )
{
@@ -2407,7 +2407,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello" ) );
#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake->verify_cookie_len != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "client hello was not authenticated" ) );
@@ -2434,7 +2434,7 @@
p = buf + 4;
mbedtls_ssl_write_version( ssl->major_ver, ssl->minor_ver,
- ssl->transport, p );
+ ssl->conf->transport, p );
p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
@@ -2474,8 +2474,8 @@
ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
#endif
ssl->session_negotiate->length != 0 &&
- ssl->f_get_cache != NULL &&
- ssl->f_get_cache( ssl->p_get_cache, ssl->session_negotiate ) == 0 )
+ ssl->conf->f_get_cache != NULL &&
+ ssl->conf->f_get_cache( ssl->conf->p_get_cache, ssl->session_negotiate ) == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
ssl->handshake->resume = 1;
@@ -2651,7 +2651,7 @@
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
- ssl->authmode == MBEDTLS_SSL_VERIFY_NONE )
+ ssl->conf->authmode == MBEDTLS_SSL_VERIFY_NONE )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write certificate request" ) );
return( 0 );
@@ -2743,7 +2743,7 @@
* opaque DistinguishedName<1..2^16-1>;
*/
p += 2;
- crt = ssl->ca_chain;
+ crt = ssl->conf->ca_chain;
total_dn_size = 0;
while( crt != NULL && crt->version != 0 )
@@ -2880,8 +2880,8 @@
* opaque dh_Ys<1..2^16-1>;
* } ServerDHParams;
*/
- if( ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.P, &ssl->dhm_P ) ) != 0 ||
- ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.G, &ssl->dhm_G ) ) != 0 )
+ if( ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.P, &ssl->conf->dhm_P ) ) != 0 ||
+ ( ret = mbedtls_mpi_copy( &ssl->handshake->dhm_ctx.G, &ssl->conf->dhm_G ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_mpi_copy", ret );
return( ret );
@@ -2927,7 +2927,7 @@
const mbedtls_ecp_group_id *gid;
/* Match our preference list against the offered curves */
- for( gid = ssl->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
+ for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ )
for( curve = ssl->handshake->curves; *curve != NULL; curve++ )
if( (*curve)->grp_id == *gid )
goto curve_matching_done;
@@ -3167,7 +3167,7 @@
ssl->state++;
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
mbedtls_ssl_send_flight_completed( ssl );
#endif
@@ -3268,7 +3268,7 @@
mbedtls_ssl_write_version( ssl->handshake->max_major_ver,
ssl->handshake->max_minor_ver,
- ssl->transport, ver );
+ ssl->conf->transport, ver );
/*
* Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
* must not cause the connection to end immediately; instead, send a
@@ -3320,9 +3320,9 @@
int ret = 0;
size_t n;
- if( ssl->f_psk == NULL &&
- ( ssl->psk == NULL || ssl->psk_identity == NULL ||
- ssl->psk_identity_len == 0 || ssl->psk_len == 0 ) )
+ if( ssl->conf->f_psk == NULL &&
+ ( ssl->conf->psk == NULL || ssl->conf->psk_identity == NULL ||
+ ssl->conf->psk_identity_len == 0 || ssl->conf->psk_len == 0 ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no pre-shared key" ) );
return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
@@ -3346,17 +3346,17 @@
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE );
}
- if( ssl->f_psk != NULL )
+ if( ssl->conf->f_psk != NULL )
{
- if( ssl->f_psk( ssl->p_psk, ssl, *p, n ) != 0 )
+ if( ssl->conf->f_psk( ssl->conf->p_psk, ssl, *p, n ) != 0 )
ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
}
else
{
/* Identity is not a big secret since clients send it in the clear,
* but treat it carefully anyway, just in case */
- if( n != ssl->psk_identity_len ||
- mbedtls_ssl_safer_memcmp( ssl->psk_identity, *p, n ) != 0 )
+ if( n != ssl->conf->psk_identity_len ||
+ mbedtls_ssl_safer_memcmp( ssl->conf->psk_identity, *p, n ) != 0 )
{
ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
}
@@ -3796,7 +3796,7 @@
{
int ret;
size_t tlen;
- uint32_t lifetime = (uint32_t) ssl->ticket_lifetime;
+ uint32_t lifetime = (uint32_t) ssl->conf->ticket_lifetime;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write new session ticket" ) );
@@ -3864,7 +3864,7 @@
return( ret );
#if defined(MBEDTLS_SSL_PROTO_DTLS)
- if( ssl->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
ssl->handshake != NULL &&
ssl->handshake->retransmit_state == MBEDTLS_SSL_RETRANS_SENDING )
{