commit 9ec3fe0d4371b3d384b53da199775def7ab3abee
author Hanno Becker <hanno.becker@arm.com> Mon Jul 01 17:36:12 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Mon Sep 09 09:55:31 2019 +0100
tree 1b9623cc2ef68484502afb0a1befe907bb51db39
parent 0e895727be97b3679e8bfef86a264e3300700db1

Introduce configuration option to remove CRT verification callbacks

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e47c456..6aebc08 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7181,7 +7181,10 @@
         ssl->hostname,
 #endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION */
         &ssl->session_negotiate->verify_result,
-        ssl->conf->f_vrfy, ssl->conf->p_vrfy, rs_ctx );
+#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
+        ssl->conf->f_vrfy, ssl->conf->p_vrfy,
+#endif /* MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
+        rs_ctx );
 
     if( verify_ret != 0 )
     {
@@ -8523,7 +8526,8 @@
 #endif /* MBEDTLS_SSL_CONF_AUTHMODE */
 }
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
+    !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
 void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
                      int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
                      void *p_vrfy )
@@ -8531,7 +8535,7 @@
     conf->f_vrfy      = f_vrfy;
     conf->p_vrfy      = p_vrfy;
 }
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
 
 #if !defined(MBEDTLS_SSL_CONF_RNG)
 void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,