Move ssl_set_ca_chain() to work on config
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d417065..ad95a1f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4030,7 +4030,7 @@
* Main check: verify certificate
*/
ret = mbedtls_x509_crt_verify( ssl->session_negotiate->peer_cert,
- ssl->conf->ca_chain, ssl->conf->ca_crl, ssl->peer_cn,
+ ssl->conf->ca_chain, ssl->conf->ca_crl, ssl->hostname,
&ssl->session_negotiate->verify_result,
ssl->conf->f_vrfy, ssl->conf->p_vrfy );
@@ -5345,12 +5345,12 @@
return( key_cert );
}
-void mbedtls_ssl_set_ca_chain( mbedtls_ssl_context *ssl, mbedtls_x509_crt *ca_chain,
- mbedtls_x509_crl *ca_crl, const char *peer_cn )
+void mbedtls_ssl_set_ca_chain( mbedtls_ssl_config *conf,
+ mbedtls_x509_crt *ca_chain,
+ mbedtls_x509_crl *ca_crl )
{
- ssl->conf->ca_chain = ca_chain;
- ssl->conf->ca_crl = ca_crl;
- ssl->peer_cn = peer_cn;
+ conf->ca_chain = ca_chain;
+ conf->ca_crl = ca_crl;
}
int mbedtls_ssl_set_own_cert( mbedtls_ssl_context *ssl, mbedtls_x509_crt *own_cert,
@@ -5450,7 +5450,7 @@
}
#endif
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
{
size_t hostname_len;
@@ -5474,7 +5474,9 @@
return( 0 );
}
+#endif
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
void mbedtls_ssl_set_sni( mbedtls_ssl_config *conf,
int (*f_sni)(void *, mbedtls_ssl_context *,
const unsigned char *, size_t),