TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / ca89d7f6d884235a99347d2605c5ab4eb9a28f8f^! / . / include / mbedtls
commitca89d7f6d884235a99347d2605c5ab4eb9a28f8f[log] [tgz]
authorNicholas Wilson <nicholas.wilson@realvnc.com>Tue Jun 21 15:07:33 2016 +0100
committerSimon Butcher <simon.butcher@arm.com>Tue Mar 27 18:10:13 2018 +0100
tree7c8aad428eeab937e6f9263b2ba8f1900697a79c
parent536a22a409a496c39abf5eaee408502071e184a9 [diff]
Add compile-time guard MBEDTLS_SSL_PREVERIFY_CB for pre-verify callback

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index be80332..845a299 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h

@@ -600,6 +600,11 @@
 #error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_SSL_PREVERIFY_CB) && \
+        !defined(MBEDTLS_X509_CRT_PARSE_C)
+#error "MBEDTLS_SSL_PREVERIFY_CB defined, but not all prerequisites"
+#endif
+
 #if defined(MBEDTLS_THREADING_PTHREAD)
 #if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
 #error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index b5905ef..dc3ba9d 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h

@@ -1437,6 +1437,15 @@
 //#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
 
 /**
+ * \def MBEDTLS_SSL_PREVERIFY_CB
+ *
+ * Enable support for a pre-verification callback for received certificates.
+ *
+ * Uncomment this to enable support for the preverification callback
+ */
+//#define MBEDTLS_SSL_PREVERIFY_CB
+
+/**
  * \def MBEDTLS_THREADING_ALT
  *
  * Provide your own alternate threading implementation.

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 905460d..4d0d6a1 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -627,7 +627,9 @@
     /** Callback to customize X.509 certificate chain verification          */
     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
     void *p_vrfy;                   /*!< context for X.509 verify calllback */
+#endif
 
+#if defined(MBEDTLS_SSL_PREVERIFY_CB)
     /** Callback to receive notification before X.509 chain building        */
     void (*f_pre_vrfy)(void *, mbedtls_x509_crt *);
     void *p_pre_vrfy;               /*!< context for pre-verify calllback   */
@@ -1080,7 +1082,9 @@
 void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
                      int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
                      void *p_vrfy );
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
 
+#if defined(MBEDTLS_SSL_PREVERIFY_CB)
 /**
  * \brief          Set the pre-verification callback (Optional).
  *
@@ -1095,7 +1099,7 @@
 void mbedtls_ssl_conf_pre_verify(mbedtls_ssl_config *conf,
                                  void(*f_pre_vrfy)(void *, mbedtls_x509_crt *),
                                  void *p_pre_vrfy);
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#endif /* MBEDTLS_SSL_PREVERIFY_CB */
 
 /**
  * \brief          Set the random number generator callback