Add support for context f_vrfy callback in 1.3
This was only supported in 1.2 for no good reason.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c9cca70..a7c6cac 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7953,6 +7953,7 @@
return 0;
}
+ /* Verify callback: precedence order is SSL context, else conf struct. */
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
void *p_vrfy;
if (ssl->f_vrfy != NULL) {
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 6ea5e01..fb57aa4 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -695,6 +695,19 @@
return 0;
}
+ /* Verify callback: precedence order is SSL context, else conf struct. */
+ int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *);
+ void *p_vrfy;
+ if (ssl->f_vrfy != NULL) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Use context-specific verification callback"));
+ f_vrfy = ssl->f_vrfy;
+ p_vrfy = ssl->p_vrfy;
+ } else {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Use configuration-specific verification callback"));
+ f_vrfy = ssl->conf->f_vrfy;
+ p_vrfy = ssl->conf->p_vrfy;
+ }
+
/*
* Main check: verify certificate
*/
@@ -710,7 +723,7 @@
ssl->conf->cert_profile,
ssl->hostname,
&verify_result,
- ssl->conf->f_vrfy, ssl->conf->p_vrfy);
+ f_vrfy, p_vrfy);
} else
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
{
@@ -737,7 +750,7 @@
ssl->conf->cert_profile,
ssl->hostname,
&verify_result,
- ssl->conf->f_vrfy, ssl->conf->p_vrfy);
+ f_vrfy, p_vrfy);
}
if (ret != 0) {