Skip to content

Commit c7643ea

Browse files
author
Seppo Takalo
committed
Flag certificate verification functions with MBEDTLS_X509_CRT_PARSE_C.
If Mbed TLS support for X509 is not compiled in, this class would not compile anymore. However, there might be other uses for it, even if certificates are not used. Therefore add flagging for X509 only on specific functions.
1 parent e942582 commit c7643ea

File tree

2 files changed

+26
-3
lines changed

2 files changed

+26
-3
lines changed

features/netsocket/TLSSocketWrapper.cpp

Lines changed: 22 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -28,8 +28,10 @@
2828

2929
TLSSocketWrapper::TLSSocketWrapper(Socket *transport, const char *hostname, control_transport control) :
3030
_transport(transport),
31+
#ifdef MBEDTLS_X509_CRT_PARSE_C
3132
_cacert(NULL),
3233
_clicert(NULL),
34+
#endif
3335
_ssl_conf(NULL),
3436
_connect_transport(control==TRANSPORT_CONNECT || control==TRANSPORT_CONNECT_AND_CLOSE),
3537
_close_transport(control==TRANSPORT_CLOSE || control==TRANSPORT_CONNECT_AND_CLOSE),
@@ -57,20 +59,24 @@ TLSSocketWrapper::~TLSSocketWrapper() {
5759
mbedtls_ssl_free(&_ssl);
5860
mbedtls_pk_free(&_pkctx);
5961

62+
#ifdef MBEDTLS_X509_CRT_PARSE_C
6063
set_own_cert(NULL);
6164
set_ca_chain(NULL);
65+
#endif
6266
set_ssl_config(NULL);
6367
}
6468

6569
void TLSSocketWrapper::set_hostname(const char *hostname)
6670
{
71+
#ifdef MBEDTLS_X509_CRT_PARSE_C
6772
mbedtls_ssl_set_hostname(&_ssl, hostname);
73+
#endif
6874
}
6975

7076
nsapi_error_t TLSSocketWrapper::set_root_ca_cert(const void *root_ca, size_t len)
7177
{
7278
#if !defined(MBEDTLS_X509_CRT_PARSE_C)
73-
return NSAPI_ERROR_UNSUPPORTED
79+
return NSAPI_ERROR_UNSUPPORTED;
7480
#else
7581
mbedtls_x509_crt *crt;
7682

@@ -108,7 +114,7 @@ nsapi_error_t TLSSocketWrapper::set_client_cert_key(const void *client_cert, siz
108114
const void *client_private_key_pem, size_t client_private_key_len)
109115
{
110116
#if !defined(MBEDTLS_X509_CRT_PARSE_C)
111-
return NSAPI_ERROR_UNSUPPORTED
117+
return NSAPI_ERROR_UNSUPPORTED;
112118
#else
113119

114120
int ret;
@@ -173,8 +179,12 @@ nsapi_error_t TLSSocketWrapper::do_handshake() {
173179

174180
mbedtls_ssl_set_bio(&_ssl, this, ssl_send, ssl_recv, NULL );
175181

182+
#ifdef MBEDTLS_X509_CRT_PARSE_C
176183
/* Start the handshake, the rest will be done in onReceive() */
177184
tr_info("Starting TLS handshake with %s", _ssl.hostname);
185+
#else
186+
tr_info("Starting TLS handshake");
187+
#endif
178188

179189
do {
180190
ret = mbedtls_ssl_handshake(&_ssl);
@@ -185,9 +195,14 @@ nsapi_error_t TLSSocketWrapper::do_handshake() {
185195
return ret;
186196
}
187197

198+
#ifdef MBEDTLS_X509_CRT_PARSE_C
188199
/* It also means the handshake is done, time to print info */
189-
tr_info("TLS connection to %s established\r\n", _ssl.hostname);
200+
tr_info("TLS connection to %s established", _ssl.hostname);
201+
#else
202+
tr_info("TLS connection established");
203+
#endif
190204

205+
#ifdef MBEDTLS_X509_CRT_PARSE_C
191206
/* Prints the server certificate and verify it. */
192207
const size_t buf_size = 1024;
193208
char* buf = new char[buf_size];
@@ -205,6 +220,7 @@ nsapi_error_t TLSSocketWrapper::do_handshake() {
205220
tr_info("Certificate verification passed");
206221
}
207222
delete[] buf;
223+
#endif
208224

209225
_handshake_completed = true;
210226

@@ -368,6 +384,7 @@ int TLSSocketWrapper::ssl_send(void *ctx, const unsigned char *buf, size_t len)
368384
return size;
369385
}
370386

387+
#ifdef MBEDTLS_X509_CRT_PARSE_C
371388

372389
mbedtls_x509_crt *TLSSocketWrapper::get_own_cert()
373390
{
@@ -408,6 +425,8 @@ void TLSSocketWrapper::set_ca_chain(mbedtls_x509_crt *crt)
408425
mbedtls_ssl_conf_ca_chain(get_ssl_config(), _cacert, NULL);
409426
}
410427

428+
#endif /* MBEDTLS_X509_CRT_PARSE_C */
429+
411430
mbedtls_ssl_config *TLSSocketWrapper::get_ssl_config()
412431
{
413432
if (!_ssl_conf) {

features/netsocket/TLSSocketWrapper.h

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,6 +133,7 @@ class TLSSocketWrapper : public Socket {
133133
virtual Socket *accept(nsapi_error_t *error = NULL);
134134
virtual nsapi_error_t listen(int backlog = 1);
135135

136+
#if defined(MBEDTLS_X509_CRT_PARSE_C) || defined(DOXYGEN)
136137
/** Get own certificate directly from Mbed TLS
137138
* @return internal Mbed TLS X509 structure
138139
*/
@@ -153,6 +154,7 @@ class TLSSocketWrapper : public Socket {
153154
* @param crt Mbed TLS X509 certificate chain.
154155
*/
155156
void set_ca_chain(mbedtls_x509_crt *crt);
157+
#endif
156158

157159
/** Get internal Mbed TLS configuration structure
158160
* @return Mbed TLS SSL config
@@ -216,8 +218,10 @@ class TLSSocketWrapper : public Socket {
216218

217219
Socket *_transport;
218220

221+
#ifdef MBEDTLS_X509_CRT_PARSE_C
219222
mbedtls_x509_crt* _cacert;
220223
mbedtls_x509_crt* _clicert;
224+
#endif
221225
mbedtls_ssl_config* _ssl_conf;
222226

223227
bool _connect_transport:1;

0 commit comments

Comments
 (0)