Re-implement verify chain if vrfy cbs are disabled
This commit re-implements the previously introduced internal verification chain API in the case where verification callbacks are disabled. In this situation, it is not necessary to maintain the list of individual certificates and flags comprising the verification chain - instead, it suffices to just keep track of the length and the total (=merged) flags.
This commit is contained in:
Hanno Becker
parent
adc282a5e8
commit
8d6d320603
2 changed files with 70 additions and 0 deletions
|
|
@ -214,6 +214,8 @@ typedef struct mbedtls_x509write_cert
|
|||
mbedtls_x509write_cert;
|
||||
#endif /* MBEDTLS_X509_CRT_WRITE_C */
|
||||
|
||||
#if !defined(MBEDTLS_X509_REMOVE_VERIFY_CALLBACK)
|
||||
|
||||
/**
|
||||
* Item in a verification chain: cert and flags for it
|
||||
*/
|
||||
|
|
@ -236,6 +238,16 @@ typedef struct
|
|||
unsigned len;
|
||||
} mbedtls_x509_crt_verify_chain;
|
||||
|
||||
#else /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
|
||||
|
||||
typedef struct
|
||||
{
|
||||
unsigned len;
|
||||
uint32_t flags;
|
||||
} mbedtls_x509_crt_verify_chain;
|
||||
|
||||
#endif /* !MBEDTLS_X509_REMOVE_VERIFY_CALLBACK */
|
||||
|
||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue