Move easy ssl_set_xxx() functions to work on conf

mbedtls_ssl_set_alpn_protocols mbedtls_ssl_set_arc4_support mbedtls_ssl_set_authmode mbedtls_ssl_set_ciphersuites mbedtls_ssl_set_ciphersuites_for_version mbedtls_ssl_set_curves mbedtls_ssl_set_dbg mbedtls_ssl_set_dh_param mbedtls_ssl_set_dh_param_ctx mbedtls_ssl_set_dtls_anti_replay mbedtls_ssl_set_dtls_badmac_limit mbedtls_ssl_set_dtls_cookies mbedtls_ssl_set_encrypt_then_mac mbedtls_ssl_set_endpoint mbedtls_ssl_set_extended_master_secret mbedtls_ssl_set_handshake_timeout mbedtls_ssl_legacy_renegotiation mbedtls_ssl_set_max_version mbedtls_ssl_set_min_version mbedtls_ssl_set_psk_cb mbedtls_ssl_set_renegotiation mbedtls_ssl_set_renegotiation_enforced mbedtls_ssl_set_renegotiation_period mbedtls_ssl_set_session_cache mbedtls_ssl_set_session_ticket_lifetime mbedtls_ssl_set_sni mbedtls_ssl_set_transport mbedtls_ssl_set_truncated_hmac mbedtls_ssl_set_verify
2015-05-05 10:45:39 +02:00 · 2015-05-05 10:45:39 +02:00 · d36e33fc07
commit d36e33fc07
parent 419d5ae419
15 changed files with 223 additions and 233 deletions
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@ -1534,13 +1534,12 @@ int main( int argc, char *argv[] )
        goto exit;
    }

-    mbedtls_ssl_set_endpoint( &ssl, MBEDTLS_SSL_IS_SERVER );
    if( opt.auth_mode != DFL_AUTH_MODE )
-        mbedtls_ssl_set_authmode( &ssl, opt.auth_mode );
+        mbedtls_ssl_set_authmode( &conf, opt.auth_mode );

 #if defined(MBEDTLS_SSL_PROTO_DTLS)
    if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
-        mbedtls_ssl_set_handshake_timeout( &ssl, opt.hs_to_min, opt.hs_to_max );
+        mbedtls_ssl_set_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */

 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@ -1553,22 +1552,22 @@ int main( int argc, char *argv[] )

 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
    if( opt.trunc_hmac != DFL_TRUNC_HMAC )
-        mbedtls_ssl_set_truncated_hmac( &ssl, opt.trunc_hmac );
+        mbedtls_ssl_set_truncated_hmac( &conf, opt.trunc_hmac );
 #endif

 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
    if( opt.extended_ms != DFL_EXTENDED_MS )
-        mbedtls_ssl_set_extended_master_secret( &ssl, opt.extended_ms );
+        mbedtls_ssl_set_extended_master_secret( &conf, opt.extended_ms );
 #endif

 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
    if( opt.etm != DFL_ETM )
-        mbedtls_ssl_set_encrypt_then_mac( &ssl, opt.etm );
+        mbedtls_ssl_set_encrypt_then_mac( &conf, opt.etm );
 #endif

 #if defined(MBEDTLS_SSL_ALPN)
    if( opt.alpn_string != NULL )
-        if( ( ret = mbedtls_ssl_set_alpn_protocols( &ssl, alpn_list ) ) != 0 )
+        if( ( ret = mbedtls_ssl_set_alpn_protocols( &conf, alpn_list ) ) != 0 )
        {
            mbedtls_printf( " failed\n  ! mbedtls_ssl_set_alpn_protocols returned %d\n\n", ret );
            goto exit;
@ -1576,7 +1575,7 @@ int main( int argc, char *argv[] )
 #endif

    mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
-    mbedtls_ssl_set_dbg( &ssl, my_debug, stdout );
+    mbedtls_ssl_set_dbg( &conf, my_debug, stdout );

 #if defined(MBEDTLS_SSL_CACHE_C)
    if( opt.cache_max != -1 )
@ -1585,8 +1584,9 @@ int main( int argc, char *argv[] )
    if( opt.cache_timeout != -1 )
        mbedtls_ssl_cache_set_timeout( &cache, opt.cache_timeout );

-    mbedtls_ssl_set_session_cache( &ssl, mbedtls_ssl_cache_get, &cache,
-                                 mbedtls_ssl_cache_set, &cache );
+    mbedtls_ssl_set_session_cache( &conf,
+                                   mbedtls_ssl_cache_get, &cache,
+                                   mbedtls_ssl_cache_set, &cache );
 #endif

 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
@ -1597,7 +1597,7 @@ int main( int argc, char *argv[] )
    }

    if( opt.ticket_timeout != -1 )
-        mbedtls_ssl_set_session_ticket_lifetime( &ssl, opt.ticket_timeout );
+        mbedtls_ssl_set_session_ticket_lifetime( &conf, opt.ticket_timeout );
 #endif

 #if defined(MBEDTLS_SSL_PROTO_DTLS)
@ -1613,7 +1613,7 @@ int main( int argc, char *argv[] )
                goto exit;
            }

-            mbedtls_ssl_set_dtls_cookies( &ssl, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
+            mbedtls_ssl_set_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
                                       &cookie_ctx );
        }
        else
@ -1621,7 +1621,7 @@ int main( int argc, char *argv[] )
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
        if( opt.cookies == 0 )
        {
-            mbedtls_ssl_set_dtls_cookies( &ssl, NULL, NULL, NULL );
+            mbedtls_ssl_set_dtls_cookies( &conf, NULL, NULL, NULL );
        }
        else
 #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
@ -1631,50 +1631,50 @@ int main( int argc, char *argv[] )

 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
        if( opt.anti_replay != DFL_ANTI_REPLAY )
-            mbedtls_ssl_set_dtls_anti_replay( &ssl, opt.anti_replay );
+            mbedtls_ssl_set_dtls_anti_replay( &conf, opt.anti_replay );
 #endif

 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
        if( opt.badmac_limit != DFL_BADMAC_LIMIT )
-            mbedtls_ssl_set_dtls_badmac_limit( &ssl, opt.badmac_limit );
+            mbedtls_ssl_set_dtls_badmac_limit( &conf, opt.badmac_limit );
 #endif
    }
 #endif /* MBEDTLS_SSL_PROTO_DTLS */

    if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
-        mbedtls_ssl_set_ciphersuites( &ssl, opt.force_ciphersuite );
+        mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );

    if( opt.arc4 != DFL_ARC4 )
-        mbedtls_ssl_set_arc4_support( &ssl, opt.arc4 );
+        mbedtls_ssl_set_arc4_support( &conf, opt.arc4 );

    if( opt.version_suites != NULL )
    {
-        mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[0],
+        mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[0],
                                          MBEDTLS_SSL_MAJOR_VERSION_3,
                                          MBEDTLS_SSL_MINOR_VERSION_0 );
-        mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[1],
+        mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[1],
                                          MBEDTLS_SSL_MAJOR_VERSION_3,
                                          MBEDTLS_SSL_MINOR_VERSION_1 );
-        mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[2],
+        mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[2],
                                          MBEDTLS_SSL_MAJOR_VERSION_3,
                                          MBEDTLS_SSL_MINOR_VERSION_2 );
-        mbedtls_ssl_set_ciphersuites_for_version( &ssl, version_suites[3],
+        mbedtls_ssl_set_ciphersuites_for_version( &conf, version_suites[3],
                                          MBEDTLS_SSL_MAJOR_VERSION_3,
                                          MBEDTLS_SSL_MINOR_VERSION_3 );
    }

    if( opt.allow_legacy != DFL_ALLOW_LEGACY )
-        mbedtls_ssl_legacy_renegotiation( &ssl, opt.allow_legacy );
+        mbedtls_ssl_legacy_renegotiation( &conf, opt.allow_legacy );
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    mbedtls_ssl_set_renegotiation( &ssl, opt.renegotiation );
+    mbedtls_ssl_set_renegotiation( &conf, opt.renegotiation );

    if( opt.renego_delay != DFL_RENEGO_DELAY )
-        mbedtls_ssl_set_renegotiation_enforced( &ssl, opt.renego_delay );
+        mbedtls_ssl_set_renegotiation_enforced( &conf, opt.renego_delay );

    if( opt.renego_period != DFL_RENEGO_PERIOD )
    {
        renego_period[7] = opt.renego_period;
-        mbedtls_ssl_set_renegotiation_period( &ssl, renego_period );
+        mbedtls_ssl_set_renegotiation_period( &conf, renego_period );
    }
 #endif

@ -1700,7 +1700,7 @@ int main( int argc, char *argv[] )

 #if defined(SNI_OPTION)
    if( opt.sni != NULL )
-        mbedtls_ssl_set_sni( &ssl, sni_callback, sni_info );
+        mbedtls_ssl_set_sni( &conf, sni_callback, sni_info );
 #endif

 #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
@ -1717,7 +1717,7 @@ int main( int argc, char *argv[] )
    }

    if( opt.psk_list != NULL )
-        mbedtls_ssl_set_psk_cb( &ssl, psk_callback, psk_info );
+        mbedtls_ssl_set_psk_cb( &conf, psk_callback, psk_info );
 #endif

 #if defined(MBEDTLS_DHM_C)
@ -1726,11 +1726,11 @@ int main( int argc, char *argv[] )
     */
 #if defined(MBEDTLS_FS_IO)
    if( opt.dhm_file != NULL )
-        ret = mbedtls_ssl_set_dh_param_ctx( &ssl, &dhm );
+        ret = mbedtls_ssl_set_dh_param_ctx( &conf, &dhm );
    else
 #endif
-        ret = mbedtls_ssl_set_dh_param( &ssl, MBEDTLS_DHM_RFC5114_MODP_2048_P,
-                                      MBEDTLS_DHM_RFC5114_MODP_2048_G );
+        ret = mbedtls_ssl_set_dh_param( &conf, MBEDTLS_DHM_RFC5114_MODP_2048_P,
+                                               MBEDTLS_DHM_RFC5114_MODP_2048_G );

    if( ret != 0 )
    {
@ -1741,7 +1741,7 @@ int main( int argc, char *argv[] )

    if( opt.min_version != DFL_MIN_VERSION )
    {
-        ret = mbedtls_ssl_set_min_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
+        ret = mbedtls_ssl_set_min_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.min_version );
        if( ret != 0 )
        {
            mbedtls_printf( " failed\n  ! selected min_version is not available\n" );
@ -1751,7 +1751,7 @@ int main( int argc, char *argv[] )

    if( opt.max_version != DFL_MIN_VERSION )
    {
-        ret = mbedtls_ssl_set_max_version( &ssl, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
+        ret = mbedtls_ssl_set_max_version( &conf, MBEDTLS_SSL_MAJOR_VERSION_3, opt.max_version );
        if( ret != 0 )
        {
            mbedtls_printf( " failed\n  ! selected max_version is not available\n" );