int SSLContext::setCAChain(State & state, SSLContextData * ssl_context_data) { Stack * stack = state.stack; x509crt * interfaceCert = OBJECT_IFACE(x509crt); x509crl * interfaceRevokeCert = OBJECT_IFACE(x509crl); mbedtls_x509_crt * cert = interfaceCert->get(1); mbedtls_x509_crl * revokeCert = interfaceRevokeCert->get(2); if (cert && revokeCert) { mbedtls_ssl_set_hs_ca_chain(ssl_context_data->context, cert, revokeCert); } return 0; }
/* Server Name Indication callback function */ static int sni_callback(void UNUSED(*param), mbedtls_ssl_context *context, const unsigned char *sni_hostname, size_t len) { char hostname[SNI_MAX_HOSTNAME_LEN + 1]; t_sni_list *sni; int i; if (len > SNI_MAX_HOSTNAME_LEN) { return -1; } memcpy(hostname, sni_hostname, len); hostname[len] = '\0'; sni = sni_list; while (sni != NULL) { for (i = 0; i < sni->hostname->size; i++) { if (hostname_match(hostname, *(sni->hostname->item + i))) { /* Set private key and certificate */ if ((sni->private_key != NULL) && (sni->certificate != NULL)) { mbedtls_ssl_set_hs_own_cert(context, sni->certificate, sni->private_key); } /* Set CA certificate for TLS client authentication */ if (sni->ca_certificate != NULL) { mbedtls_ssl_set_hs_authmode(context, MBEDTLS_SSL_VERIFY_REQUIRED); mbedtls_ssl_set_hs_ca_chain(context, sni->ca_certificate, sni->ca_crl); } return 0; } } sni = sni->next; } return 0; }