static int sni_callback( void *arg, mbedtls_ssl_context *ctx, const unsigned char *name, size_t len ){ if( name && arg ){ value ret = val_call1((value)arg, alloc_string((const char*)name)) ; if( !val_is_null(ret) ){ // TODO authmode and ca return mbedtls_ssl_set_hs_own_cert( ctx, val_cert(val_field(ret, val_id("cert"))), val_pkey(val_field(ret, val_id("key"))) ); } } return -1; }
int SSLContext::setOwnCert(State & state, SSLContextData * ssl_context_data) { Stack * stack = state.stack; x509crt * interfaceCert = OBJECT_IFACE(x509crt); PKContext * interfacePKContext = OBJECT_IFACE(PKContext); mbedtls_x509_crt * cert = interfaceCert->get(1); mbedtls_pk_context * PKcontext = interfacePKContext->get(1); if (cert && PKcontext) { stack->push<int>(mbedtls_ssl_set_hs_own_cert(ssl_context_data->context, cert, PKcontext)); return 1; } return 0; }
/* Server Name Indication callback function */ static int sni_callback(void UNUSED(*param), mbedtls_ssl_context *context, const unsigned char *sni_hostname, size_t len) { char hostname[SNI_MAX_HOSTNAME_LEN + 1]; t_sni_list *sni; int i; if (len > SNI_MAX_HOSTNAME_LEN) { return -1; } memcpy(hostname, sni_hostname, len); hostname[len] = '\0'; sni = sni_list; while (sni != NULL) { for (i = 0; i < sni->hostname->size; i++) { if (hostname_match(hostname, *(sni->hostname->item + i))) { /* Set private key and certificate */ if ((sni->private_key != NULL) && (sni->certificate != NULL)) { mbedtls_ssl_set_hs_own_cert(context, sni->certificate, sni->private_key); } /* Set CA certificate for TLS client authentication */ if (sni->ca_certificate != NULL) { mbedtls_ssl_set_hs_authmode(context, MBEDTLS_SSL_VERIFY_REQUIRED); mbedtls_ssl_set_hs_ca_chain(context, sni->ca_certificate, sni->ca_crl); } return 0; } } sni = sni->next; } return 0; }