int SSLContext::setCAChain(State & state, SSLContextData * ssl_context_data) {
Stack * stack = state.stack;
x509crt * interfaceCert = OBJECT_IFACE(x509crt);
x509crl * interfaceRevokeCert = OBJECT_IFACE(x509crl);
mbedtls_x509_crt * cert = interfaceCert->get(1);
mbedtls_x509_crl * revokeCert = interfaceRevokeCert->get(2);
if (cert && revokeCert) {
mbedtls_ssl_set_hs_ca_chain(ssl_context_data->context, cert, revokeCert);
}
return 0;
}
/* Server Name Indication callback function
*/
static int sni_callback(void UNUSED(*param), mbedtls_ssl_context *context, const unsigned char *sni_hostname, size_t len) {
char hostname[SNI_MAX_HOSTNAME_LEN + 1];
t_sni_list *sni;
int i;
if (len > SNI_MAX_HOSTNAME_LEN) {
return -1;
}
memcpy(hostname, sni_hostname, len);
hostname[len] = '\0';
sni = sni_list;
while (sni != NULL) {
for (i = 0; i < sni->hostname->size; i++) {
if (hostname_match(hostname, *(sni->hostname->item + i))) {
/* Set private key and certificate
*/
if ((sni->private_key != NULL) && (sni->certificate != NULL)) {
mbedtls_ssl_set_hs_own_cert(context, sni->certificate, sni->private_key);
}
/* Set CA certificate for TLS client authentication
*/
if (sni->ca_certificate != NULL) {
mbedtls_ssl_set_hs_authmode(context, MBEDTLS_SSL_VERIFY_REQUIRED);
mbedtls_ssl_set_hs_ca_chain(context, sni->ca_certificate, sni->ca_crl);
}
return 0;
}
}
sni = sni->next;
}
return 0;
}
