Esempi in C++ (Cpp) per mbedtls_x509_crt_free

Esempio n. 1

File: x509.c Progetto: Moteesh/reactos

/*
 * Checkup routine
 */
int mbedtls_x509_self_test( int verbose )
{
#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C)
    int ret;
    uint32_t flags;
    mbedtls_x509_crt cacert;
    mbedtls_x509_crt clicert;

    if( verbose != 0 )
        mbedtls_printf( "  X.509 certificate load: " );

    mbedtls_x509_crt_init( &clicert );

    ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
                           mbedtls_test_cli_crt_len );
    if( ret != 0 )
    {
        if( verbose != 0 )
            mbedtls_printf( "failed\n" );

        return( ret );
    }

    mbedtls_x509_crt_init( &cacert );

    ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt,
                          mbedtls_test_ca_crt_len );
    if( ret != 0 )
    {
        if( verbose != 0 )
            mbedtls_printf( "failed\n" );

        return( ret );
    }

    if( verbose != 0 )
        mbedtls_printf( "passed\n  X.509 signature verify: ");

    ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
    if( ret != 0 )
    {
        if( verbose != 0 )
            mbedtls_printf( "failed\n" );

        return( ret );
    }

    if( verbose != 0 )
        mbedtls_printf( "passed\n\n");

    mbedtls_x509_crt_free( &cacert  );
    mbedtls_x509_crt_free( &clicert );

    return( 0 );
#else
    ((void) verbose);
    return( 0 );
#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA1_C */
}

Esempio n. 2

File: mbedtls.c Progetto: AshKarath/bumo

void Curl_mbedtls_close(struct connectdata *conn, int sockindex)
{
  /* mbedtls_rsa_free(&conn->ssl[sockindex].rsa); */
  mbedtls_x509_crt_free(&conn->ssl[sockindex].clicert);
  mbedtls_x509_crt_free(&conn->ssl[sockindex].cacert);
  mbedtls_x509_crl_free(&conn->ssl[sockindex].crl);
  mbedtls_ssl_free(&conn->ssl[sockindex].ssl);
}

Esempio n. 3

File: serve.c Progetto: funnydog/webserve

static void tls_server_free(struct server *s)
{
	mbedtls_net_free(&s->fd);
	mbedtls_pk_free(&s->pkey);
	mbedtls_x509_crt_free(&s->srvcert);
	mbedtls_x509_crt_free(&s->cacert);
	mbedtls_ssl_config_free(&s->conf);
	mbedtls_ctr_drbg_free(&s->ctr_drbg);
	mbedtls_entropy_free(&s->entropy);
}

Esempio n. 4

File: ssl_connection.c Progetto: Cicero-MF/esp-open-rtos

int ssl_destroy(SSLConnection* conn) {
    mbedtls_net_free(&conn->net_ctx);
    mbedtls_ssl_free(&conn->ssl_ctx);
    mbedtls_ssl_config_free(&conn->ssl_conf);
    mbedtls_ctr_drbg_free(&conn->drbg_ctx);
    mbedtls_entropy_free(&conn->entropy_ctx);
    mbedtls_x509_crt_free(&conn->ca_cert);
    mbedtls_x509_crt_free(&conn->client_cert);
    mbedtls_pk_free(&conn->client_key);

    return 0;
}

Esempio n. 5

File: espconn_mbedtls.c Progetto: FelixPe/nodemcu-firmware

static void mbedtls_session_free(pmbedtls_session *session)
{
	lwIP_ASSERT(session);
	lwIP_ASSERT(*session);

	mbedtls_x509_crt_free(&(*session)->cacert);
	mbedtls_x509_crt_free(&(*session)->clicert);
	mbedtls_pk_free(&(*session)->pkey);
//	mbedtls_entropy_free(&(*session)->entropy);
	os_free(*session);
	*session = NULL;
}

Esempio n. 6

File: coap_security_handler.c Progetto: duckietown/duckietown-hs

static void coap_security_handler_reset(coap_security_t *sec){
#if defined(MBEDTLS_X509_CRT_PARSE_C)
    mbedtls_x509_crt_free(&sec->_cacert);
    mbedtls_x509_crt_free(&sec->_owncert);
#endif

    mbedtls_pk_free(&sec->_pkey);

    mbedtls_entropy_free( &sec->_entropy );
    mbedtls_ctr_drbg_free( &sec->_ctr_drbg );
    mbedtls_ssl_config_free(&sec->_conf);
    mbedtls_ssl_free(&sec->_ssl);
}

Esempio n. 7

File: mbedtls.c Progetto: aakashbhowmick/curl

void Curl_mbedtls_close(struct connectdata *conn, int sockindex)
{
  mbedtls_pk_free(&conn->ssl[sockindex].pk);
  mbedtls_x509_crt_free(&conn->ssl[sockindex].clicert);
  mbedtls_x509_crt_free(&conn->ssl[sockindex].cacert);
  mbedtls_x509_crl_free(&conn->ssl[sockindex].crl);
  mbedtls_ssl_config_free(&conn->ssl[sockindex].config);
  mbedtls_ssl_free(&conn->ssl[sockindex].ssl);
  mbedtls_ctr_drbg_free(&conn->ssl[sockindex].ctr_drbg);
#ifndef THREADING_SUPPORT
  mbedtls_entropy_free(&conn->ssl[sockindex].entropy);
#endif /* THREADING_SUPPORT */
}

Esempio n. 8

File: modussl_mbedtls.c Progetto: pfalcon/micropython

STATIC mp_uint_t socket_ioctl(mp_obj_t o_in, mp_uint_t request, uintptr_t arg, int *errcode) {
    mp_obj_ssl_socket_t *self = MP_OBJ_TO_PTR(o_in);
    if (request == MP_STREAM_CLOSE) {
        mbedtls_pk_free(&self->pkey);
        mbedtls_x509_crt_free(&self->cert);
        mbedtls_x509_crt_free(&self->cacert);
        mbedtls_ssl_free(&self->ssl);
        mbedtls_ssl_config_free(&self->conf);
        mbedtls_ctr_drbg_free(&self->ctr_drbg);
        mbedtls_entropy_free(&self->entropy);
    }
    // Pass all requests down to the underlying socket
    return mp_get_stream(self->sock)->ioctl(self->sock, request, arg, errcode);
}

Esempio n. 9

File: mbedtls.c Progetto: sshyran/curl

static void Curl_mbedtls_close(struct connectdata *conn, int sockindex)
{
  struct ssl_connect_data *connssl = &conn->ssl[sockindex];
  mbedtls_pk_free(&BACKEND->pk);
  mbedtls_x509_crt_free(&BACKEND->clicert);
  mbedtls_x509_crt_free(&BACKEND->cacert);
  mbedtls_x509_crl_free(&BACKEND->crl);
  mbedtls_ssl_config_free(&BACKEND->config);
  mbedtls_ssl_free(&BACKEND->ssl);
  mbedtls_ctr_drbg_free(&BACKEND->ctr_drbg);
#ifndef THREADING_SUPPORT
  mbedtls_entropy_free(&BACKEND->entropy);
#endif /* THREADING_SUPPORT */
}

Esempio n. 10

File: network_mbedtls_wrapper.c Progetto: SimonInHub/aws-iot-device-sdk-embedded-C

int iot_tls_destroy(Network *pNetwork) {

	mbedtls_net_free(&server_fd);

	mbedtls_x509_crt_free(&clicert);
	mbedtls_x509_crt_free(&cacert);
	mbedtls_pk_free(&pkey);
	mbedtls_ssl_free(&ssl);
	mbedtls_ssl_config_free(&conf);
	mbedtls_ctr_drbg_free(&ctr_drbg);
	mbedtls_entropy_free(&entropy);

	return 0;
}

Esempio n. 11

File: altcp_tls_mbedtls.c Progetto: olsner/lwip

void
altcp_tls_free_config(struct altcp_tls_config *conf)
{
  if (conf->pkey) {
    mbedtls_pk_free(conf->pkey);
  }
  if (conf->cert) {
    mbedtls_x509_crt_free(conf->cert);
  }
  if (conf->ca) {
    mbedtls_x509_crt_free(conf->ca);
  }
  altcp_mbedtls_free_config(conf);
}

Esempio n. 12

File: network_mbedtls_wrapper.c Progetto: tve/esp-idf

IoT_Error_t iot_tls_destroy(Network *pNetwork) {
    TLSDataParams *tlsDataParams = &(pNetwork->tlsDataParams);

    mbedtls_net_free(&(tlsDataParams->server_fd));

    mbedtls_x509_crt_free(&(tlsDataParams->clicert));
    mbedtls_x509_crt_free(&(tlsDataParams->cacert));
    mbedtls_pk_free(&(tlsDataParams->pkey));
    mbedtls_ssl_free(&(tlsDataParams->ssl));
    mbedtls_ssl_config_free(&(tlsDataParams->conf));
    mbedtls_ctr_drbg_free(&(tlsDataParams->ctr_drbg));
    mbedtls_entropy_free(&(tlsDataParams->entropy));

    return SUCCESS;
}

Esempio n. 13

File: pkcs11_mbedtls.c Progetto: 746bce42110a11028656eca33867/openvpn

int
pkcs11_certificate_serial (pkcs11h_certificate_t cert, char *serial,
    size_t serial_len)
{
  int ret = 1;

  mbedtls_x509_crt mbed_crt = {0};

  if (mbedtls_pkcs11_x509_cert_bind(&mbed_crt, cert)) {
      msg (M_FATAL, "PKCS#11: Cannot retrieve mbed TLS certificate object");
      goto cleanup;
  }

  if (-1 == mbedtls_x509_serial_gets (serial, serial_len, &mbed_crt.serial)) {
      msg (M_FATAL, "PKCS#11: mbed TLS cannot parse serial");
      goto cleanup;
  }

  ret = 0;

cleanup:
  mbedtls_x509_crt_free(&mbed_crt);

  return ret;
}

Esempio n. 14

void esp_tls_free_global_ca_store()
{
    if (global_cacert) {
        mbedtls_x509_crt_free(global_cacert);
        global_cacert = NULL;
    }
}

Esempio n. 15

File: ua_pki_default.c Progetto: open62541/open62541

static UA_StatusCode
certificateVerification_verifyApplicationURI(void *verificationContext,
                                             const UA_ByteString *certificate,
                                             const UA_String *applicationURI) {
    CertInfo *ci = (CertInfo*)verificationContext;
    if(!ci)
        return UA_STATUSCODE_BADINTERNALERROR;

    /* Parse the certificate */
    mbedtls_x509_crt remoteCertificate;
    mbedtls_x509_crt_init(&remoteCertificate);
    int mbedErr = mbedtls_x509_crt_parse(&remoteCertificate, certificate->data,
                                         certificate->length);
    if(mbedErr)
        return UA_STATUSCODE_BADSECURITYCHECKSFAILED;

    /* Poor man's ApplicationUri verification. mbedTLS does not parse all fields
     * of the Alternative Subject Name. Instead test whether the URI-string is
     * present in the v3_ext field in general.
     *
     * TODO: Improve parsing of the Alternative Subject Name */
    UA_StatusCode retval = UA_STATUSCODE_GOOD;
    if(bstrstr(remoteCertificate.v3_ext.p, remoteCertificate.v3_ext.len,
               applicationURI->data, applicationURI->length) == NULL)
        retval = UA_STATUSCODE_BADCERTIFICATEURIINVALID;

    mbedtls_x509_crt_free(&remoteCertificate);
    return retval;
}

Esempio n. 16

File: pkcs11_mbedtls.c Progetto: 746bce42110a11028656eca33867/openvpn

char *
pkcs11_certificate_dn (pkcs11h_certificate_t cert, struct gc_arena *gc)
{
  char *ret = NULL;
  char dn[1024] = {0};

  mbedtls_x509_crt mbed_crt = {0};

  if (mbedtls_pkcs11_x509_cert_bind(&mbed_crt, cert)) {
      msg (M_FATAL, "PKCS#11: Cannot retrieve mbed TLS certificate object");
      goto cleanup;
  }

  if (-1 == mbedtls_x509_dn_gets (dn, sizeof(dn), &mbed_crt.subject)) {
      msg (M_FATAL, "PKCS#11: mbed TLS cannot parse subject");
      goto cleanup;
  }

  ret = string_alloc(dn, gc);

cleanup:
  mbedtls_x509_crt_free(&mbed_crt);

  return ret;
}

Esempio n. 17

File: server.c Progetto: chen19921212/mongrel2

void Server_destroy(Server *srv)
{
    if(srv) {
        if(srv->use_ssl) {
            free(srv->rng_ctx);

            mbedtls_x509_crt_free(&srv->own_cert);
            mbedtls_pk_free(&srv->pk_key);
            // srv->ciphers freed (if non-default) by h_free
        }

        RouteMap_destroy(srv->hosts);
        Server_destroy_handlers(srv);

        bdestroy(srv->bind_addr);
        bdestroy(srv->uuid);
        bdestroy(srv->chroot);
        bdestroy(srv->access_log);
        bdestroy(srv->error_log);
        bdestroy(srv->pid_file);
        bdestroy(srv->control_port);
        bdestroy(srv->default_hostname);

        if(srv->listen_fd >= 0) fdclose(srv->listen_fd);
        h_free(srv);
    }
}

Esempio n. 18

File: altcp_tls_mbedtls.c Progetto: olsner/lwip

/** Create new TLS configuration
 * This is a suboptimal version that gets the encrypted private key and its password,
 * as well as the server certificate.
 */
struct altcp_tls_config *
altcp_tls_create_config_server_privkey_cert(const u8_t *privkey, size_t privkey_len,
    const u8_t *privkey_pass, size_t privkey_pass_len,
    const u8_t *cert, size_t cert_len)
{
  int ret;
  mbedtls_x509_crt *srvcert;
  mbedtls_pk_context *pkey;
  struct altcp_tls_config *conf = altcp_tls_create_config(1, 1, 1, 0);
  if (conf == NULL) {
    return NULL;
  }

  srvcert = conf->cert;
  mbedtls_x509_crt_init(srvcert);

  pkey = conf->pkey;
  mbedtls_pk_init(pkey);

  /* Load the certificates and private key */
  ret = mbedtls_x509_crt_parse(srvcert, cert, cert_len);
  if (ret != 0) {
    LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_x509_crt_parse failed: %d\n", ret));
    altcp_mbedtls_free_config(conf);
    return NULL;
  }

  ret = mbedtls_pk_parse_key(pkey, (const unsigned char *) privkey, privkey_len, privkey_pass, privkey_pass_len);
  if (ret != 0) {
    LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_pk_parse_public_key failed: %d\n", ret));
    mbedtls_x509_crt_free(srvcert);
    altcp_mbedtls_free_config(conf);
    return NULL;
  }

  mbedtls_ssl_conf_ca_chain(&conf->conf, srvcert->next, NULL);
  ret = mbedtls_ssl_conf_own_cert(&conf->conf, srvcert, pkey);
  if (ret != 0) {
    LWIP_DEBUGF(ALTCP_MBEDTLS_DEBUG, ("mbedtls_ssl_conf_own_cert failed: %d\n", ret));
    mbedtls_x509_crt_free(srvcert);
    mbedtls_pk_free(pkey);
    altcp_mbedtls_free_config(conf);
    return NULL;
  }
  return conf;
}

Esempio n. 19

File: dtls.cpp Progetto: openthread/openthread

void Dtls::FreeMbedtls(void)
{
#ifdef MBEDTLS_SSL_COOKIE_C
    mbedtls_ssl_cookie_free(&mCookieCtx);
#endif
#if OPENTHREAD_ENABLE_APPLICATION_COAP_SECURE
#ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
    mbedtls_x509_crt_free(&mCaChain);
    mbedtls_x509_crt_free(&mOwnCert);
    mbedtls_pk_free(&mPrivateKey);
#endif // MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#endif // OPENTHREAD_ENABLE_APPLICATION_COAP_SECURE
    mbedtls_entropy_free(&mEntropy);
    mbedtls_ctr_drbg_free(&mCtrDrbg);
    mbedtls_ssl_config_free(&mConf);
    mbedtls_ssl_free(&mSsl);
}

Esempio n. 20

File: ssl_pm.c Progetto: kubecz3k/godot

int x509_pm_load(X509 *x, const unsigned char *buffer, int len)
{
    int ret;
    unsigned char *load_buf;
    struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm;

	if (x509_pm->x509_crt)
        mbedtls_x509_crt_free(x509_pm->x509_crt);

    if (!x509_pm->x509_crt) {
        x509_pm->x509_crt = ssl_mem_malloc(sizeof(mbedtls_x509_crt));
        if (!x509_pm->x509_crt) {
            SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (x509_pm->x509_crt)");
            goto no_mem;
        }
    }

    load_buf = ssl_mem_malloc(len + 1);
    if (!load_buf) {
        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "no enough memory > (load_buf)");
        goto failed;
    }

    ssl_memcpy(load_buf, buffer, len);
    load_buf[len] = '\0';

    mbedtls_x509_crt_init(x509_pm->x509_crt);

    ret = mbedtls_x509_crt_parse(x509_pm->x509_crt, load_buf, len + 1);
    ssl_mem_free(load_buf);

    if (ret) {
        SSL_DEBUG(SSL_PLATFORM_ERROR_LEVEL, "mbedtls_x509_crt_parse return -0x%x", -ret);
        goto failed;
    }

    return 0;

failed:
    mbedtls_x509_crt_free(x509_pm->x509_crt);
    ssl_mem_free(x509_pm->x509_crt);
    x509_pm->x509_crt = NULL;
no_mem:
    return -1;
}

Esempio n. 21

File: dtls_message_channel.cpp Progetto: MagicSmokeFireworks/magic-smoke-firmware

void DTLSMessageChannel::dispose()
{
	mbedtls_x509_crt_free (&clicert);
	mbedtls_pk_free (&pkey);
	mbedtls_ssl_config_free (&conf);
	mbedtls_ssl_free (&ssl_context);
	delete this->server_public;
	server_public_len = 0;
}

Esempio n. 22

static void mbedtls_cleanup(esp_tls_t *tls) 
{
    if (!tls) {
        return;
    }
    if (tls->cacert_ptr != global_cacert) {
        mbedtls_x509_crt_free(tls->cacert_ptr);
    }
    tls->cacert_ptr = NULL;
    mbedtls_x509_crt_free(&tls->cacert);
    mbedtls_x509_crt_free(&tls->clientcert);
    mbedtls_pk_free(&tls->clientkey);
    mbedtls_entropy_free(&tls->entropy);
    mbedtls_ssl_config_free(&tls->conf);
    mbedtls_ctr_drbg_free(&tls->ctr_drbg);
    mbedtls_ssl_free(&tls->ssl);
    mbedtls_net_free(&tls->server_fd);
}

Esempio n. 23

File: ua_pki_default.c Progetto: open62541/open62541

static void
certificateVerification_deleteMembers(UA_CertificateVerification *cv) {
    CertInfo *ci = (CertInfo*)cv->context;
    if(!ci)
        return;
    mbedtls_x509_crt_free(&ci->certificateTrustList);
    mbedtls_x509_crl_free(&ci->certificateRevocationList);
    UA_free(ci);
    cv->context = NULL;
}

Esempio n. 24

File: X509Cert.cpp Progetto: anlebcoder/fibjs

result_t X509Cert::clear()
{
    if (m_root)
        return CHECK_ERROR(CALL_E_INVALID_CALL);

    mbedtls_x509_crt_free(&m_crt);
    mbedtls_x509_crt_init(&m_crt);
    m_rootLoaded = false;

    return 0;
}

Esempio n. 25

File: websocket_main.c Progetto: carhero/TizenRT

void websocket_tls_release(int param, mbedtls_ssl_config *conf, mbedtls_x509_crt *cert, mbedtls_pk_context *pkey, mbedtls_entropy_context *entropy, mbedtls_ctr_drbg_context *ctr_drbg, mbedtls_ssl_cache_context *cache)
{
	if (!param) {
		mbedtls_ssl_cache_free(cache);
	}
	mbedtls_ctr_drbg_free(ctr_drbg);
	mbedtls_entropy_free(entropy);
	mbedtls_pk_free(pkey);
	mbedtls_x509_crt_free(cert);
	mbedtls_ssl_config_free(conf);
}

Esempio n. 26

File: ssl_pm.c Progetto: kubecz3k/godot

void x509_pm_free(X509 *x)
{
    struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm;

    if (x509_pm->x509_crt) {
        mbedtls_x509_crt_free(x509_pm->x509_crt);

        ssl_mem_free(x509_pm->x509_crt);
        x509_pm->x509_crt = NULL;
    }

    ssl_mem_free(x->x509_pm);
    x->x509_pm = NULL;
}

Esempio n. 27

File: goldy.c Progetto: jerel/goldy-client

static int global_deinit(global_context *gc) {
  int ret = 0;

  mbedtls_net_free(&gc->listen_fd);

  mbedtls_x509_crt_free(&gc->cacert);
  mbedtls_ssl_config_free(&gc->conf);
  mbedtls_ssl_cookie_free(&gc->cookie_ctx);
#if defined(MBEDTLS_SSL_CACHE_C)
  mbedtls_ssl_cache_free(&gc->cache);
#endif
  mbedtls_ctr_drbg_free(&gc->ctr_drbg);
  mbedtls_entropy_free(&gc->entropy);

  return ret == 0 ? 0 : 1;
}

Esempio n. 28

File: net_socket_ssl.c Progetto: Alcaro/RetroArch

void ssl_socket_free(void *state_data)
{
   struct ssl_state *state = (struct ssl_state*)state_data;

   if (!state)
      return;

   mbedtls_ssl_free(&state->ctx);
   mbedtls_ssl_config_free(&state->conf);
   mbedtls_ctr_drbg_free(&state->ctr_drbg);
   mbedtls_entropy_free(&state->entropy);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
   mbedtls_x509_crt_free(&state->ca);
#endif

   free(state);
}

Esempio n. 29

File: http_client.c Progetto: rsalveti/zephyr

static void https_shutdown(struct http_client_ctx *ctx)
{
	if (!ctx->https.tid) {
		return;
	}

	/* Empty the fifo just in case there is any received packets
	 * still there.
	 */
	while (1) {
		struct rx_fifo_block *rx_data;

		rx_data = k_fifo_get(&ctx->https.mbedtls.ssl_ctx.rx_fifo,
				     K_NO_WAIT);
		if (!rx_data) {
			break;
		}

		net_pkt_unref(rx_data->pkt);

		k_mem_pool_free(&rx_data->block);
	}

	k_fifo_cancel_wait(&ctx->https.mbedtls.ssl_ctx.rx_fifo);

	/* Let the ssl_rx() run if there is anything there waiting */
	k_yield();

	mbedtls_ssl_close_notify(&ctx->https.mbedtls.ssl);
	mbedtls_ssl_free(&ctx->https.mbedtls.ssl);
	mbedtls_ssl_config_free(&ctx->https.mbedtls.conf);
	mbedtls_ctr_drbg_free(&ctx->https.mbedtls.ctr_drbg);
	mbedtls_entropy_free(&ctx->https.mbedtls.entropy);

#if defined(MBEDTLS_X509_CRT_PARSE_C)
	mbedtls_x509_crt_free(&ctx->https.mbedtls.ca_cert);
#endif

	tcp_disconnect(ctx);

	NET_DBG("HTTPS thread %p stopped for %p", ctx->https.tid, ctx);

	k_thread_abort(ctx->https.tid);
	ctx->https.tid = 0;
}

Esempio n. 30

File: ssl.c Progetto: dancahill/nsp

int _ssl_shutdown(nsp_state *N, TCP_SOCKET *sock)
{
#define __FN__ __FILE__ ":_ssl_shutdown()"
#if defined HAVE_OPENSSL
	if (sock->ssl_ctx) {
		SSL_CTX_free(sock->ssl_ctx);
		sock->ssl_ctx = NULL;
	}
	return 0;
#elif defined HAVE_MBEDTLS
	if (sock->use_ssl) {
		/* x509 and rsa for server sockets */
		mbedtls_x509_crt_free(&sock->srvcert);
		mbedtls_pk_free(&sock->pubkey);
		//rsa_free(&sock->pubkey);

		mbedtls_ssl_free(&sock->ssl);
		sock->use_ssl = 0;
	}
	return 0;
#endif
#undef __FN__
}