/* Server Name Indication callback function */ static int sni_callback(void UNUSED(*param), mbedtls_ssl_context *context, const unsigned char *sni_hostname, size_t len) { char hostname[SNI_MAX_HOSTNAME_LEN + 1]; t_sni_list *sni; int i; if (len > SNI_MAX_HOSTNAME_LEN) { return -1; } memcpy(hostname, sni_hostname, len); hostname[len] = '\0'; sni = sni_list; while (sni != NULL) { for (i = 0; i < sni->hostname->size; i++) { if (hostname_match(hostname, *(sni->hostname->item + i))) { /* Set private key and certificate */ if ((sni->private_key != NULL) && (sni->certificate != NULL)) { mbedtls_ssl_set_hs_own_cert(context, sni->certificate, sni->private_key); } /* Set CA certificate for TLS client authentication */ if (sni->ca_certificate != NULL) { mbedtls_ssl_set_hs_authmode(context, MBEDTLS_SSL_VERIFY_REQUIRED); mbedtls_ssl_set_hs_ca_chain(context, sni->ca_certificate, sni->ca_crl); } return 0; } } sni = sni->next; } return 0; }
int SSLContext::setAuthmode(State & state, SSLContextData * ssl_context_data) { Stack * stack = state.stack; mbedtls_ssl_set_hs_authmode(ssl_context_data->context, stack->to<int>(1)); return 0; }