/* * Process the handshake record. */ int do_svr_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len) { int ret = SSL_OK; ssl->hs_status = SSL_NOT_OK; /* not connected */ /* To get here the state must be valid */ switch (handshake_type) { case HS_CLIENT_HELLO: if ((ret = process_client_hello(ssl)) == SSL_OK) ret = send_server_hello_sequence(ssl); break; #ifdef CONFIG_SSL_CERT_VERIFICATION case HS_CERTIFICATE:/* the client sends its cert */ ret = process_certificate(ssl, &ssl->x509_ctx); if (ret == SSL_OK) /* verify the cert */ { int cert_res; int pathLenConstraint = 0; cert_res = x509_verify(ssl->ssl_ctx->ca_cert_ctx, ssl->x509_ctx, &pathLenConstraint); ret = (cert_res == 0) ? SSL_OK : SSL_X509_ERROR(cert_res); } break; case HS_CERT_VERIFY: ret = process_cert_verify(ssl); add_packet(ssl, buf, hs_len); /* needs to be done after */ break; #endif case HS_CLIENT_KEY_XCHG: ret = process_client_key_xchg(ssl); break; case HS_FINISHED: ret = process_finished(ssl, buf, hs_len); disposable_free(ssl); /* free up some memory */ break; } return ret; }
/* * Process the handshake record. */ int ICACHE_FLASH_ATTR do_clnt_handshake(SSL *ssl, int handshake_type, uint8_t *buf, int hs_len) { int ret; /* To get here the state must be valid */ // ssl_printf("do_clnt_handshake: %d %d\n",__LINE__, handshake_type); switch (handshake_type) { case HS_SERVER_HELLO: ret = process_server_hello(ssl); break; case HS_CERTIFICATE: ret = process_certificate(ssl, &ssl->x509_ctx); break; case HS_SERVER_HELLO_DONE: if ((ret = process_server_hello_done(ssl)) == SSL_OK) { if (IS_SET_SSL_FLAG(SSL_HAS_CERT_REQ)) { if ((ret = send_certificate(ssl)) == SSL_OK && (ret = send_client_key_xchg(ssl)) == SSL_OK) { send_cert_verify(ssl); } } else { ret = send_client_key_xchg(ssl); } if (ret == SSL_OK && (ret = send_change_cipher_spec(ssl)) == SSL_OK) { ret = send_finished(ssl); } } break; case HS_CERT_REQ: ret = process_cert_req(ssl); break; case HS_FINISHED: ret = process_finished(ssl, buf, hs_len); disposable_free(ssl); /* free up some memory */ /* note: client renegotiation is not allowed after this */ break; case HS_HELLO_REQUEST: disposable_new(ssl); ret = do_client_connect(ssl); break; default: ret = SSL_ERROR_INVALID_HANDSHAKE; break; } return ret; }