alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-11-18 10:31:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

components/openssl: SSL low-level reload cert when user add new cert

Browse Source
This commit is contained in:
dongheng
2016-09-23 10:53:18 +08:00
parent 9fc054bb55
commit 07c8bbca6c
7 changed files with 65 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
components/openssl/platform/ssl_pm.c
View File

@@ -475,3 +475,33 @@ long ssl_pm_get_verify_result(const SSL *ssl)
return verify_result;
}
int ssl_pm_reload_crt(SSL *ssl)
{
int ret;
int mode;
struct ssl_pm *ssl_pm = ssl->ssl_pm;
struct x509_pm *x509_pm;
struct pkey_pm *pkey_pm;
x509_pm = (struct x509_pm *)ssl->client_CA->x509_pm;
if (x509_pm->load) {
mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, &x509_pm->x509_crt, NULL);
mode = MBEDTLS_SSL_VERIFY_REQUIRED;
} else {
mode = MBEDTLS_SSL_VERIFY_NONE;
}
mbedtls_ssl_conf_authmode(&ssl_pm->conf, mode);
pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
if (pkey_pm->load) {
x509_pm = (struct x509_pm *)ssl->cert->x509->x509_pm;
ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, &x509_pm->x509_crt, &pkey_pm->pkey);
if (ret)
return -1;
}
return 0;
}