summaryrefslogtreecommitdiffstats
path: root/src/PolarSSL++/BlockingSslClientSocket.cpp
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/mbedTLS++/BlockingSslClientSocket.cpp (renamed from src/PolarSSL++/BlockingSslClientSocket.cpp)60
1 files changed, 39 insertions, 21 deletions
diff --git a/src/PolarSSL++/BlockingSslClientSocket.cpp b/src/mbedTLS++/BlockingSslClientSocket.cpp
index 7d7fc4ccf..6f765f607 100644
--- a/src/PolarSSL++/BlockingSslClientSocket.cpp
+++ b/src/mbedTLS++/BlockingSslClientSocket.cpp
@@ -1,4 +1,4 @@
-
+
// BlockingSslClientSocket.cpp
// Implements the cBlockingSslClientSocket class representing a blocking TCP socket with client SSL encryption over it
@@ -125,7 +125,16 @@ bool cBlockingSslClientSocket::Connect(const AString & a_ServerName, UInt16 a_Po
}
// Initialize the SSL:
- int ret = m_Ssl.Initialize(true);
+ int ret = 0;
+ if (m_Config != nullptr)
+ {
+ ret = m_Ssl.Initialize(m_Config);
+ }
+ else
+ {
+ ret = m_Ssl.Initialize(true);
+ }
+
if (ret != 0)
{
Printf(m_LastErrorText, "SSL initialization failed: -0x%x", -ret);
@@ -133,9 +142,9 @@ bool cBlockingSslClientSocket::Connect(const AString & a_ServerName, UInt16 a_Po
}
// If we have been assigned a trusted CA root cert store, push it into the SSL context:
- if (m_CACerts.get() != nullptr)
+ if (!m_ExpectedPeerName.empty())
{
- m_Ssl.SetCACerts(m_CACerts, m_ExpectedPeerName);
+ m_Ssl.SetExpectedPeerName(m_ExpectedPeerName);
}
ret = m_Ssl.Handshake();
@@ -153,28 +162,37 @@ bool cBlockingSslClientSocket::Connect(const AString & a_ServerName, UInt16 a_Po
-bool cBlockingSslClientSocket::SetTrustedRootCertsFromString(const AString & a_CACerts, const AString & a_ExpectedPeerName)
+void cBlockingSslClientSocket::SetExpectedPeerName(AString a_ExpectedPeerName)
{
+ ASSERT(!m_IsConnected); // Must be called before connect
+
// Warn if used multiple times, but don't signal an error:
- if (m_CACerts.get() != nullptr)
+ if (!m_ExpectedPeerName.empty())
{
LOGWARNING(
- "SSL: Trying to set multiple trusted CA root cert stores, only the last one will be used. Name: %s",
+ "SSL: Trying to set multiple expected peer names, only the last one will be used. Name: %s",
a_ExpectedPeerName.c_str()
);
}
- // Parse the cert:
- m_CACerts.reset(new cX509Cert);
- int ret = m_CACerts->Parse(a_CACerts.data(), a_CACerts.size());
- if (ret < 0)
+ m_ExpectedPeerName = std::move(a_ExpectedPeerName);
+}
+
+
+
+
+
+void cBlockingSslClientSocket::SetSslConfig(std::shared_ptr<const cSslConfig> a_Config)
+{
+ ASSERT(!m_IsConnected); // Must be called before connect
+
+ // Warn if used multiple times, but don't signal an error:
+ if (m_Config != nullptr)
{
- Printf(m_LastErrorText, "CA cert parsing failed: -0x%x", -ret);
- return false;
+ LOGWARNING("SSL: Trying to set multiple configurations, only the last one will be used.");
}
- m_ExpectedPeerName = a_ExpectedPeerName;
- return true;
+ m_Config = std::move(a_Config);
}
@@ -197,8 +215,8 @@ bool cBlockingSslClientSocket::Send(const void * a_Data, size_t a_NumBytes)
int res = m_Ssl.WritePlain(Data, a_NumBytes);
if (res < 0)
{
- ASSERT(res != POLARSSL_ERR_NET_WANT_READ); // This should never happen with callback-based SSL
- ASSERT(res != POLARSSL_ERR_NET_WANT_WRITE); // This should never happen with callback-based SSL
+ ASSERT(res != MBEDTLS_ERR_SSL_WANT_READ); // This should never happen with callback-based SSL
+ ASSERT(res != MBEDTLS_ERR_SSL_WANT_WRITE); // This should never happen with callback-based SSL
Printf(m_LastErrorText, "Data cannot be written to SSL context: -0x%x", -res);
return false;
}
@@ -272,7 +290,7 @@ int cBlockingSslClientSocket::ReceiveEncrypted(unsigned char * a_Buffer, size_t
// If we got disconnected, report an error after processing all data:
if (!m_IsConnected && m_IncomingData.empty())
{
- return POLARSSL_ERR_NET_RECV_FAILED;
+ return MBEDTLS_ERR_NET_RECV_FAILED;
}
// Copy the data from the incoming buffer into the specified space:
@@ -291,12 +309,12 @@ int cBlockingSslClientSocket::SendEncrypted(const unsigned char * a_Buffer, size
cTCPLinkPtr Socket(m_Socket); // Make a copy so that multiple threads don't race on deleting the socket.
if (Socket == nullptr)
{
- return POLARSSL_ERR_NET_SEND_FAILED;
+ return MBEDTLS_ERR_NET_SEND_FAILED;
}
if (!Socket->Send(a_Buffer, a_NumBytes))
{
- // PolarSSL's net routines distinguish between connection reset and general failure, we don't need to
- return POLARSSL_ERR_NET_SEND_FAILED;
+ // mbedTLS's net routines distinguish between connection reset and general failure, we don't need to
+ return MBEDTLS_ERR_NET_SEND_FAILED;
}
return static_cast<int>(a_NumBytes);
}