Cyclic0007/wolfssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Trusted CA Key Indication Extension

Browse Source 
Added an API for enabling the Trusted CA Key Indication extension from
RFC6066 section 6. If the server doesn't have a match for the client,
the client will abandon the session.
This commit is contained in:
John Safranek
2018-09-28 09:05:59 -07:00
parent 6e1b05316d
commit b7663a940e
10 changed files with 515 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
examples/server/server.c
View File

@@ -825,6 +825,9 @@ static void Usage(void)
printf("%s", msg[++msgId]); /* -3 */
#endif
printf("%s", msg[++msgId]); /* -1 */
#ifdef HAVE_TRUSTED_CA
printf("-5 Use Trusted CA Key Indication\n");
#endif /* HAVE_TRUSTED_CA */
}
THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
@@ -914,6 +917,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
char* sniHostName = NULL;
#endif
#ifdef HAVE_TRUSTED_CA
int trustedCaKeyId = 0;
#endif /* HAVE_TRUSTED_CA */
#ifdef HAVE_OCSP
int useOcsp = 0;
char* ocspUrl = NULL;
@@ -1010,7 +1017,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
while ((ch = mygetopt(argc, argv, "?:"
"abc:defgijk:l:mnop:q:rstuv:wxy"
"A:B:C:D:E:GH:IJKL:MNO:PQR:S:TUVYZ:"
"01:23:4:")) != -1) {
"01:23:4:5")) != -1) {
switch (ch) {
case '?' :
if(myoptarg!=NULL) {
@@ -1372,6 +1379,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
doBlockSeq = 1;
dtlsCtx.blockSeq = atoi(myoptarg);
#endif
case '5' :
#ifdef HAVE_TRUSTED_CA
trustedCaKeyId = 1;
#endif /* HAVE_TRUSTED_CA */
break;
default:
@@ -1953,6 +1965,15 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
err_sys_ex(runWithErrors, "error in setting fd");
}
#ifdef HAVE_TRUSTED_CA
if (trustedCaKeyId) {
if (wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_PRE_AGREED,
NULL, 0) != WOLFSSL_SUCCESS) {
err_sys_ex(runWithErrors, "UseTrustedCA failed");
}
}
#endif /* HAVE_TRUSTED_CA */
#ifdef HAVE_ALPN
if (alpnList != NULL) {
printf("ALPN accepted protocols list : %s\n", alpnList);