@@ -41,6 +41,7 @@ struct ustream_ssl_ctx *__ustream_ssl_context_new(bool server);
int __ustream_ssl_add_ca_crt_file(struct ustream_ssl_ctx *ctx, const char *file);
int __ustream_ssl_set_crt_file(struct ustream_ssl_ctx *ctx, const char *file);
int __ustream_ssl_set_key_file(struct ustream_ssl_ctx *ctx, const char *file);
+int __ustream_ssl_set_mutual_auth(struct ustream_ssl_ctx *ctx, int mutual_auth);
void __ustream_ssl_context_free(struct ustream_ssl_ctx *ctx);
enum ssl_conn_status __ustream_ssl_connect(struct ustream_ssl *us);
int __ustream_ssl_read(struct ustream_ssl *us, char *buf, int len);
@@ -217,6 +217,16 @@ __hidden int __ustream_ssl_set_key_file(struct ustream_ssl_ctx *ctx, const char
return 0;
}
+__hidden int __ustream_ssl_set_mutual_auth(struct ustream_ssl_ctx *ctx, int mutual_auth)
+{
+ if (mutual_auth)
+ mbedtls_ssl_conf_authmode(&ctx->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+ else
+ mbedtls_ssl_conf_authmode(&ctx->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
+
+ return 0;
+}
+
__hidden void __ustream_ssl_context_free(struct ustream_ssl_ctx *ctx)
{
#if defined(MBEDTLS_SSL_CACHE_C)
@@ -154,6 +154,18 @@ __hidden int __ustream_ssl_set_key_file(struct ustream_ssl_ctx *ctx, const char
return 0;
}
+__hidden int __ustream_ssl_set_mutual_auth(struct ustream_ssl_ctx *ctx, int mutual_auth)
+{
+
+ if (mutual_auth)
+ SSL_CTX_set_verify((void *) ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
+ else
+ SSL_CTX_set_verify((void *) ctx, SSL_VERIFY_NONE, NULL);
+
+ return 0;
+
+}
+
__hidden void __ustream_ssl_context_free(struct ustream_ssl_ctx *ctx)
{
SSL_CTX_free((void *) ctx);
@@ -208,6 +208,7 @@ const struct ustream_ssl_ops ustream_ssl_ops = {
.context_set_crt_file = __ustream_ssl_set_crt_file,
.context_set_key_file = __ustream_ssl_set_key_file,
.context_add_ca_crt_file = __ustream_ssl_add_ca_crt_file,
+ .context_set_mutual_auth = __ustream_ssl_set_mutual_auth,
.context_free = __ustream_ssl_context_free,
.init = _ustream_ssl_init,
.set_peer_cn = _ustream_ssl_set_peer_cn,
@@ -52,6 +52,7 @@ struct ustream_ssl_ops {
int (*context_set_crt_file)(struct ustream_ssl_ctx *ctx, const char *file);
int (*context_set_key_file)(struct ustream_ssl_ctx *ctx, const char *file);
int (*context_add_ca_crt_file)(struct ustream_ssl_ctx *ctx, const char *file);
+ int (*context_set_mutual_auth)(struct ustream_ssl_ctx *ctx, int mutual_auth);
void (*context_free)(struct ustream_ssl_ctx *ctx);
int (*init)(struct ustream_ssl *us, struct ustream *conn, struct ustream_ssl_ctx *ctx, bool server);
@@ -64,6 +65,7 @@ extern const struct ustream_ssl_ops ustream_ssl_ops;
#define ustream_ssl_context_set_crt_file ustream_ssl_ops.context_set_crt_file
#define ustream_ssl_context_set_key_file ustream_ssl_ops.context_set_key_file
#define ustream_ssl_context_add_ca_crt_file ustream_ssl_ops.context_add_ca_crt_file
+#define ustream_ssl_context_set_mutual_auth ustream_ssl_ops.context_set_mutual_auth
#define ustream_ssl_context_free ustream_ssl_ops.context_free
#define ustream_ssl_init ustream_ssl_ops.init
#define ustream_ssl_set_peer_cn ustream_ssl_ops.set_peer_cn
Fix tabs vs spaces, the cast to (void *) is according to the other casts. Signed-off-by: Nuno Morais <nuno.mcvmorais@gmail.com> Co-Developed-by: Jose Vieira <josecarlosvieir@hotmail.com> --- ustream-internal.h | 1 + ustream-mbedtls.c | 10 ++++++++++ ustream-openssl.c | 12 ++++++++++++ ustream-ssl.c | 1 + ustream-ssl.h | 2 ++ 5 files changed, 26 insertions(+)