Lines Matching refs:ssl
43 mbedtls_ssl_context ssl; member
112 static int ssl_pm_reload_crt(SSL *ssl);
128 int ssl_pm_new(SSL *ssl) in ssl_pm_new() argument
138 const SSL_METHOD *method = ssl->method; in ssl_pm_new()
147 max_content_len = ssl->ctx->read_buffer_len; in ssl_pm_new()
155 mbedtls_ssl_init(&ssl_pm->ssl); in ssl_pm_new()
176 if (TLS_ANY_VERSION != ssl->version) { in ssl_pm_new()
177 int min_version = ssl->ctx->min_version ? ssl->ctx->min_version : ssl->version; in ssl_pm_new()
178 int max_version = ssl->ctx->max_version ? ssl->ctx->max_version : ssl->version; in ssl_pm_new()
187 if (ssl->ctx->ssl_alpn.alpn_status == ALPN_ENABLE) { in ssl_pm_new()
189 mbedtls_ssl_conf_alpn_protocols( &ssl_pm->conf, ssl->ctx->ssl_alpn.alpn_list ); in ssl_pm_new()
204 ret = mbedtls_ssl_setup(&ssl_pm->ssl, &ssl_pm->conf); in ssl_pm_new()
211 mbedtls_ssl_set_bio(&ssl_pm->ssl, &ssl_pm->fd, mbedtls_net_send, mbedtls_net_recv, NULL); in ssl_pm_new()
213 ssl->ssl_pm = ssl_pm; in ssl_pm_new()
214 ret = ssl_pm_reload_crt(ssl); in ssl_pm_new()
233 void ssl_pm_free(SSL *ssl) in ssl_pm_free() argument
235 struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; in ssl_pm_free()
240 mbedtls_ssl_free(&ssl_pm->ssl); in ssl_pm_free()
243 ssl->ssl_pm = NULL; in ssl_pm_free()
249 static int ssl_pm_reload_crt(SSL *ssl) in ssl_pm_reload_crt() argument
253 struct ssl_pm *ssl_pm = ssl->ssl_pm; in ssl_pm_reload_crt()
254 struct x509_pm *ca_pm = (struct x509_pm *)ssl->client_CA->x509_pm; in ssl_pm_reload_crt()
256 struct pkey_pm *pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm; in ssl_pm_reload_crt()
257 struct x509_pm *crt_pm = (struct x509_pm *)ssl->cert->x509->x509_pm; in ssl_pm_reload_crt()
269 if (ssl->method->endpoint == MBEDTLS_SSL_IS_SERVER) { in ssl_pm_reload_crt()
270 if (ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) in ssl_pm_reload_crt()
272 else if (ssl->verify_mode & SSL_VERIFY_PEER) in ssl_pm_reload_crt()
274 else if (ssl->verify_mode == SSL_VERIFY_NONE) in ssl_pm_reload_crt()
276 } else if (ssl->method->endpoint == MBEDTLS_SSL_IS_CLIENT) { in ssl_pm_reload_crt()
277 if (ssl->verify_mode & SSL_VERIFY_PEER) in ssl_pm_reload_crt()
279 else if (ssl->verify_mode == SSL_VERIFY_NONE) in ssl_pm_reload_crt()
312 static int mbedtls_handshake( mbedtls_ssl_context *ssl ) in mbedtls_handshake() argument
316 while (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { in mbedtls_handshake()
317 ret = mbedtls_ssl_handshake_step(ssl); in mbedtls_handshake()
319 SSL_DEBUG(SSL_PLATFORM_DEBUG_LEVEL, "ssl ret %d state %d", ret, ssl->state); in mbedtls_handshake()
328 int ssl_pm_handshake(SSL *ssl) in ssl_pm_handshake() argument
331 struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; in ssl_pm_handshake()
333 if (ssl->bio) { in ssl_pm_handshake()
335 … SSL_ASSERT1(ssl->mode & (SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)); in ssl_pm_handshake()
336 mbedtls_ssl_set_bio(&ssl_pm->ssl, ssl->bio, mbedtls_bio_send, mbedtls_bio_recv, NULL); in ssl_pm_handshake()
339 SSL_ASSERT1(ssl->mode == 0); in ssl_pm_handshake()
342 ret = ssl_pm_reload_crt(ssl); in ssl_pm_handshake()
348 while((ret = mbedtls_handshake(&ssl_pm->ssl)) != 0) { in ssl_pm_handshake()
352 } else if (ssl->bio) { in ssl_pm_handshake()
355 ssl->rwstate = SSL_READING; in ssl_pm_handshake()
357 ssl->rwstate = SSL_WRITING; in ssl_pm_handshake()
364 ssl->rwstate = SSL_NOTHING; in ssl_pm_handshake()
370 struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm; in ssl_pm_handshake()
372 x509_pm->ex_crt = (mbedtls_x509_crt *)mbedtls_ssl_get_peer_cert(&ssl_pm->ssl); in ssl_pm_handshake()
379 int ssl_pm_shutdown(SSL *ssl) in ssl_pm_shutdown() argument
382 struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; in ssl_pm_shutdown()
384 ret = mbedtls_ssl_close_notify(&ssl_pm->ssl); in ssl_pm_shutdown()
390 struct x509_pm *x509_pm = (struct x509_pm *)ssl->session->peer->x509_pm; in ssl_pm_shutdown()
398 int ssl_pm_clear(SSL *ssl) in ssl_pm_clear() argument
400 return ssl_pm_shutdown(ssl); in ssl_pm_clear()
404 int ssl_pm_read(SSL *ssl, void *buffer, int len) in ssl_pm_read() argument
407 struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; in ssl_pm_read()
409 ret = mbedtls_ssl_read(&ssl_pm->ssl, buffer, len); in ssl_pm_read()
419 int ssl_pm_send(SSL *ssl, const void *buffer, int len) in ssl_pm_send() argument
422 struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; in ssl_pm_send()
424 ret = mbedtls_ssl_write(&ssl_pm->ssl, buffer, len); in ssl_pm_send()
434 int ssl_pm_pending(const SSL *ssl) in ssl_pm_pending() argument
436 struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; in ssl_pm_pending()
438 return mbedtls_ssl_get_bytes_avail(&ssl_pm->ssl); in ssl_pm_pending()
441 void ssl_pm_set_fd(SSL *ssl, int fd, int mode) in ssl_pm_set_fd() argument
443 struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; in ssl_pm_set_fd()
448 void ssl_pm_set_hostname(SSL *ssl, const char *hostname) in ssl_pm_set_hostname() argument
450 struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; in ssl_pm_set_hostname()
452 mbedtls_ssl_set_hostname(&ssl_pm->ssl, hostname); in ssl_pm_set_hostname()
455 int ssl_pm_get_fd(const SSL *ssl, int mode) in ssl_pm_get_fd() argument
457 struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; in ssl_pm_get_fd()
462 OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl) in ssl_pm_get_state() argument
466 struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; in ssl_pm_get_state()
468 switch (ssl_pm->ssl.state) in ssl_pm_get_state()
739 void ssl_pm_set_bufflen(SSL *ssl, int len) in ssl_pm_set_bufflen() argument
744 long ssl_pm_get_verify_result(const SSL *ssl) in ssl_pm_get_verify_result() argument
748 struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; in ssl_pm_get_verify_result()
750 ret = mbedtls_ssl_get_verify_result(&ssl_pm->ssl); in ssl_pm_get_verify_result()
767 SSL *ssl = (SSL *)((char *)param - offsetof(SSL, param)); in X509_VERIFY_PARAM_set1_host() local
768 struct ssl_pm *ssl_pm = (struct ssl_pm *)ssl->ssl_pm; in X509_VERIFY_PARAM_set1_host()
781 mbedtls_ssl_set_hostname(&ssl_pm->ssl, name); in X509_VERIFY_PARAM_set1_host()