Lines Matching refs:conn
445 static void tls_connection_deinit_expkey(struct tls_connection *conn) in tls_connection_deinit_expkey() argument
447 conn->tls_prf_type = 0; /* MBEDTLS_SSL_TLS_PRF_NONE; */ in tls_connection_deinit_expkey()
448 conn->expkey_keyblock_size = 0; in tls_connection_deinit_expkey()
449 conn->expkey_secret_len = 0; in tls_connection_deinit_expkey()
450 forced_memzero(conn->expkey_secret, sizeof(conn->expkey_secret)); in tls_connection_deinit_expkey()
451 forced_memzero(conn->expkey_randbytes, sizeof(conn->expkey_randbytes)); in tls_connection_deinit_expkey()
455 void tls_connection_deinit_clienthello_session_ticket(struct tls_connection *conn) in tls_connection_deinit_clienthello_session_ticket() argument
457 if (conn->clienthello_session_ticket) in tls_connection_deinit_clienthello_session_ticket()
459 … mbedtls_platform_zeroize(conn->clienthello_session_ticket, conn->clienthello_session_ticket_len); in tls_connection_deinit_clienthello_session_ticket()
460 mbedtls_free(conn->clienthello_session_ticket); in tls_connection_deinit_clienthello_session_ticket()
461 conn->clienthello_session_ticket = NULL; in tls_connection_deinit_clienthello_session_ticket()
462 conn->clienthello_session_ticket_len = 0; in tls_connection_deinit_clienthello_session_ticket()
467 void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn) in tls_connection_deinit() argument
469 if (conn == NULL) in tls_connection_deinit()
472 if (conn->tls_prf_type) in tls_connection_deinit()
473 tls_connection_deinit_expkey(conn); in tls_connection_deinit()
476 if (conn->clienthello_session_ticket) in tls_connection_deinit()
477 tls_connection_deinit_clienthello_session_ticket(conn); in tls_connection_deinit()
480 os_free(conn->peer_subject); in tls_connection_deinit()
481 wpabuf_free(conn->success_data); in tls_connection_deinit()
482 wpabuf_free(conn->push_buf); in tls_connection_deinit()
483 wpabuf_free(conn->pull_buf); in tls_connection_deinit()
484 mbedtls_ssl_free(&conn->ssl); in tls_connection_deinit()
485 tls_conf_deinit(conn->tls_conf); in tls_connection_deinit()
486 os_free(conn); in tls_connection_deinit()
490 static int tls_mbedtls_ssl_setup(struct tls_connection *conn);
494 struct tls_connection *conn = os_zalloc(sizeof(*conn)); in tls_connection_init() local
495 if (conn == NULL) in tls_connection_init()
498 mbedtls_ssl_init(&conn->ssl); in tls_connection_init()
500 conn->tls_conf = tls_ctx_global.tls_conf; /*(inherit global conf, if set)*/ in tls_connection_init()
501 if (conn->tls_conf) in tls_connection_init()
503 ++conn->tls_conf->refcnt; in tls_connection_init()
507 conn->verify_peer = conn->tls_conf->verify_peer; in tls_connection_init()
508 if (tls_mbedtls_ssl_setup(conn) != 0) in tls_connection_init()
510 tls_connection_deinit(&tls_ctx_global, conn); in tls_connection_init()
515 return conn; in tls_connection_init()
518 int tls_connection_established(void *tls_ctx, struct tls_connection *conn) in tls_connection_established() argument
520 return conn ? conn->established : 0; in tls_connection_established()
549 char *tls_connection_peer_serial_num(void *tls_ctx, struct tls_connection *conn) in tls_connection_peer_serial_num() argument
551 const mbedtls_x509_crt *crt = mbedtls_ssl_get_peer_cert(&conn->ssl); in tls_connection_peer_serial_num()
561 static void tls_pull_buf_reset(struct tls_connection *conn);
563 int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) in tls_connection_shutdown() argument
568 if (conn == NULL) in tls_connection_shutdown()
571 tls_pull_buf_reset(conn); in tls_connection_shutdown()
572 wpabuf_free(conn->push_buf); in tls_connection_shutdown()
573 conn->push_buf = NULL; in tls_connection_shutdown()
574 conn->established = 0; in tls_connection_shutdown()
575 conn->resumed = 0; in tls_connection_shutdown()
576 if (conn->tls_prf_type) in tls_connection_shutdown()
577 tls_connection_deinit_expkey(conn); in tls_connection_shutdown()
581 return mbedtls_ssl_session_reset(&conn->ssl); in tls_connection_shutdown()
592 static int tls_pull_buf_append(struct tls_connection *conn, const struct wpabuf *in_data) in tls_pull_buf_append() argument
595 return tls_wpabuf_resize_put_data(&conn->pull_buf, wpabuf_head(in_data), wpabuf_len(in_data)); in tls_pull_buf_append()
598 static void tls_pull_buf_reset(struct tls_connection *conn) in tls_pull_buf_reset() argument
601 wpabuf_free(conn->pull_buf); in tls_pull_buf_reset()
602 conn->pull_buf = NULL; in tls_pull_buf_reset()
603 conn->pull_buf_offset = 0; in tls_pull_buf_reset()
606 __attribute_cold__ static void tls_pull_buf_discard(struct tls_connection *conn, const char *func) in tls_pull_buf_discard() argument
608 size_t discard = wpabuf_len(conn->pull_buf) - conn->pull_buf_offset; in tls_pull_buf_discard()
611 tls_pull_buf_reset(conn); in tls_pull_buf_discard()
616 struct tls_connection *conn = (struct tls_connection *)ptr; in tls_pull_func() local
617 if (conn->pull_buf == NULL) in tls_pull_func()
619 const size_t dlen = wpabuf_len(conn->pull_buf) - conn->pull_buf_offset; in tls_pull_func()
625 os_memcpy(buf, (u8 *)wpabuf_head(conn->pull_buf) + conn->pull_buf_offset, len); in tls_pull_func()
629 tls_pull_buf_reset(conn); in tls_pull_func()
634 conn->pull_buf_offset += len; in tls_pull_func()
643 struct tls_connection *conn = (struct tls_connection *)ptr; in tls_push_func() local
644 …return tls_wpabuf_resize_put_data(&conn->push_buf, buf, len) ? (int)len : MBEDTLS_ERR_SSL_ALLOC_FA… in tls_push_func()
649 static int tls_mbedtls_ssl_setup(struct tls_connection *conn) in tls_mbedtls_ssl_setup() argument
651 int ret = mbedtls_ssl_setup(&conn->ssl, &conn->tls_conf->conf); in tls_mbedtls_ssl_setup()
658 mbedtls_ssl_set_bio(&conn->ssl, conn, tls_push_func, tls_pull_func, NULL); in tls_mbedtls_ssl_setup()
660 mbedtls_ssl_set_export_keys_cb(&conn->ssl, tls_connection_export_keys_cb, conn); in tls_mbedtls_ssl_setup()
662 mbedtls_ssl_conf_export_keys_ext_cb(&conn->tls_conf->conf, tls_connection_export_keys_cb, conn); in tls_mbedtls_ssl_setup()
664 if (conn->verify_peer) in tls_mbedtls_ssl_setup()
665 mbedtls_ssl_set_verify(&conn->ssl, tls_mbedtls_verify_cb, conn); in tls_mbedtls_ssl_setup()
1802 int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, const struct tls_connecti… in tls_connection_set_params() argument
1804 if (conn == NULL || params == NULL) in tls_connection_set_params()
1807 tls_conf_deinit(conn->tls_conf); in tls_connection_set_params()
1808 struct tls_conf *tls_conf = conn->tls_conf = tls_conf_init(tls_ctx); in tls_connection_set_params()
1829 conn->verify_peer = tls_conf->verify_peer; in tls_connection_set_params()
1831 return tls_mbedtls_ssl_setup(conn); in tls_connection_set_params()
1836 static int tls_mbedtls_clienthello_session_ticket_prep(struct tls_connection *conn, const u8 *data,… in tls_mbedtls_clienthello_session_ticket_prep() argument
1838 if (conn->tls_conf->flags & TLS_CONN_DISABLE_SESSION_TICKET) in tls_mbedtls_clienthello_session_ticket_prep()
1840 if (conn->clienthello_session_ticket) in tls_mbedtls_clienthello_session_ticket_prep()
1841 tls_connection_deinit_clienthello_session_ticket(conn); in tls_mbedtls_clienthello_session_ticket_prep()
1844 conn->clienthello_session_ticket = mbedtls_calloc(1, len); in tls_mbedtls_clienthello_session_ticket_prep()
1845 if (conn->clienthello_session_ticket == NULL) in tls_mbedtls_clienthello_session_ticket_prep()
1847 conn->clienthello_session_ticket_len = len; in tls_mbedtls_clienthello_session_ticket_prep()
1848 os_memcpy(conn->clienthello_session_ticket, data, len); in tls_mbedtls_clienthello_session_ticket_prep()
1853 static void tls_mbedtls_clienthello_session_ticket_set(struct tls_connection *conn) in tls_mbedtls_clienthello_session_ticket_set() argument
1855 mbedtls_ssl_session *sess = conn->ssl.MBEDTLS_PRIVATE(session_negotiate); in tls_mbedtls_clienthello_session_ticket_set()
1861 sess->MBEDTLS_PRIVATE(ticket) = conn->clienthello_session_ticket; in tls_mbedtls_clienthello_session_ticket_set()
1862 sess->MBEDTLS_PRIVATE(ticket_len) = conn->clienthello_session_ticket_len; in tls_mbedtls_clienthello_session_ticket_set()
1865 conn->clienthello_session_ticket = NULL; in tls_mbedtls_clienthello_session_ticket_set()
1866 conn->clienthello_session_ticket_len = 0; in tls_mbedtls_clienthello_session_ticket_set()
1876 struct tls_connection *conn = p_ticket; in tls_mbedtls_ssl_ticket_write() local
1877 if (conn && conn->session_ticket_cb) in tls_mbedtls_ssl_ticket_write()
1896 struct tls_connection *conn = p_ticket; in tls_mbedtls_ssl_ticket_parse() local
1897 if (conn && conn->session_ticket_cb) in tls_mbedtls_ssl_ticket_parse()
1903 if (tls_connection_get_random(NULL, conn, &data) != 0) in tls_mbedtls_ssl_ticket_parse()
1905 …int ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx, buf, len, data.client_random, data.… in tls_mbedtls_ssl_ticket_parse()
1906 conn->expkey_secret); in tls_mbedtls_ssl_ticket_parse()
1909 conn->resumed = 1; in tls_mbedtls_ssl_ticket_parse()
1919 if (conn) in tls_mbedtls_ssl_ticket_parse()
1920 conn->resumed = (rc == 0); in tls_mbedtls_ssl_ticket_parse()
1968 struct tls_connection *conn, in tls_connection_set_verify() argument
1975 if (conn == NULL) in tls_connection_set_verify()
1978 conn->tls_conf->flags |= flags; /* TODO: reprocess flags, if necessary */ in tls_connection_set_verify()
1994 mbedtls_ssl_set_hs_authmode(&conn->ssl, authmode); in tls_connection_set_verify()
1996 if ((conn->verify_peer = (authmode != MBEDTLS_SSL_VERIFY_NONE))) in tls_connection_set_verify()
1997 mbedtls_ssl_set_verify(&conn->ssl, tls_mbedtls_verify_cb, conn); in tls_connection_set_verify()
1999 mbedtls_ssl_set_verify(&conn->ssl, NULL, NULL); in tls_connection_set_verify()
2013 struct tls_connection *conn = p_expkey; in tls_connection_export_keys_cb() local
2014 conn->tls_prf_type = tls_prf_type; in tls_connection_export_keys_cb()
2017 if (secret_len > sizeof(conn->expkey_secret)) in tls_connection_export_keys_cb()
2020 conn->tls_prf_type = MBEDTLS_SSL_TLS_PRF_NONE; /* 0 */ in tls_connection_export_keys_cb()
2023 conn->expkey_secret_len = secret_len; in tls_connection_export_keys_cb()
2024 os_memcpy(conn->expkey_secret, secret, secret_len); in tls_connection_export_keys_cb()
2025 os_memcpy(conn->expkey_randbytes, client_random, MBEDTLS_EXPKEY_RAND_LEN); in tls_connection_export_keys_cb()
2026 …os_memcpy(conn->expkey_randbytes + MBEDTLS_EXPKEY_RAND_LEN, server_random, MBEDTLS_EXPKEY_RAND_LEN… in tls_connection_export_keys_cb()
2039 struct tls_connection *conn = p_expkey; in tls_connection_export_keys_cb() local
2040 conn->tls_prf_type = tls_prf_type; in tls_connection_export_keys_cb()
2043 conn->expkey_keyblock_size = maclen + keylen + ivlen; in tls_connection_export_keys_cb()
2044 conn->expkey_secret_len = MBEDTLS_EXPKEY_FIXED_SECRET_LEN; in tls_connection_export_keys_cb()
2045 os_memcpy(conn->expkey_secret, ms, MBEDTLS_EXPKEY_FIXED_SECRET_LEN); in tls_connection_export_keys_cb()
2046 os_memcpy(conn->expkey_randbytes, client_random, MBEDTLS_EXPKEY_RAND_LEN); in tls_connection_export_keys_cb()
2047 …os_memcpy(conn->expkey_randbytes + MBEDTLS_EXPKEY_RAND_LEN, server_random, MBEDTLS_EXPKEY_RAND_LEN… in tls_connection_export_keys_cb()
2052 int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn, struct tls_random *data) in tls_connection_get_random() argument
2054 if (!conn || !conn->tls_prf_type) in tls_connection_get_random()
2056 data->client_random = conn->expkey_randbytes; in tls_connection_get_random()
2058 data->server_random = conn->expkey_randbytes + MBEDTLS_EXPKEY_RAND_LEN; in tls_connection_get_random()
2064 struct tls_connection *conn, in tls_connection_export_key() argument
2073 return (conn && conn->established && conn->tls_prf_type) ? in tls_connection_export_key()
2074 … mbedtls_ssl_tls_prf(conn->tls_prf_type, conn->expkey_secret, conn->expkey_secret_len, label, in tls_connection_export_key()
2075 … conn->expkey_randbytes, sizeof(conn->expkey_randbytes), out, out_len) : in tls_connection_export_key()
2136 int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn, u8 *out, size_t out… in tls_connection_get_eap_fast_key() argument
2139 if (!conn || !conn->tls_prf_type) in tls_connection_get_eap_fast_key()
2143 conn->expkey_keyblock_size = tls_mbedtls_ssl_keyblock_size(&conn->ssl); in tls_connection_get_eap_fast_key()
2144 if (conn->expkey_keyblock_size == 0) in tls_connection_get_eap_fast_key()
2147 size_t skip = conn->expkey_keyblock_size * 2; in tls_connection_get_eap_fast_key()
2154 os_memcpy(seed, conn->expkey_randbytes + MBEDTLS_EXPKEY_RAND_LEN, MBEDTLS_EXPKEY_RAND_LEN); in tls_connection_get_eap_fast_key()
2155 os_memcpy(seed + MBEDTLS_EXPKEY_RAND_LEN, conn->expkey_randbytes, MBEDTLS_EXPKEY_RAND_LEN); in tls_connection_get_eap_fast_key()
2158 …int ret = mbedtls_ssl_tls_prf(conn->tls_prf_type, conn->expkey_secret, conn->expkey_secret_len, "k… in tls_connection_get_eap_fast_key()
2173 __attribute_cold__ static void tls_mbedtls_suiteb_handshake_alert(struct tls_connection *conn) in tls_mbedtls_suiteb_handshake_alert() argument
2176 if (!(conn->tls_conf->flags & TLS_CONN_SUITEB)) in tls_mbedtls_suiteb_handshake_alert()
2196 struct tls_connection *conn, in tls_connection_handshake() argument
2206 if (conn->pull_buf && 0) /* disable; appears unwise */ in tls_connection_handshake()
2207 tls_pull_buf_discard(conn, __func__); in tls_connection_handshake()
2208 if (!tls_pull_buf_append(conn, in_data)) in tls_connection_handshake()
2212 if (conn->tls_conf == NULL) in tls_connection_handshake()
2218 if (tls_connection_set_params(tls_ctx, conn, ¶ms) != 0) in tls_connection_handshake()
2222 if (conn->verify_peer) /*(call here might be redundant; nbd)*/ in tls_connection_handshake()
2223 mbedtls_ssl_set_verify(&conn->ssl, tls_mbedtls_verify_cb, conn); in tls_connection_handshake()
2226 if (conn->clienthello_session_ticket) in tls_connection_handshake()
2228 tls_mbedtls_clienthello_session_ticket_set(conn); in tls_connection_handshake()
2234 if (conn->tls_conf->flags & TLS_CONN_DISABLE_SESSION_TICKET) in tls_connection_handshake()
2235 mbedtls_ssl_conf_session_tickets_cb(&conn->tls_conf->conf, NULL, NULL, NULL); in tls_connection_handshake()
2237 mbedtls_ssl_conf_session_tickets_cb(&conn->tls_conf->conf, tls_mbedtls_ssl_ticket_write, in tls_connection_handshake()
2238 tls_mbedtls_ssl_ticket_parse, conn); in tls_connection_handshake()
2242 int ret = mbedtls_ssl_handshake(&conn->ssl); in tls_connection_handshake()
2245 while (conn->ssl.MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) in tls_connection_handshake()
2247 ret = mbedtls_ssl_handshake_step(&conn->ssl); in tls_connection_handshake()
2254 mbedtls_ssl_conf_session_tickets_cb(&conn->tls_conf->conf, tls_mbedtls_ssl_ticket_write, in tls_connection_handshake()
2261 conn->established = 1; in tls_connection_handshake()
2262 if (conn->push_buf == NULL) in tls_connection_handshake()
2264 conn->push_buf = wpabuf_alloc(0); in tls_connection_handshake()
2274 && conn->established && conn->push_buf == NULL) in tls_connection_handshake()
2276 conn->push_buf = wpabuf_alloc(0); in tls_connection_handshake()
2279 ++conn->failed; in tls_connection_handshake()
2285 ++conn->write_alerts; in tls_connection_handshake()
2292 tls_mbedtls_suiteb_handshake_alert(conn); in tls_connection_handshake()
2298 ++conn->read_alerts; in tls_connection_handshake()
2308 struct wpabuf *out_data = conn->push_buf; in tls_connection_handshake()
2309 conn->push_buf = NULL; in tls_connection_handshake()
2314 struct tls_connection *conn, in tls_connection_server_handshake() argument
2318 conn->is_server = 1; in tls_connection_server_handshake()
2319 return tls_connection_handshake(tls_ctx, conn, in_data, appl_data); in tls_connection_server_handshake()
2322 struct wpabuf *tls_connection_encrypt(void *tls_ctx, struct tls_connection *conn, const struct wpab… in tls_connection_encrypt() argument
2324 int res = mbedtls_ssl_write(&conn->ssl, wpabuf_head_u8(in_data), wpabuf_len(in_data)); in tls_connection_encrypt()
2331 struct wpabuf *buf = conn->push_buf; in tls_connection_encrypt()
2332 conn->push_buf = NULL; in tls_connection_encrypt()
2336 struct wpabuf *tls_connection_decrypt(void *tls_ctx, struct tls_connection *conn, const struct wpab… in tls_connection_decrypt() argument
2342 if (!tls_pull_buf_append(conn, in_data)) in tls_connection_decrypt()
2355 while ((conn->pull_buf) && ((wpabuf_len(conn->pull_buf) - conn->pull_buf_offset) > 0)) in tls_connection_decrypt()
2357 res = mbedtls_ssl_read(&conn->ssl, wpabuf_mhead(out), wpabuf_size(out)); in tls_connection_decrypt()
2375 int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn) in tls_connection_resumed() argument
2380 return conn && conn->resumed; in tls_connection_resumed()
2384 int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, u8 *ciphers) in tls_connection_set_cipher_list() argument
2429 return tls_mbedtls_set_ciphersuites(conn->tls_conf, ids, nids) ? 0 : -1; in tls_connection_set_cipher_list()
2433 int tls_get_version(void *ssl_ctx, struct tls_connection *conn, char *buf, size_t buflen) in tls_get_version() argument
2435 if (conn == NULL) in tls_get_version()
2437 os_strlcpy(buf, mbedtls_ssl_get_version(&conn->ssl), buflen); in tls_get_version()
2442 u16 tls_connection_get_cipher_suite(struct tls_connection *conn) in tls_connection_get_cipher_suite() argument
2444 if (conn == NULL) in tls_connection_get_cipher_suite()
2446 return (u16)mbedtls_ssl_get_ciphersuite_id_from_ssl(&conn->ssl); in tls_connection_get_cipher_suite()
2450 int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, char *buf, size_t buflen) in tls_get_cipher() argument
2452 if (conn == NULL) in tls_get_cipher()
2454 const int id = mbedtls_ssl_get_ciphersuite_id_from_ssl(&conn->ssl); in tls_get_cipher()
2460 int tls_connection_enable_workaround(void *tls_ctx, struct tls_connection *conn) in tls_connection_enable_workaround() argument
2469 void *tls_ctx, struct tls_connection *conn, int ext_type, const u8 *data, size_t data_len) in tls_connection_client_hello_ext() argument
2473 return tls_mbedtls_clienthello_session_ticket_prep(conn, data, data_len); in tls_connection_client_hello_ext()
2480 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn) in tls_connection_get_failed() argument
2482 return conn ? conn->failed : -1; in tls_connection_get_failed()
2485 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn) in tls_connection_get_read_alerts() argument
2487 return conn ? conn->read_alerts : -1; in tls_connection_get_read_alerts()
2490 int tls_connection_get_write_alerts(void *tls_ctx, struct tls_connection *conn) in tls_connection_get_write_alerts() argument
2492 return conn ? conn->write_alerts : -1; in tls_connection_get_write_alerts()
2497 struct tls_connection *conn, in tls_connection_set_session_ticket_cb() argument
2501 if (!(conn->tls_conf->flags & TLS_CONN_DISABLE_SESSION_TICKET)) in tls_connection_set_session_ticket_cb()
2504 conn->session_ticket_cb = cb; in tls_connection_set_session_ticket_cb()
2505 conn->session_ticket_cb_ctx = ctx; in tls_connection_set_session_ticket_cb()
2523 void tls_connection_set_success_data(struct tls_connection *conn, struct wpabuf *data) in tls_connection_set_success_data() argument
2525 wpabuf_free(conn->success_data); in tls_connection_set_success_data()
2526 conn->success_data = data; in tls_connection_set_success_data()
2529 void tls_connection_set_success_data_resumed(struct tls_connection *conn) in tls_connection_set_success_data_resumed() argument
2533 const struct wpabuf *tls_connection_get_success_data(struct tls_connection *conn) in tls_connection_get_success_data() argument
2535 return conn->success_data; in tls_connection_get_success_data()
2538 void tls_connection_remove_session(struct tls_connection *conn) in tls_connection_remove_session() argument
2543 int tls_get_tls_unique(struct tls_connection *conn, u8 *buf, size_t max_len) in tls_get_tls_unique() argument
2547 size_t verify_len = conn->ssl.MBEDTLS_PRIVATE(verify_data_len); in tls_get_tls_unique()
2548 …char *verify_data = (conn->is_server ^ conn->resumed) ? conn->ssl.MBEDTLS_PRIVATE(peer_verify_data… in tls_get_tls_unique()
2549 … conn->ssl.MBEDTLS_PRIVATE(own_verify_data); in tls_get_tls_unique()
2560 __attribute_noinline__ static void tls_mbedtls_set_peer_subject(struct tls_connection *conn, in tls_mbedtls_set_peer_subject() argument
2563 if (conn->peer_subject) in tls_mbedtls_set_peer_subject()
2567 if (buflen >= 0 && (conn->peer_subject = os_malloc((size_t)buflen + 1))) in tls_mbedtls_set_peer_subject()
2568 os_memcpy(conn->peer_subject, buf, (size_t)buflen + 1); in tls_mbedtls_set_peer_subject()
2572 const char *tls_connection_get_peer_subject(struct tls_connection *conn) in tls_connection_get_peer_subject() argument
2574 if (!conn) in tls_connection_get_peer_subject()
2576 if (!conn->peer_subject) in tls_connection_get_peer_subject()
2578 const mbedtls_x509_crt *peer_cert = mbedtls_ssl_get_peer_cert(&conn->ssl); in tls_connection_get_peer_subject()
2580 tls_mbedtls_set_peer_subject(conn, peer_cert); in tls_connection_get_peer_subject()
2582 return conn->peer_subject; in tls_connection_get_peer_subject()
2587 bool tls_connection_get_own_cert_used(struct tls_connection *conn) in tls_connection_get_own_cert_used() argument
2593 const struct tls_conf *const tls_conf = conn->tls_conf; in tls_connection_get_own_cert_used()
2969 __attribute_noinline__ static void tls_mbedtls_verify_cert_event(struct tls_connection *conn, in tls_mbedtls_verify_cert_event() argument
2993 ev.peer_cert.subject = conn->peer_subject; in tls_mbedtls_verify_cert_event()
3074 struct tls_conf *tls_conf = conn->tls_conf; in tls_mbedtls_verify_cert_event()
3099 struct tls_connection *conn = (struct tls_connection *)arg; in tls_mbedtls_verify_cb() local
3100 struct tls_conf *tls_conf = conn->tls_conf; in tls_mbedtls_verify_cb()
3136 if (!conn->peer_subject) in tls_mbedtls_verify_cb()
3137 tls_mbedtls_set_peer_subject(conn, crt); in tls_mbedtls_verify_cb()
3140 if (!conn->peer_subject) in tls_mbedtls_verify_cb()
3150 …else if (tls_conf->subject_match && os_strstr(conn->peer_subject, tls_conf->subject_match) == NULL) in tls_mbedtls_verify_cb()
3152 … wpa_printf(MSG_WARNING, "MTLS: Subject '%s' did not match with '%s'", conn->peer_subject, in tls_mbedtls_verify_cb()
3230 tls_mbedtls_verify_cert_event(conn, crt, depth); in tls_mbedtls_verify_cb()
3274 if (depth == 0 && conn->peer_subject) in tls_mbedtls_verify_cb()
3276 os_free(conn->peer_subject); in tls_mbedtls_verify_cb()
3277 conn->peer_subject = NULL; in tls_mbedtls_verify_cb()