161     unsigned int flags;  member
647 static int tls_mbedtls_verify_cb(void *arg, mbedtls_x509_crt *crt, int depth, uint32_t *flags);
678     tls_conf->flags |= TLS_CONN_DISABLE_TLSv1_3;  in tls_mbedtls_set_allowed_tls_vers()
682     if (tls_conf->flags & TLS_CONN_SUITEB)  in tls_mbedtls_set_allowed_tls_vers()
684         tls_conf->flags |= TLS_CONN_DISABLE_TLSv1_0;  in tls_mbedtls_set_allowed_tls_vers()
685         tls_conf->flags |= TLS_CONN_DISABLE_TLSv1_1;  in tls_mbedtls_set_allowed_tls_vers()
688     const unsigned int flags = tls_conf->flags;  in tls_mbedtls_set_allowed_tls_vers()  local
692     int min = (flags & TLS_CONN_DISABLE_TLSv1_0) ?  in tls_mbedtls_set_allowed_tls_vers()
693                   (flags & TLS_CONN_DISABLE_TLSv1_1) ?  in tls_mbedtls_set_allowed_tls_vers()
694 …              (flags & TLS_CONN_DISABLE_TLSv1_2) ? (flags & TLS_CONN_DISABLE_TLSv1_3) ? 4 : 3 : 2 :  in tls_mbedtls_set_allowed_tls_vers()
698     int max = (flags & TLS_CONN_DISABLE_TLSv1_3) ?  in tls_mbedtls_set_allowed_tls_vers()
699                   (flags & TLS_CONN_DISABLE_TLSv1_2) ?  in tls_mbedtls_set_allowed_tls_vers()
700 …             (flags & TLS_CONN_DISABLE_TLSv1_1) ? (flags & TLS_CONN_DISABLE_TLSv1_0) ? -1 : 0 : 1 :  in tls_mbedtls_set_allowed_tls_vers()
704     if ((flags & TLS_CONN_ENABLE_TLSv1_2) && min > 2)  in tls_mbedtls_set_allowed_tls_vers()
706     if ((flags & TLS_CONN_ENABLE_TLSv1_1) && min > 1)  in tls_mbedtls_set_allowed_tls_vers()
708     if ((flags & TLS_CONN_ENABLE_TLSv1_0) && min > 0)  in tls_mbedtls_set_allowed_tls_vers()
1701     tls_conf->flags = params->flags;  in tls_mbedtls_set_params()
1703     if (tls_conf->flags & TLS_CONN_REQUIRE_OCSP_ALL)  in tls_mbedtls_set_params()
1709     if (tls_conf->flags & TLS_CONN_REQUIRE_OCSP)  in tls_mbedtls_set_params()
1722             tls_conf->flags |= TLS_CONN_SUITEB;  in tls_mbedtls_set_params()
1727             tls_conf->flags |= TLS_CONN_SUITEB;  in tls_mbedtls_set_params()
1759     else if (tls_conf->flags & TLS_CONN_SUITEB)  in tls_mbedtls_set_params()
1790     else if (tls_conf->flags & TLS_CONN_SUITEB)  in tls_mbedtls_set_params()
1793         if (!tls_mbedtls_set_ciphers(tls_conf, (tls_conf->flags & TLS_CONN_SUITEB_NO_ECDH) ?  in tls_mbedtls_set_params()
1838     if (conn->tls_conf->flags & TLS_CONN_DISABLE_SESSION_TICKET)  in tls_mbedtls_clienthello_session_ticket_prep()
1937     if (!(params->flags & TLS_CONN_DISABLE_SESSION_TICKET))  in tls_global_set_params()
1970                               unsigned int flags,  in tls_connection_set_verify()  argument
1978     conn->tls_conf->flags |= flags; /* TODO: reprocess flags, if necessary */  in tls_connection_set_verify()
2176     if (!(conn->tls_conf->flags & TLS_CONN_SUITEB))  in tls_mbedtls_suiteb_handshake_alert()
2217         params.flags           = tls_ctx_global.tls_conf->flags;  in tls_connection_handshake()
2234     if (conn->tls_conf->flags & TLS_CONN_DISABLE_SESSION_TICKET)  in tls_connection_handshake()
2501     if (!(conn->tls_conf->flags & TLS_CONN_DISABLE_SESSION_TICKET))  in tls_connection_set_session_ticket_cb()
3075 …if (tls_conf->ca_cert_probe || (tls_conf->flags & TLS_CONN_EXT_CERT_CHECK) || init_conf->cert_in_c…  in tls_mbedtls_verify_cert_event()
3090 static int tls_mbedtls_verify_cb(void *arg, mbedtls_x509_crt *crt, int depth, uint32_t *flags)  in tls_mbedtls_verify_cb()  argument
3101     uint32_t flags_in           = *flags;  in tls_mbedtls_verify_cb()
3111         *flags |= MBEDTLS_X509_BADCERT_OTHER; /* cert chain too long */  in tls_mbedtls_verify_cb()
3117             *flags = 0;  in tls_mbedtls_verify_cb()
3126                 *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;  in tls_mbedtls_verify_cb()
3130                 *flags &= MBEDTLS_X509_BADCERT_REVOKED;  in tls_mbedtls_verify_cb()
3142             *flags |= MBEDTLS_X509_BADCERT_OTHER;  in tls_mbedtls_verify_cb()
3154             *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;  in tls_mbedtls_verify_cb()
3160             *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;  in tls_mbedtls_verify_cb()
3166             *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;  in tls_mbedtls_verify_cb()
3172             *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;  in tls_mbedtls_verify_cb()
3177             *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;  in tls_mbedtls_verify_cb()
3181         if (tls_conf->flags & TLS_CONN_SUITEB)  in tls_mbedtls_verify_cb()
3196                 *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;  in tls_mbedtls_verify_cb()
3205             *flags |= MBEDTLS_X509_BADCERT_OTHER;  in tls_mbedtls_verify_cb()
3215             *flags &= ~MBEDTLS_X509_BADCERT_REVOKED;  in tls_mbedtls_verify_cb()
3220         *flags &= ~MBEDTLS_X509_BADCRL_EXPIRED;  in tls_mbedtls_verify_cb()
3221         *flags &= ~MBEDTLS_X509_BADCRL_FUTURE;  in tls_mbedtls_verify_cb()
3224     if (tls_conf->flags & TLS_CONN_DISABLE_TIME_CHECKS)  in tls_mbedtls_verify_cb()
3226         *flags &= ~MBEDTLS_X509_BADCERT_EXPIRED;  in tls_mbedtls_verify_cb()
3227         *flags &= ~MBEDTLS_X509_BADCERT_FUTURE;  in tls_mbedtls_verify_cb()
3232     if (*flags)  in tls_mbedtls_verify_cb()
3234         if (*flags &  in tls_mbedtls_verify_cb()
3241         if (!(*flags & ~flags_in))  in tls_mbedtls_verify_cb()
3245             if (*flags & MBEDTLS_X509_BADCERT_NOT_TRUSTED)  in tls_mbedtls_verify_cb()
3250             if (*flags & MBEDTLS_X509_BADCERT_REVOKED)  in tls_mbedtls_verify_cb()
3255             if (*flags & MBEDTLS_X509_BADCERT_FUTURE)  in tls_mbedtls_verify_cb()
3260             if (*flags & MBEDTLS_X509_BADCERT_EXPIRED)  in tls_mbedtls_verify_cb()
3265             if (*flags & MBEDTLS_X509_BADCERT_BAD_MD)  in tls_mbedtls_verify_cb()
3286             *flags |= MBEDTLS_X509_BADCERT_OTHER;  in tls_mbedtls_verify_cb()