#include <polarssl/ssl.h>
#include <polarssl/net.h>
+#ifdef POLARSSL_API_V1_2
+int ciphers[] =
+{
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+ 0
+};
+#else
int ciphers[] =
{
SSL_EDH_RSA_AES_256_SHA,
- SSL_EDH_RSA_CAMELLIA_256_SHA,
- SSL_EDH_RSA_DES_168_SHA,
SSL_RSA_AES_256_SHA,
- SSL_RSA_CAMELLIA_256_SHA,
SSL_RSA_AES_128_SHA,
- SSL_RSA_CAMELLIA_128_SHA,
- SSL_RSA_DES_168_SHA,
- SSL_RSA_RC4_128_SHA,
- SSL_RSA_RC4_128_MD5,
0
};
+#endif
static x509_cert certificate;
static rsa_context key;
bool_t builtInTestCertificate;
"DEF409C08E8AC24D1732A6128D2220DC53";
char *my_dhm_G = "4";
+#ifdef USE_POLARSSL_TESTCERT
static void initTestCert()
{
int rc;
if (rc != 0)
Log_fatal("Could not parse built-in test RSA key");
}
+#endif
/*
* How to generate a self-signed cert with openssl:
char *crtfile = (char *)getStrConf(CERTIFICATE);
if (crtfile == NULL) {
- Log_warn("No certificate file specified");
+#ifdef USE_POLARSSL_TESTCERT
+ Log_warn("No certificate file specified. Falling back to test certificate.");
initTestCert();
+#else
+ Log_fatal("No certificate file specified");
+#endif
return;
}
rc = x509parse_crtfile(&certificate, crtfile);
if (rc != 0) {
- Log_warn("Could not read certificate file %s", crtfile);
+#ifdef USE_POLARSSL_TESTCERT
+ Log_warn("Could not read certificate file '%s'. Falling back to test certificate.", crtfile);
initTestCert();
+#else
+ Log_fatal("Could not read certificate file '%s'", crtfile);
+#endif
return;
}
}
char verstring[12];
initCert();
+#ifdef USE_POLARSSL_TESTCERT
if (builtInTestCertificate) {
Log_warn("*** Using built-in test certificate and RSA key ***");
- Log_warn("*** This is not secure! Please use a CA-signed certificate or create a self-signed certificate ***");
+ Log_warn("*** This is not secure! Please use a CA-signed certificate or create a key and self-signed certificate ***");
initTestKey();
}
else
initKey();
+#else
+ initKey();
+#endif
havege_init(&hs);
#ifdef POLARSSL_VERSION_MAJOR
/* Create SHA1 of last certificate in the peer's chain. */
bool_t SSLi_getSHA1Hash(SSL_handle_t *ssl, uint8_t *hash)
{
- x509_cert *cert = ssl->peer_cert;
- if (!ssl->peer_cert) {
+ x509_cert const *cert;
+#ifdef POLARSSL_API_V1_2
+ cert = ssl_get_peer_cert(ssl);
+#else
+ cert = ssl->peer_cert;
+#endif
+ if (!cert) {
return false;
}
sha1(cert->raw.p, cert->raw.len, hash);
rc = ssl_init(ssl);
if (rc != 0 )
- Log_fatal("Failed to initalize: %d", rc);
+ Log_fatal("Failed to initialize: %d", rc);
ssl_set_endpoint(ssl, SSL_IS_SERVER);
ssl_set_authmode(ssl, SSL_VERIFY_OPTIONAL);
#else
ssl_set_ciphers(ssl, ciphers);
#endif
+
+#ifdef POLARSSL_API_V1_2
+ ssl_set_session(ssl, ssn);
+#else
ssl_set_session(ssl, 0, 0, ssn);
+#endif
ssl_set_ca_chain(ssl, &certificate, NULL, NULL);
ssl_set_own_cert(ssl, &certificate, &key);
projects / umurmur.git / blobdiff