in platform/posix/transport/src/mbedtls_pkcs11_posix.c [356:417]
static MbedtlsPkcs11Status_t configureMbedtlsCertificates( MbedtlsPkcs11Context_t * pMbedtlsPkcs11Context,
const MbedtlsPkcs11Credentials_t * pMbedtlsPkcs11Credentials )
{
MbedtlsPkcs11Status_t returnStatus = MBEDTLS_PKCS11_SUCCESS;
int32_t mbedtlsError = 0;
bool result;
assert( pMbedtlsPkcs11Context != NULL );
assert( pMbedtlsPkcs11Credentials != NULL );
assert( pMbedtlsPkcs11Credentials->pRootCaPath != NULL );
/* Parse the server root CA certificate into the SSL context. */
mbedtlsError = mbedtls_x509_crt_parse_file( &( pMbedtlsPkcs11Context->rootCa ),
pMbedtlsPkcs11Credentials->pRootCaPath );
if( mbedtlsError != 0 )
{
LogError( ( "Failed to parse server root CA certificate: mbedTLSError= %s : %s.",
mbedtlsHighLevelCodeOrDefault( mbedtlsError ),
mbedtlsLowLevelCodeOrDefault( mbedtlsError ) ) );
returnStatus = MBEDTLS_PKCS11_INVALID_CREDENTIALS;
}
else
{
mbedtls_ssl_conf_ca_chain( &( pMbedtlsPkcs11Context->config ),
&( pMbedtlsPkcs11Context->rootCa ),
NULL );
/* Setup the client private key. */
result = initializeClientKeys( pMbedtlsPkcs11Context,
pMbedtlsPkcs11Credentials->pPrivateKeyLabel );
if( result == false )
{
LogError( ( "Failed to setup key handling by PKCS #11." ) );
returnStatus = MBEDTLS_PKCS11_INVALID_CREDENTIALS;
}
}
if( returnStatus == MBEDTLS_PKCS11_SUCCESS )
{
/* Setup the client certificate. */
result = readCertificateIntoContext( pMbedtlsPkcs11Context,
pMbedtlsPkcs11Credentials->pClientCertLabel,
&( pMbedtlsPkcs11Context->clientCert ) );
if( result == false )
{
LogError( ( "Failed to get certificate from PKCS #11 module." ) );
returnStatus = MBEDTLS_PKCS11_INVALID_CREDENTIALS;
}
}
if( returnStatus == MBEDTLS_PKCS11_SUCCESS )
{
( void ) mbedtls_ssl_conf_own_cert( &( pMbedtlsPkcs11Context->config ),
&( pMbedtlsPkcs11Context->clientCert ),
&( pMbedtlsPkcs11Context->privKey ) );
}
return returnStatus;
}