in adapters/tlsio_mbedtls.c [971:1109]
int tlsio_mbedtls_setoption(CONCRETE_IO_HANDLE tls_io, const char *optionName, const void *value)
{
int result = 0;
if (tls_io == NULL || optionName == NULL)
{
result = MU_FAILURE;
}
else
{
TLS_IO_INSTANCE *tls_io_instance = (TLS_IO_INSTANCE *)tls_io;
if (strcmp(OPTION_TRUSTED_CERT, optionName) == 0)
{
if (tls_io_instance->trusted_certificates != NULL)
{
// Free the memory if it has been previously allocated
free(tls_io_instance->trusted_certificates);
tls_io_instance->trusted_certificates = NULL;
}
if (mallocAndStrcpy_s(&tls_io_instance->trusted_certificates, (const char *)value) != 0)
{
LogError("unable to mallocAndStrcpy_s");
result = MU_FAILURE;
}
else
{
int parse_result = mbedtls_x509_crt_parse(&tls_io_instance->trusted_certificates_parsed, (const unsigned char *)value, (int)(strlen(value) + 1));
if (parse_result != 0)
{
LogInfo("Malformed pem certificate");
free(tls_io_instance->trusted_certificates);
tls_io_instance->trusted_certificates = NULL;
result = MU_FAILURE;
}
else
{
mbedtls_ssl_conf_ca_chain(&tls_io_instance->config, &tls_io_instance->trusted_certificates_parsed, NULL);
}
}
}
else if (strcmp(SU_OPTION_X509_CERT, optionName) == 0 || strcmp(OPTION_X509_ECC_CERT, optionName) == 0)
{
char* temp_cert;
if (mallocAndStrcpy_s(&temp_cert, (const char *)value) != 0)
{
LogError("unable to mallocAndStrcpy_s on certificate");
result = MU_FAILURE;
}
else if (mbedtls_x509_crt_parse(&tls_io_instance->owncert, (const unsigned char *)temp_cert, (int)(strlen(temp_cert) + 1)) != 0)
{
LogError("failure parsing certificate");
free(temp_cert);
result = MU_FAILURE;
}
else if (mbedtls_pk_get_type(&tls_io_instance->pKey) != MBEDTLS_PK_NONE &&
mbedtls_ssl_conf_own_cert(&tls_io_instance->config, &tls_io_instance->owncert, &tls_io_instance->pKey) != 0)
{
LogError("failure calling mbedtls_ssl_conf_own_cert");
free(temp_cert);
result = MU_FAILURE;
}
else
{
if (tls_io_instance->x509_certificate != NULL)
{
// Free the memory if it has been previously allocated
free(tls_io_instance->x509_certificate);
}
tls_io_instance->x509_certificate = temp_cert;
result = 0;
}
}
else if (strcmp(SU_OPTION_X509_PRIVATE_KEY, optionName) == 0 || strcmp(OPTION_X509_ECC_KEY, optionName) == 0)
{
char* temp_key;
if (mallocAndStrcpy_s(&temp_key, (const char *)value) != 0)
{
LogError("unable to mallocAndStrcpy_s on private key");
result = MU_FAILURE;
}
else if (parse_key(temp_key, &tls_io_instance->pKey) != 0)
{
LogError("failure calling parse_key");
free(temp_key);
result = MU_FAILURE;
}
else if (tls_io_instance->owncert.version > 0 && mbedtls_ssl_conf_own_cert(&tls_io_instance->config, &tls_io_instance->owncert, &tls_io_instance->pKey))
{
LogError("failure calling mbedtls_ssl_conf_own_cert");
free(temp_key);
result = MU_FAILURE;
}
else
{
if (tls_io_instance->x509_private_key != NULL)
{
// Free the memory if it has been previously allocated
free(tls_io_instance->x509_private_key);
}
tls_io_instance->x509_private_key = temp_key;
result = 0;
}
}
else if (strcmp(optionName, OPTION_UNDERLYING_IO_OPTIONS) == 0)
{
if (OptionHandler_FeedOptions((OPTIONHANDLER_HANDLE)value, (void*)tls_io_instance->socket_io) != OPTIONHANDLER_OK)
{
LogError("failed feeding options to underlying I/O instance");
result = MU_FAILURE;
}
else
{
result = 0;
}
}
else if (strcmp(optionName, OPTION_SET_TLS_RENEGOTIATION) == 0)
{
if (value == NULL)
{
LogError("Invalid value set for tls renegotiation");
result = MU_FAILURE;
}
else
{
bool set_renegotiation = *((bool*)(value));
mbedtls_ssl_conf_renegotiation(&tls_io_instance->config, set_renegotiation ? 1 : 0);
result = 0;
}
}
else
{
// tls_io_instance->socket_io is never NULL
result = xio_setoption(tls_io_instance->socket_io, optionName, value);
}
}
return result;
}