Skip to content

Commit d7e84ac

Browse files
MAJigsaw77MAJigsaw77
committed
Move mbedtls_ssl_conf_verify out of _hx_ssl_conf_set_ca 
1 parent fe0dd6f commit d7e84ac

1 file changed

Lines changed: 26 additions & 31 deletions

File tree

src/hx/libs/ssl/SSL.cpp

Lines changed: 26 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -364,12 +364,12 @@ int _hx_ssl_recv( Dynamic hssl, Array<unsigned char> buf, int p, int l ) {
364364
HANDLE_EINTR(recv_again);
365365
hx::Throw(HX_CSTRING("ssl network error"));
366366
}
367-
if( dlen < 0 ) {
367+
if( dlen < 0 ) {
368368
if( dlen == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY ) {
369369
mbedtls_ssl_close_notify( ssl->s );
370370
return 0;
371371
}
372-
hx::Throw( HX_CSTRING("ssl_recv") );
372+
hx::Throw( HX_CSTRING("ssl_recv") );
373373
}
374374
return dlen;
375375
}
@@ -442,32 +442,8 @@ static int verify_callback(void* param, mbedtls_x509_crt *crt, int depth, uint32
442442
CertCloseStore(store, 0);
443443
return 0;
444444
}
445-
#endif
446-
447-
Dynamic _hx_ssl_conf_new( bool server ) {
448-
int ret;
449-
sslconf *conf = new sslconf();
450-
conf->create();
451-
if( ret = mbedtls_ssl_config_defaults( conf->c,
452-
server ? MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT,
453-
MBEDTLS_SSL_TRANSPORT_STREAM, 0 ) != 0 ){
454-
conf->destroy();
455-
ssl_error( ret );
456-
}
457-
#ifdef NEKO_WINDOWS
458-
mbedtls_ssl_conf_verify(conf->c, verify_callback, NULL);
459-
#endif
460-
mbedtls_ssl_conf_rng( conf->c, mbedtls_ctr_drbg_random, &ctr_drbg );
461-
return conf;
462-
}
463-
464-
void _hx_ssl_conf_close( Dynamic hconf ) {
465-
sslconf *conf = val_conf(hconf);
466-
conf->destroy();
467-
}
468-
469-
#if defined(IPHONE) || defined(APPLETV)
470-
static int apple_verify_cb(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags) {
445+
#elif defined(IPHONE) || defined(APPLETV)
446+
static int verify_callback(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags) {
471447
// use mbedtls validate the chain structure and we validate with the iOS system trust store to replace the missing CA bundle
472448
if (depth != 0) {
473449
*flags = 0;
@@ -499,12 +475,31 @@ static int apple_verify_cb(void *data, mbedtls_x509_crt *crt, int depth, uint32_
499475
}
500476
#endif
501477

478+
Dynamic _hx_ssl_conf_new( bool server ) {
479+
int ret;
480+
sslconf *conf = new sslconf();
481+
conf->create();
482+
if( ret = mbedtls_ssl_config_defaults( conf->c,
483+
server ? MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT,
484+
MBEDTLS_SSL_TRANSPORT_STREAM, 0 ) != 0 ){
485+
conf->destroy();
486+
ssl_error( ret );
487+
}
488+
#if defined(NEKO_WINDOWS) || defined(IPHONE) || defined(APPLETV)
489+
mbedtls_ssl_conf_verify(conf->c, verify_callback, NULL);
490+
#endif
491+
mbedtls_ssl_conf_rng( conf->c, mbedtls_ctr_drbg_random, &ctr_drbg );
492+
return conf;
493+
}
494+
495+
void _hx_ssl_conf_close( Dynamic hconf ) {
496+
sslconf *conf = val_conf(hconf);
497+
conf->destroy();
498+
}
499+
502500
void _hx_ssl_conf_set_ca( Dynamic hconf, Dynamic hcert ) {
503501
sslconf *conf = val_conf(hconf);
504502
#if defined(IPHONE) || defined(APPLETV)
505-
// always attach Apple system verification callback
506-
mbedtls_ssl_conf_verify(conf->c, apple_verify_cb, NULL);
507-
508503
sslcert *cert = val_cert(hcert);
509504
// make sure the ca chain is set even if null
510505
mbedtls_ssl_conf_ca_chain(conf->c, cert ? cert->c : NULL, NULL);

0 commit comments

Comments
 (0)