Added the configuration option ALTCP_MBEDTLS_AUTHMODE to set the certificate verification mode.

Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
2024-07-07 13:29:19 +00:00 · 2019-06-11 09:50:31 +02:00 · 2019-06-11 09:50:31 +02:00 · 832490eec8
commit 832490eec8
parent edeeef0d20
2 changed files with 7 additions and 1 deletions
--- a/src/apps/altcp_tls/altcp_tls_mbedtls.c
+++ b/src/apps/altcp_tls/altcp_tls_mbedtls.c
@ -755,7 +755,7 @@ altcp_tls_create_config(int is_server, u8_t cert_count, u8_t pkey_count, int hav
    altcp_mbedtls_free_config(conf);
    return NULL;
  }
-  mbedtls_ssl_conf_authmode(&conf->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
+  mbedtls_ssl_conf_authmode(&conf->conf, ALTCP_MBEDTLS_AUTHMODE);

  mbedtls_ssl_conf_rng(&conf->conf, mbedtls_ctr_drbg_random, &altcp_tls_entropy_rng->ctr_drbg);
 #if ALTCP_MBEDTLS_LIB_DEBUG != LWIP_DBG_OFF
--- a/src/include/lwip/apps/altcp_tls_mbedtls_opts.h
+++ b/src/include/lwip/apps/altcp_tls_mbedtls_opts.h
@ -100,6 +100,12 @@
 #define ALTCP_MBEDTLS_SESSION_TICKET_TIMEOUT_SECONDS  (60 * 60 * 24)
 #endif

+/** Certificate verification mode: MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL (default),
+ * MBEDTLS_SSL_VERIFY_REQUIRED (recommended)*/
+#ifndef ALTCP_MBEDTLS_AUTHMODE
+#define ALTCP_MBEDTLS_AUTHMODE                        MBEDTLS_SSL_VERIFY_OPTIONAL
+#endif
+
 #endif /* LWIP_ALTCP */

 #endif /* LWIP_HDR_ALTCP_TLS_OPTS_H */