else if ((size_t)sentLen != dataLen)
{
OIC_LOG_V(DEBUG, NET_SSL_TAG,
- "Packet was partially sent - total/sent/remained bytes : %zd/%zu/%lu",
+ "Packet was partially sent - total/sent/remained bytes : %zd/%zu/%zu",
sentLen, dataLen, (dataLen - sentLen));
}
}
mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
OIC_LOG_V(DEBUG, NET_SSL_TAG, "crt : %s", buf);
- g_peerCertCallback.cb(g_peerCertCallback.ctx, crt, depth);
-
- return 0;
+ return g_peerCertCallback.cb(g_peerCertCallback.ctx, crt, depth);
}
CAResult_t CAsetPeerCertCallback(void *ctx, PeerCertCallback peerCertCallback)
&& (endpoint->port == tep->sep.endpoint.port || CA_ADAPTER_GATT_BTLE == endpoint->adapter))
{
u_arraylist_remove(g_caSslContext->peerList, listIndex);
- DeleteSslEndPoint(tep);
OIC_LOG_V(INFO, NET_SSL_TAG, "Remove Peer:[%s:%d] for %d adapter",
endpoint->addr, endpoint->port, endpoint->adapter);
+ DeleteSslEndPoint(tep);
OIC_LOG_V(DEBUG, NET_SSL_TAG, "Out %s", __func__);
return;
}
memset(g_cipherSuitesList, 0, sizeof(g_cipherSuitesList));
+ if (SSL_CIPHER_MAX < g_caSslContext->cipher)
+ {
+ OIC_LOG(ERROR, NET_SSL_TAG, "Maximum ciphersuite index exceeded");
+ }
+
// Add the preferred ciphersuite first
if (SSL_CIPHER_MAX != g_caSslContext->cipher)
{
sizeof(sep->endpoint.addr));
ret = mbedtls_ssl_handshake_step(&peer->ssl);
}
- if (MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint)
+ uint32_t flags = mbedtls_ssl_get_verify_result(&peer->ssl);
+ if (0 != flags &&
+ ((MBEDTLS_SSL_IS_CLIENT == peer->ssl.conf->endpoint) ||
+ (MBEDTLS_SSL_IS_SERVER == peer->ssl.conf->endpoint && MBEDTLS_X509_BADCERT_MISSING != flags)))
{
- uint32_t flags = mbedtls_ssl_get_verify_result(&peer->ssl);
- if (0 != flags)
- {
- OIC_LOG_BUFFER(ERROR, NET_SSL_TAG, (const uint8_t *) &flags, sizeof(flags));
- SSL_CHECK_FAIL(peer, flags, "Cert verification failed", 1,
- CA_STATUS_FAILED, GetAlertCode(flags));
- }
+ OIC_LOG_BUFFER(ERROR, NET_SSL_TAG, (const uint8_t *) &flags, sizeof(flags));
+ SSL_CHECK_FAIL(peer, flags, "Cert verification failed", 1,
+ CA_STATUS_FAILED, GetAlertCode(flags));
}
SSL_CHECK_FAIL(peer, ret, "Handshake error", 1, CA_STATUS_FAILED, MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
if (MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC == peer->ssl.state)