Rename callback to wolfDTLS_SetChGoodCb and add doxygen for it. Clarify DTLS_CTX.connected. Fix build errors for ./configure --enable-dtls --enable-dtls13 --disable-examples CFLAGS="-DNO_WOLFSSL_SERVER".

doc/dox_comments/header_files/ssl.h

@@ -1631,9 +1631,40 @@ int  wolfSSL_set_fd (WOLFSSL* ssl, int fd);
     \sa wolfSSL_CTX_SetIORecv
     \sa wolfSSL_SetIOReadCtx
     \sa wolfSSL_SetIOWriteCtx
+    \sa wolfDTLS_SetChGoodCb
 */
 int wolfSSL_set_dtls_fd_connected(WOLFSSL* ssl, int fd)
 
+/*!
+    \ingroup Setup
+
+    \brief Allows setting a callback for DTLS client hello "good".
+
+    \return SSL_SUCCESS upon success.
+    \return BAD_FUNC_ARG upon failure.
+
+    \param ssl pointer to the SSL session, created with wolfSSL_new().
+    \param fd file descriptor to use with SSL/TLS connection.
+
+    _Example_
+    \code
+
+    // Called when we have verified a connection
+    static int chGoodCb(WOLFSSL* ssl, void* arg)
+    {
+        // setup peer and file descriptors
+
+    }
+
+    if (wolfDTLS_SetChGoodCb(ssl, chGoodCb, NULL) != WOLFSSL_SUCCESS) {
+         // error setting callback
+    }
+    \endcode
+
+    \sa wolfSSL_set_dtls_fd_connected
+*/
+int wolfDTLS_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx);
+
 /*!
     \ingroup IO
 

src/dtls13.c

@@ -331,6 +331,8 @@ static byte Dtls13RtxMsgNeedsAck(WOLFSSL* ssl, enum HandShakeType hs)
        message */
     if (ssl->options.side == WOLFSSL_SERVER_END && (hs == finished))
         return 1;
+#else
+    (void)ssl;
 #endif /* NO_WOLFSSL_SERVER */
 
     if (hs == session_ticket || hs == key_update)

src/internal.c

@@ -554,7 +554,7 @@ int IsDtlsNotSctpMode(WOLFSSL* ssl)
 #endif
 }
 
-#ifndef WOLFSSL_NO_TLS12
+#if !defined(WOLFSSL_NO_TLS12) && !defined(NO_WOLFSSL_SERVER)
 /* Secure Real-time Transport Protocol */
 /* If SRTP is not enabled returns the state of the dtls option.
  * If SRTP is enabled returns dtls && !dtlsSrtpProfiles. */
@@ -566,7 +566,7 @@ static WC_INLINE int IsDtlsNotSrtpMode(WOLFSSL* ssl)
     return ssl->options.dtls;
 #endif
 }
-#endif /* !WOLFSSL_NO_TLS12 */
+#endif /* !WOLFSSL_NO_TLS12 && !NO_WOLFSSL_SERVER */
 #endif /* WOLFSSL_DTLS */
 
 

src/ssl.c

@@ -12794,9 +12794,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
 #endif /* NO_WOLFSSL_SERVER */
 
 #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
-int wolfSSL_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx)
+int wolfDTLS_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx)
 {
-    WOLFSSL_ENTER("wolfSSL_SetChGoodCb");
+    WOLFSSL_ENTER("wolfDTLS_SetChGoodCb");
 
     if (ssl == NULL)
         return BAD_FUNC_ARG;

wolfssl/internal.h

@@ -2228,7 +2228,10 @@ typedef struct WOLFSSL_DTLS_CTX {
     int rfd;
     int wfd;
     byte userSet:1;
-    byte connected:1; /* Set when the rfd and wfd are connected sockets */
+    byte connected:1; /* When set indicates rfd and wfd sockets are
+                       * connected (connect() and bind() both called).
+                       * This means that sendto and recvfrom do not need to
+                       * specify and store the peer address. */
 } WOLFSSL_DTLS_CTX;
 
 

wolfssl/ssl.h

@@ -3943,10 +3943,13 @@ WOLFSSL_API int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx);
 #define WOLFSSL_CRL_START_MON 0x02   /* start monitoring flag */
 
 
+#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
 /* notify user we parsed a verified ClientHello is done. This only has an effect
  * on the server end. */
 typedef int (*ClientHelloGoodCb)(WOLFSSL* ssl, void*);
-WOLFSSL_API int wolfSSL_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx);
+WOLFSSL_API int wolfDTLS_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx);
+#endif
+
 /* notify user the handshake is done */
 typedef int (*HandShakeDoneCb)(WOLFSSL* ssl, void*);
 WOLFSSL_API int wolfSSL_SetHsDoneCb(WOLFSSL* ssl, HandShakeDoneCb cb, void* user_ctx);