Multicast

1. Add haveMcast as an exception case for needing a signing key along with havePSK and haveAnon.
2017-01-03 09:40:57 -08:00
parent 41638b437b
commit 30a54a4860
2 changed files with 15 additions and 6 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -3725,6 +3725,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
    byte haveAnon = 0;
    byte newSSL;
    byte haveRSA = 0;
+    byte haveMcast = 0;
    (void) haveAnon; /* Squash unused var warnings */

    if (!ssl || !ctx)
@ -3751,6 +3752,9 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #ifdef HAVE_ANON
    haveAnon = ctx->haveAnon;
 #endif /* HAVE_ANON*/
+#ifdef WOLFSSL_MULTICAST
+    haveMcast = ctx->haveMcast;
+#endif /* WOLFSSL_MULTICAST */

    /* decrement previous CTX reference count if exists.
     * This should only happen if switching ctxs!*/
@ -3885,11 +3889,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
                       ssl->options.haveStaticECC, ssl->options.side);

 #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
-        /* make sure server has cert and key unless using PSK or Anon
-        * This should be true even if just switching ssl ctx */
-        if (ssl->options.side == WOLFSSL_SERVER_END && !havePSK && !haveAnon)
+        /* make sure server has cert and key unless using PSK, Anon, or
+         * Multicast. This should be true even if just switching ssl ctx */
+        if (ssl->options.side == WOLFSSL_SERVER_END &&
+                !havePSK && !haveAnon && !haveMcast)
            if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer
-                     || !ssl->buffers.key || !ssl->buffers.key->buffer) {
+                || !ssl->buffers.key || !ssl->buffers.key->buffer) {
                WOLFSSL_MSG("Server missing certificate and/or private key");
                return NO_PRIVATE_KEY;
            }
--- a/src/ssl.c
+++ b/src/ssl.c
@ -8746,12 +8746,12 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
    {
        word16 havePSK = 0;
        word16 haveAnon = 0;
+        word16 haveMcast = 0;

 #ifdef WOLFSSL_TLS13
        if (ssl->options.tls1_3)
            return wolfSSL_accept_TLSv13(ssl);
 #endif
-
        WOLFSSL_ENTER("SSL_accept()");

        #ifdef HAVE_ERRNO_H
@ -8768,6 +8768,10 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
        #endif
        (void)haveAnon;

+        #ifdef WOLFSSL_MULTICAST
+            haveMcast = ssl->options.haveMcast;
+        #endif
+
        if (ssl->options.side != WOLFSSL_SERVER_END) {
            WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
            return SSL_FATAL_ERROR;
@ -8775,7 +8779,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,

        #ifndef NO_CERTS
            /* in case used set_accept_state after init */
-            if (!havePSK && !haveAnon &&
+            if (!havePSK && !haveAnon && !haveMcast &&
                (!ssl->buffers.certificate ||
                 !ssl->buffers.certificate->buffer ||
                 !ssl->buffers.key ||