diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index 911ae3972..ad21ba203 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -1595,7 +1595,7 @@ WOLFSSL* wolfSSL_new(WOLFSSL_CTX*); \sa wolfSSL_SetIOReadCtx \sa wolfSSL_SetIOWriteCtx */ -int wolfSSL_set_fd (WOLFSSL* ssl, int fd); +int wolfSSL_set_fd(WOLFSSL* ssl, int fd); /*! \ingroup Setup @@ -1631,9 +1631,40 @@ int wolfSSL_set_fd (WOLFSSL* ssl, int fd); \sa wolfSSL_CTX_SetIORecv \sa wolfSSL_SetIOReadCtx \sa wolfSSL_SetIOWriteCtx + \sa wolfDTLS_SetChGoodCb */ int wolfSSL_set_dtls_fd_connected(WOLFSSL* ssl, int fd) +/*! + \ingroup Setup + + \brief Allows setting a callback for DTLS client hello "good". + + \return SSL_SUCCESS upon success. + \return BAD_FUNC_ARG upon failure. + + \param ssl pointer to the SSL session, created with wolfSSL_new(). + \param fd file descriptor to use with SSL/TLS connection. + + _Example_ + \code + + // Called when we have verified a connection + static int chGoodCb(WOLFSSL* ssl, void* arg) + { + // setup peer and file descriptors + + } + + if (wolfDTLS_SetChGoodCb(ssl, chGoodCb, NULL) != WOLFSSL_SUCCESS) { + // error setting callback + } + \endcode + + \sa wolfSSL_set_dtls_fd_connected +*/ +int wolfDTLS_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx); + /*! \ingroup IO diff --git a/src/dtls13.c b/src/dtls13.c index 0954f6f8a..e46ef3c8e 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -331,6 +331,8 @@ static byte Dtls13RtxMsgNeedsAck(WOLFSSL* ssl, enum HandShakeType hs) message */ if (ssl->options.side == WOLFSSL_SERVER_END && (hs == finished)) return 1; +#else + (void)ssl; #endif /* NO_WOLFSSL_SERVER */ if (hs == session_ticket || hs == key_update) diff --git a/src/internal.c b/src/internal.c index f0b3f696d..6d5868847 100644 --- a/src/internal.c +++ b/src/internal.c @@ -554,7 +554,7 @@ int IsDtlsNotSctpMode(WOLFSSL* ssl) #endif } -#ifndef WOLFSSL_NO_TLS12 +#if !defined(WOLFSSL_NO_TLS12) && !defined(NO_WOLFSSL_SERVER) /* Secure Real-time Transport Protocol */ /* If SRTP is not enabled returns the state of the dtls option. * If SRTP is enabled returns dtls && !dtlsSrtpProfiles. */ @@ -566,7 +566,7 @@ static WC_INLINE int IsDtlsNotSrtpMode(WOLFSSL* ssl) return ssl->options.dtls; #endif } -#endif /* !WOLFSSL_NO_TLS12 */ +#endif /* !WOLFSSL_NO_TLS12 && !NO_WOLFSSL_SERVER */ #endif /* WOLFSSL_DTLS */ diff --git a/src/ssl.c b/src/ssl.c index 53339b752..ead087c95 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -12794,9 +12794,9 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #endif /* NO_WOLFSSL_SERVER */ #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER) -int wolfSSL_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx) +int wolfDTLS_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx) { - WOLFSSL_ENTER("wolfSSL_SetChGoodCb"); + WOLFSSL_ENTER("wolfDTLS_SetChGoodCb"); if (ssl == NULL) return BAD_FUNC_ARG; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 606dc9d4b..c91eb9499 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2228,7 +2228,10 @@ typedef struct WOLFSSL_DTLS_CTX { int rfd; int wfd; byte userSet:1; - byte connected:1; /* Set when the rfd and wfd are connected sockets */ + byte connected:1; /* When set indicates rfd and wfd sockets are + * connected (connect() and bind() both called). + * This means that sendto and recvfrom do not need to + * specify and store the peer address. */ } WOLFSSL_DTLS_CTX; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index b35664d84..97d56a930 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3943,10 +3943,13 @@ WOLFSSL_API int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx); #define WOLFSSL_CRL_START_MON 0x02 /* start monitoring flag */ +#if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER) /* notify user we parsed a verified ClientHello is done. This only has an effect * on the server end. */ typedef int (*ClientHelloGoodCb)(WOLFSSL* ssl, void*); -WOLFSSL_API int wolfSSL_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx); +WOLFSSL_API int wolfDTLS_SetChGoodCb(WOLFSSL* ssl, ClientHelloGoodCb cb, void* user_ctx); +#endif + /* notify user the handshake is done */ typedef int (*HandShakeDoneCb)(WOLFSSL* ssl, void*); WOLFSSL_API int wolfSSL_SetHsDoneCb(WOLFSSL* ssl, HandShakeDoneCb cb, void* user_ctx);