mirror of
https://github.com/sle118/squeezelite-esp32.git
synced 2025-12-08 20:47:08 +03:00
31 lines
1.2 KiB
C++
31 lines
1.2 KiB
C++
#pragma once
|
|
|
|
#include <mbedtls/x509_crt.h> // for mbedtls_x509_crt
|
|
#include <stddef.h> // for size_t
|
|
#include <cstdint> // for uint8_t, uint16_t, uint32_t
|
|
#include <vector> // for vector
|
|
|
|
#include "mbedtls/ssl.h" // for mbedtls_ssl_config
|
|
|
|
namespace bell::X509Bundle {
|
|
|
|
int crtCheckCertificate(mbedtls_x509_crt* child, const uint8_t* pub_key_buf,
|
|
size_t pub_key_len);
|
|
/* This callback is called for every certificate in the chain. If the chain
|
|
* is proper each intermediate certificate is validated through its parent
|
|
* in the x509_crt_verify_chain() function. So this callback should
|
|
* only verify the first untrusted link in the chain is signed by the
|
|
* root certificate in the trusted bundle
|
|
*/
|
|
int crtVerifyCallback(void* buf, mbedtls_x509_crt* crt, int depth,
|
|
uint32_t* flags);
|
|
|
|
/* Initialize the bundle into an array so we can do binary search for certs,
|
|
the bundle generated by the python utility is already presorted by subject name
|
|
*/
|
|
void init(const uint8_t* x509_bundle, size_t bundle_size);
|
|
|
|
void attach(mbedtls_ssl_config* conf);
|
|
|
|
bool shouldVerify();
|
|
}; // namespace bell::X509Bundle
|