From 665d195f3ae0e156b32a86c6e5aedd8b3fd3d64d Mon Sep 17 00:00:00 2001
From: Robert Lubos <robert.lubos@nordicsemi.no>
Date: Fri, 17 Jan 2020 15:45:56 +0100
Subject: [PATCH] net: sockets: tls: Add missing symbols for a few options

`TLS_PEER_VERIFY` and `TLS_DTLS_ROLE` options accept specific values,
yet no symbols were defined for them. In result, magic numbers were used
in several places, making the code less readable.

Fix this issue, by adding the missing symbols to the `socket.h` header,
and using them in places where related socket options are set.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
---
 doc/reference/networking/mqtt.rst                | 2 +-
 include/net/socket.h                             | 9 +++++++++
 lib/updatehub/updatehub.c                        | 2 +-
 samples/net/cloud/google_iot_mqtt/src/protocol.c | 2 +-
 samples/net/cloud/mqtt_azure/src/main.c          | 2 +-
 samples/net/mqtt_publisher/src/main.c            | 2 +-
 samples/net/sockets/echo_server/src/udp.c        | 2 +-
 7 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/doc/reference/networking/mqtt.rst b/doc/reference/networking/mqtt.rst
index 42e22cdbd74..438a5a81129 100644
--- a/doc/reference/networking/mqtt.rst
+++ b/doc/reference/networking/mqtt.rst
@@ -144,7 +144,7 @@ additional configuration information:
 
    struct mqtt_sec_config *tls_config = &client_ctx.transport.tls.config;
 
-   tls_config->peer_verify = 2;
+   tls_config->peer_verify = TLS_PEER_VERIFY_REQUIRED;
    tls_config->cipher_list = NULL;
    tls_config->sec_tag_list = m_sec_tags;
    tls_config->sec_tag_count = ARRAY_SIZE(m_sec_tags);
diff --git a/include/net/socket.h b/include/net/socket.h
index 72a8187015a..ed852044cf6 100644
--- a/include/net/socket.h
+++ b/include/net/socket.h
@@ -122,6 +122,15 @@ struct zsock_pollfd {
 
 /** @} */
 
+/* Valid values for TLS_PEER_VERIFY option */
+#define TLS_PEER_VERIFY_NONE 0 /**< Peer verification disabled. */
+#define TLS_PEER_VERIFY_OPTIONAL 1 /**< Peer verification optional. */
+#define TLS_PEER_VERIFY_REQUIRED 2 /**< Peer verification required. */
+
+/* Valid values for TLS_DTLS_ROLE option */
+#define TLS_DTLS_ROLE_CLIENT 0 /**< Client role in a DTLS session. */
+#define TLS_DTLS_ROLE_SERVER 1 /**< Server role in a DTLS session. */
+
 struct zsock_addrinfo {
 	struct zsock_addrinfo *ai_next;
 	int ai_flags;
diff --git a/lib/updatehub/updatehub.c b/lib/updatehub/updatehub.c
index 6478cd06292..47cf325b158 100644
--- a/lib/updatehub/updatehub.c
+++ b/lib/updatehub/updatehub.c
@@ -141,7 +141,7 @@ static bool start_coap_client(void)
 	}
 
 #if defined(CONFIG_UPDATEHUB_DTLS)
-	int verify = 0;
+	int verify = TLS_PEER_VERIFY_NONE;
 	sec_tag_t sec_list[] = { CA_CERTIFICATE_TAG };
 	int protocol = IPPROTO_DTLS_1_2;
 	char port[] = "5684";
diff --git a/samples/net/cloud/google_iot_mqtt/src/protocol.c b/samples/net/cloud/google_iot_mqtt/src/protocol.c
index e6cdca32b2f..180237023f2 100644
--- a/samples/net/cloud/google_iot_mqtt/src/protocol.c
+++ b/samples/net/cloud/google_iot_mqtt/src/protocol.c
@@ -304,7 +304,7 @@ void mqtt_startup(char *hostname, int port)
 		struct mqtt_sec_config *tls_config =
 				&client->transport.tls.config;
 
-		tls_config->peer_verify = 2;
+		tls_config->peer_verify = TLS_PEER_VERIFY_REQUIRED;
 		tls_config->cipher_list = NULL;
 		tls_config->sec_tag_list = m_sec_tags;
 		tls_config->sec_tag_count = ARRAY_SIZE(m_sec_tags);
diff --git a/samples/net/cloud/mqtt_azure/src/main.c b/samples/net/cloud/mqtt_azure/src/main.c
index 2887f0115de..b09861091ae 100644
--- a/samples/net/cloud/mqtt_azure/src/main.c
+++ b/samples/net/cloud/mqtt_azure/src/main.c
@@ -176,7 +176,7 @@ static void client_init(struct mqtt_client *client)
 
 	tls_config = &client->transport.tls.config;
 
-	tls_config->peer_verify = 2;
+	tls_config->peer_verify = TLS_PEER_VERIFY_REQUIRED;
 	tls_config->cipher_list = NULL;
 	tls_config->sec_tag_list = m_sec_tags;
 	tls_config->sec_tag_count = ARRAY_SIZE(m_sec_tags);
diff --git a/samples/net/mqtt_publisher/src/main.c b/samples/net/mqtt_publisher/src/main.c
index dac9e3597be..eb0590bcce4 100644
--- a/samples/net/mqtt_publisher/src/main.c
+++ b/samples/net/mqtt_publisher/src/main.c
@@ -304,7 +304,7 @@ static void client_init(struct mqtt_client *client)
 
 	struct mqtt_sec_config *tls_config = &client->transport.tls.config;
 
-	tls_config->peer_verify = 2;
+	tls_config->peer_verify = TLS_PEER_VERIFY_REQUIRED;
 	tls_config->cipher_list = NULL;
 	tls_config->sec_tag_list = m_sec_tags;
 	tls_config->sec_tag_count = ARRAY_SIZE(m_sec_tags);
diff --git a/samples/net/sockets/echo_server/src/udp.c b/samples/net/sockets/echo_server/src/udp.c
index 9335e2b1bcc..723673cab60 100644
--- a/samples/net/sockets/echo_server/src/udp.c
+++ b/samples/net/sockets/echo_server/src/udp.c
@@ -55,7 +55,7 @@ static int start_udp_proto(struct data *data, struct sockaddr *bind_addr,
 		PSK_TAG,
 #endif
 	};
-	int role = 1;
+	int role = TLS_DTLS_ROLE_SERVER;
 
 	ret = setsockopt(data->udp.sock, SOL_TLS, TLS_SEC_TAG_LIST,
 			 sec_tag_list, sizeof(sec_tag_list));