Merge pull request #5387 from TakayukiMatsuo/tk14445

Suppress build errors when defining some disable macros
2022-08-07 20:09:41 -07:00 · 2022-08-07 20:09:41 -07:00 · 7004157869
parent 2d2c55f1c1 79fb1783c4
commit 7004157869
4 changed files with 170 additions and 56 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -2463,8 +2463,9 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
 #endif /* !NO_CERTS */

 #ifdef HAVE_TLS_EXTENSIONS
+#if !defined(NO_TLS)
    TLSX_FreeAll(ctx->extensions, ctx->heap);
-
+#endif /* !NO_TLS */
 #ifndef NO_WOLFSSL_SERVER
 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
@ -7422,8 +7423,9 @@ void SSL_ResourceFree(WOLFSSL* ssl)
    #endif /* NO_RSA */
 #endif /* HAVE_PK_CALLBACKS */
 #ifdef HAVE_TLS_EXTENSIONS
+#if !defined(NO_TLS)
    TLSX_FreeAll(ssl->extensions, ssl->heap);
-
+#endif /* !NO_TLS */
 #ifdef HAVE_ALPN
    if (ssl->alpn_client_list != NULL) {
        XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_ALPN);
@ -7735,7 +7737,7 @@ void FreeHandshakeResources(WOLFSSL* ssl)
 #endif /* HAVE_PK_CALLBACKS */

 #if defined(HAVE_TLS_EXTENSIONS) && !defined(HAVE_SNI) && \
-                    !defined(HAVE_ALPN) && !defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+!defined(NO_TLS) && !defined(HAVE_ALPN) && !defined(WOLFSSL_POST_HANDSHAKE_AUTH)
    /* Some extensions need to be kept for post-handshake querying. */
    TLSX_FreeAll(ssl->extensions, ssl->heap);
    ssl->extensions = NULL;
@ -12812,9 +12814,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                    listSz -= extSz + OPAQUE16_LEN;
                    WOLFSSL_MSG_EX("\tParsing %d bytes of cert extensions",
                            args->exts[args->totalCerts].length);
+                    #if !defined(NO_TLS)
                    ret = TLSX_Parse(ssl, args->exts[args->totalCerts].buffer,
                        (word16)args->exts[args->totalCerts].length,
                        certificate, NULL);
+                    #endif /* !NO_TLS */
                    if (ret < 0) {
                        WOLFSSL_ERROR_VERBOSE(ret);
                        ERROR_OUT(ret, exit_ppc);
@ -19814,7 +19818,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
    (void)epochOrder;

 #ifndef NO_TLS
-#ifdef WOLFSSL_NO_TLS12
+#if defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_TLS13)
    return BuildTls13Message(ssl, output, outSz, input, inSz, type,
                                               hashOutput, sizeOnly, asyncOkay);
 #else
--- a/src/ssl.c
+++ b/src/ssl.c
@ -2867,8 +2867,11 @@ int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name)
        return BAD_FUNC_ARG;

    ssl->options.userCurves = 1;
-
+#if defined(NO_TLS)
+    return WOLFSSL_FAILURE;
+#else
    return TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap);
+#endif /* NO_TLS */
 }


@ -2878,8 +2881,11 @@ int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, word16 name)
        return BAD_FUNC_ARG;

    ctx->userCurves = 1;
-
+#if defined(NO_TLS)
+    return WOLFSSL_FAILURE;
+#else
    return TLSX_UseSupportedCurve(&ctx->extensions, name, ctx->heap);
+#endif /* NO_TLS */
 }

 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13)
@ -3079,7 +3085,9 @@ int wolfSSL_ALPN_FreePeerProtocol(WOLFSSL* ssl, char **list)
 int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl)
 {
    int ret = BAD_FUNC_ARG;
-
+#if defined(NO_TLS)
+    (void)ssl;
+#else
    if (ssl)
        ret = TLSX_UseSecureRenegotiation(&ssl->extensions, ssl->heap);

@ -3089,7 +3097,7 @@ int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl)
        if (extension)
            ssl->secure_renegotiation = (SecureRenegotiation*)extension->data;
    }
-
+#endif /* !NO_TLS */
    return ret;
 }

@ -4669,12 +4677,12 @@ int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
            ssl->version = MakeTLSv1_2();
            break;
    #endif
-#endif
-#ifdef WOLFSSL_TLS13
+
+    #ifdef WOLFSSL_TLS13
        case WOLFSSL_TLSV1_3:
            ssl->version = MakeTLSv1_3();
            break;
-
+    #endif /* WOLFSSL_TLS13 */
 #endif

        default:
--- a/src/tls13.c
+++ b/src/tls13.c
@ -10356,11 +10356,14 @@ int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group)
        }
    }
 #endif
-
+#if defined(NO_TLS)
+    (void)ret;
+    (void)group;
+#else
    ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL);
    if (ret != 0)
        return ret;
-
+#endif /* NO_TLS */
    return WOLFSSL_SUCCESS;
 }

@ -10377,11 +10380,13 @@ int wolfSSL_NoKeyShares(WOLFSSL* ssl)
        return BAD_FUNC_ARG;
    if (ssl->options.side == WOLFSSL_SERVER_END)
        return SIDE_ERROR;
-
+#if defined(NO_TLS)
+    (void)ret;
+#else
    ret = TLSX_KeyShare_Empty(ssl);
    if (ret != 0)
        return ret;
-
+#endif /* NO_TLS */
    return WOLFSSL_SUCCESS;
 }
 #endif
@ -10647,13 +10652,17 @@ int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, int count)
        return BAD_FUNC_ARG;

    ctx->numGroups = 0;
+    #if !defined(NO_TLS)
    TLSX_Remove(&ctx->extensions, TLSX_SUPPORTED_GROUPS, ctx->heap);
+    #endif /* !NO_TLS */
    for (i = 0; i < count; i++) {
        /* Call to wolfSSL_CTX_UseSupportedCurve also checks if input groups
         * are valid */
        if ((ret = wolfSSL_CTX_UseSupportedCurve(ctx, (word16)groups[i]))
                != WOLFSSL_SUCCESS) {
+    #if !defined(NO_TLS)
            TLSX_Remove(&ctx->extensions, TLSX_SUPPORTED_GROUPS, ctx->heap);
+    #endif /* !NO_TLS */
            return ret;
        }
        ctx->group[i] = (word16)groups[i];
@ -10682,13 +10691,17 @@ int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count)
        return BAD_FUNC_ARG;

    ssl->numGroups = 0;
+    #if !defined(NO_TLS)
    TLSX_Remove(&ssl->extensions, TLSX_SUPPORTED_GROUPS, ssl->heap);
+    #endif /* !NO_TLS */
    for (i = 0; i < count; i++) {
        /* Call to wolfSSL_UseSupportedCurve also checks if input groups
                 * are valid */
        if ((ret = wolfSSL_UseSupportedCurve(ssl, (word16)groups[i]))
                != WOLFSSL_SUCCESS) {
+    #if !defined(NO_TLS)
            TLSX_Remove(&ssl->extensions, TLSX_SUPPORTED_GROUPS, ssl->heap);
+    #endif /* !NO_TLS */
            return ret;
        }
        ssl->group[i] = (word16)groups[i];
--- a/tests/api.c
+++ b/tests/api.c
@ -1412,18 +1412,22 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void)
    const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";

    ret = test_cm_load_ca_file(ca_cert);
-#ifdef NO_RSA
+#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
+    AssertIntEQ(ret, WOLFSSL_FATAL_ERROR);
+#elif defined(NO_RSA)
    AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
 #else
    AssertIntEQ(ret, WOLFSSL_SUCCESS);
 #endif

    ret = test_cm_load_ca_file(ca_expired_cert);
-#ifdef NO_RSA
+#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
+    AssertIntEQ(ret, WOLFSSL_FATAL_ERROR);
+    if (ret == WOLFSSL_FATAL_ERROR)
+#elif defined(NO_RSA)
    AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
    if (ret == ASN_UNKNOWN_OID_E)
-#else
-#if !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \
+#elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \
    !defined(OPENSSL_COMPATIBLE_DEFAULTS)
    AssertIntEQ(ret, ASN_AFTER_DATE_E);
    if (ret == ASN_AFTER_DATE_E)
@ -1431,7 +1435,6 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void)
    AssertIntEQ(ret, WOLFSSL_SUCCESS);
    if (ret == WOLFSSL_SUCCESS)
 #endif
-#endif
 #endif
    {
        ret = 0;
@ -1510,8 +1513,11 @@ static int test_wolfSSL_CertManagerSetVerify(void)
    wolfSSL_CertManagerSetVerify(cm, myVerify);

    ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL);
+    #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
+    AssertIntEQ(ret, -1);
+    #else
    AssertIntEQ(ret, WOLFSSL_SUCCESS);
-
+    #endif
    /* Use the test CB that always accepts certs */
    myVerifyAction = VERIFY_OVERRIDE_ERROR;

@ -2440,6 +2446,7 @@ static int test_wolfSSL_CTX_load_verify_buffer_ex(void)
 {
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
    defined(USE_CERT_BUFFERS_2048)
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
    WOLFSSL_CTX* ctx;
    const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der";
    byte ca_expired_cert[TWOK_BUF];
@ -2485,7 +2492,7 @@ static int test_wolfSSL_CTX_load_verify_buffer_ex(void)
            WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS);

    wolfSSL_CTX_free(ctx);
-
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif

    return 0;
@ -2494,7 +2501,8 @@ static int test_wolfSSL_CTX_load_verify_buffer_ex(void)
 static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void)
 {
 #if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \
-    defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048)
+    defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
    WOLFSSL_CTX* ctx;

  #ifndef NO_WOLFSSL_CLIENT
@ -2517,7 +2525,7 @@ static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void)
 static int test_wolfSSL_CTX_add1_chain_cert(void)
 {
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && \
-    defined(KEEP_OUR_CERT) && !defined(NO_RSA)
+    defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
    WOLFSSL_CTX*        ctx;
    WOLFSSL*            ssl;
    const char *certChain[] = {
@ -2562,11 +2570,15 @@ static int test_wolfSSL_CTX_add1_chain_cert(void)
 static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
 {
    int ret = 0;
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
    const char* server_chain_der = "./certs/server-cert-chain.der";
    const char* client_single_pem = "./certs/client-cert.pem";
    WOLFSSL_CTX* ctx;

+    (void)server_chain_der;
+    (void)client_single_pem;
+    (void)ctx;
  #ifndef NO_WOLFSSL_CLIENT
    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    AssertNotNull(ctx);
@ -2587,9 +2599,10 @@ static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)

 static int test_wolfSSL_CTX_SetTmpDH_file(void)
 {
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH)
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
    WOLFSSL_CTX *ctx;
-
+    (void)ctx;
  #ifndef NO_WOLFSSL_CLIENT
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  #else
@ -2603,6 +2616,7 @@ static int test_wolfSSL_CTX_SetTmpDH_file(void)
    /* invalid dhParamFile file */
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
                NULL, WOLFSSL_FILETYPE_PEM));
+
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
                bogusFile, WOLFSSL_FILETYPE_PEM));

@ -2618,9 +2632,10 @@ static int test_wolfSSL_CTX_SetTmpDH_file(void)

 static int test_wolfSSL_CTX_SetTmpDH_buffer(void)
 {
-#if !defined(NO_CERTS) && !defined(NO_DH)
+#if !defined(NO_CERTS) && !defined(NO_DH) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
    WOLFSSL_CTX *ctx;
-
+    (void)ctx;
  #ifndef NO_WOLFSSL_CLIENT
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  #else
@ -2634,6 +2649,7 @@ static int test_wolfSSL_CTX_SetTmpDH_buffer(void)
    /* invalid dhParamFile file */
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL,
                0, WOLFSSL_FILETYPE_ASN1));
+
    AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dsa_key_der_2048,
                sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1));

@ -2649,9 +2665,10 @@ static int test_wolfSSL_CTX_SetTmpDH_buffer(void)

 static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
 {
-#if !defined(NO_CERTS) && !defined(NO_DH)
+#if !defined(NO_CERTS) && !defined(NO_DH) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
    WOLFSSL_CTX *ctx;
-
+    (void)ctx;
  #ifndef NO_WOLFSSL_CLIENT
    ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    AssertNotNull(ctx);
@ -2688,7 +2705,8 @@ static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)

 static int test_wolfSSL_CTX_der_load_verify_locations(void)
 {
-#ifdef WOLFSSL_DER_LOAD
+#if defined(WOLFSSL_DER_LOAD) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
    WOLFSSL_CTX* ctx = NULL;
    const char* derCert = "./certs/server-cert.der";
    const char* nullPath = NULL;
@ -2767,7 +2785,7 @@ static int test_wolfSSL_CTX_enable_disable(void)
  #elif !defined(NO_WOLFSSL_SERVER)
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  #else
-    return;
+    return 0;
  #endif

  #ifdef HAVE_CRL
@ -2844,8 +2862,8 @@ static int test_wolfSSL_set_minmax_proto_version(void)

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
-
-#else
+#endif
+#ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));

    AssertIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE);
@ -5177,6 +5195,7 @@ typedef int (*cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl);

 static int test_client_nofail(void* args, cbType cb)
 {
+#if !defined(NO_WOLFSSL_CLIENT)
    SOCKET_T sockfd = 0;
    callback_functions* cbf;

@ -5374,12 +5393,16 @@ done:
    wc_ecc_fp_free();  /* free per thread cache */
 #endif

+#else
+    (void)args;
+    (void)cb;
+#endif /* !NO_WOLFSSL_CLIENT */
    return 0;
 }

-#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
-static void test_client_reuse_WOLFSSLobj(void* args, void *cb,
-                                         void* server_args)
+#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \
+   !defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT)
+static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args)
 {
    SOCKET_T sockfd = 0;
    callback_functions* cbf;
@ -5595,7 +5618,8 @@ done:

    return;
 }
-#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */
+#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) &&
+         !defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT) */


 static int test_client_verifyDepth(void* args)
@ -6310,7 +6334,7 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient(void)

 static int test_client_get_finished(void* args, cbType cb)
 {
-#ifdef WOLFSSL_HAVE_TLS_UNIQUE
+#if defined(WOLFSSL_HAVE_TLS_UNIQUE) && !defined(NO_WOLFSSL_CLIENT)
    SOCKET_T sockfd = 0;
    callback_functions* cbf;

@ -6454,7 +6478,7 @@ done:
 #else
    (void)args;
    (void)cb;
-#endif /* WOLFSSL_HAVE_TLS_UNIQUE */
+#endif /* WOLFSSL_HAVE_TLS_UNIQUE && !NO_WOLFSSL_CLIENT */

    return 0;
 }
@ -7421,6 +7445,7 @@ static void test_wolfSSL_client_server(callback_functions* client_callbacks,
 #ifdef HAVE_SNI
 static int test_wolfSSL_UseSNI_params(void)
 {
+#if !defined(NO_WOLFSSL_CLIENT)
    WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
    WOLFSSL     *ssl = wolfSSL_new(ctx);

@ -7442,6 +7467,7 @@ static int test_wolfSSL_UseSNI_params(void)

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
+#endif /* !NO_WOLFSSL_CLIENT */

    return 0;
 }
@ -7551,6 +7577,7 @@ static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl)

 static int test_wolfSSL_UseSNI_connection(void)
 {
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
    callback_functions client_cb;
    callback_functions server_cb;

@ -7610,6 +7637,7 @@ static int test_wolfSSL_UseSNI_connection(void)
    client_cb.ctx_ready = NULL;                            client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
    server_cb.ctx_ready = use_PSEUDO_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL;                 server_cb.on_result = verify_SNI_fake_matching;
    test_wolfSSL_client_server(&client_cb, &server_cb);
+#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */

    return 0;
 }
@ -7765,6 +7793,7 @@ static int test_wolfSSL_UseTrustedCA(void)
 {
 #if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
    && !defined(NO_RSA)
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
    WOLFSSL_CTX *ctx;
    WOLFSSL     *ssl;
    byte        id[20];
@ -7806,6 +7835,7 @@ static int test_wolfSSL_UseTrustedCA(void)

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif /* HAVE_TRUSTED_CA */

    return 0;
@ -7815,6 +7845,8 @@ static int test_wolfSSL_UseMaxFragment(void)
 {
 #if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && \
    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  #ifndef NO_WOLFSSL_SERVER
    WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  #else
@ -7887,6 +7919,7 @@ static int test_wolfSSL_UseMaxFragment(void)

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif

    return 0;
@ -7896,6 +7929,7 @@ static int test_wolfSSL_UseTruncatedHMAC(void)
 {
 #if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && \
    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
  #ifndef NO_WOLFSSL_SERVER
    WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  #else
@ -7923,6 +7957,7 @@ static int test_wolfSSL_UseTruncatedHMAC(void)

    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif

    return 0;
@ -8095,6 +8130,7 @@ static void verify_ALPN_client_list(WOLFSSL* ssl)

 static int test_wolfSSL_UseALPN_connection(void)
 {
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
    callback_functions client_cb;
    callback_functions server_cb;

@ -8145,7 +8181,7 @@ static int test_wolfSSL_UseALPN_connection(void)
    client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all;     client_cb.on_result = NULL;
    server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown; server_cb.on_result = verify_ALPN_FATAL_ERROR_on_client;
    test_wolfSSL_client_server(&client_cb, &server_cb);
-
+#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */
    return 0;
 }

@ -8299,6 +8335,7 @@ static void verify_alpn_matching_http1(WOLFSSL* ssl)

 static int test_wolfSSL_set_alpn_protos(void)
 {
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
    callback_functions client_cb;
    callback_functions server_cb;

@ -8319,6 +8356,7 @@ static int test_wolfSSL_set_alpn_protos(void)
    server_cb.ctx_ready = NULL; server_cb.ssl_ready = set_alpn_protos; server_cb.on_result = verify_alpn_matching_spdy3;
    test_wolfSSL_client_server(&client_cb, &server_cb);

+#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */
    return 0;
 }

@ -8557,6 +8595,7 @@ static int test_wolfSSL_PKCS12(void)
    || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)

    /* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
 #if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS)
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
 #else
@ -8577,7 +8616,7 @@ static int test_wolfSSL_PKCS12(void)
    SSL_free(ssl);
    SSL_CTX_free(ctx);
 #endif
-
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
    /* should be 2 other certs on stack */
    tmp = sk_X509_pop(ca);
    AssertNotNull(tmp);
@ -8668,6 +8707,7 @@ static int test_wolfSSL_PKCS12(void)
    /* check use of pkey after parse */
 #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
    || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
 #if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS)
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
 #else
@ -8675,6 +8715,7 @@ static int test_wolfSSL_PKCS12(void)
 #endif
    AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS);
    SSL_CTX_free(ctx);
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif

    AssertNotNull(pkey);
@ -8920,6 +8961,7 @@ static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
 static int test_wolfSSL_PKCS8(void)
 {
 #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8)
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
    byte buff[FOURK_BUF];
    byte der[FOURK_BUF];
    #ifndef NO_RSA
@ -9111,6 +9153,7 @@ static int test_wolfSSL_PKCS8(void)
    wolfSSL_CTX_free(ctx);

    printf(resultFmt, passed);
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif /* !NO_FILESYSTEM && !NO_ASN && HAVE_PKCS8 */

    return 0;
@ -9136,6 +9179,7 @@ static int test_wolfSSL_PKCS8_ED25519(void)
    XMEMSET(der, 0, sizeof(der));
    AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
        (word32)sizeof(der), password)), 0);
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
 #ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 #else
@ -9145,6 +9189,7 @@ static int test_wolfSSL_PKCS8_ED25519(void)
        WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);

    wolfSSL_CTX_free(ctx);
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif

    return 0;
@ -9170,6 +9215,7 @@ static int test_wolfSSL_PKCS8_ED448(void)
    XMEMSET(der, 0, sizeof(der));
    AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
        (word32)sizeof(der), password)), 0);
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
 #ifndef NO_WOLFSSL_SERVER
    AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 #else
@ -9179,6 +9225,7 @@ static int test_wolfSSL_PKCS8_ED448(void)
        WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);

    wolfSSL_CTX_free(ctx);
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif

    return 0;
@ -31601,6 +31648,7 @@ static int test_wolfSSL_private_keys(void)
 {
    #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
       !defined(NO_FILESYSTEM)
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
    WOLFSSL*     ssl;
    WOLFSSL_CTX* ctx;
    EVP_PKEY* pkey = NULL;
@ -31808,6 +31856,7 @@ static int test_wolfSSL_private_keys(void)
    (void)pkey;

    printf(resultFmt, passed);
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
    #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */

    return 0;
@ -32556,6 +32605,7 @@ static int test_wolfSSL_tmp_dh(void)
 {
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
    !defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO)
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
    byte buff[6000];
    char file[] = "./certs/dsaparams.pem";
    XFILE f;
@ -32617,6 +32667,7 @@ static int test_wolfSSL_tmp_dh(void)
    SSL_CTX_free(ctx);

    printf(resultFmt, passed);
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif

    return 0;
@ -33348,6 +33399,7 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void)
 {
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
   !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO)
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
    char caFile[] = "./certs/client-ca.pem";
    char clientFile[] = "./certs/client-cert.pem";
    SSL_CTX* ctx;
@ -33440,6 +33492,7 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void)
    sk_X509_pop_free(chain2, X509_free);
    SSL_CTX_free(ctx);
    printf(resultFmt, passed);
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
    #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
             !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined (NO_BIO) */

@ -34177,6 +34230,7 @@ static int test_wolfSSL_X509_STORE_CTX_set_time(void)
 static int test_wolfSSL_CTX_get0_set1_param(void)
 {
 #if defined(OPENSSL_EXTRA)
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
    int ret;
    SSL_CTX* ctx;
    WOLFSSL_X509_VERIFY_PARAM* pParam;
@ -34222,6 +34276,7 @@ static int test_wolfSSL_CTX_get0_set1_param(void)
    XFREE(pvpm, NULL, DYNAMIC_TYPE_OPENSSL);

    printf(resultFmt, passed);
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/

    return 0;
@ -34230,6 +34285,7 @@ static int test_wolfSSL_CTX_get0_set1_param(void)
 static int test_wolfSSL_get0_param(void)
 {
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
    SSL_CTX* ctx;
    SSL*     ssl;
    WOLFSSL_X509_VERIFY_PARAM* pParam;
@ -34252,6 +34308,7 @@ static int test_wolfSSL_get0_param(void)
    SSL_free(ssl);
    SSL_CTX_free(ctx);
    printf(resultFmt, passed);
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/

    return 0;
@ -34642,7 +34699,8 @@ static void keyLog_callback(const WOLFSSL* ssl, const char* line )
 #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
 static int test_wolfSSL_CTX_set_keylog_callback(void)
 {
-#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
+#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) && \
+                              !defined(NO_WOLFSSL_CLIENT)
    SSL_CTX* ctx;

    printf( testingFmt, "wolfSSL_CTX_set_keylog_callback()");
@ -34652,13 +34710,14 @@ static int test_wolfSSL_CTX_set_keylog_callback(void)
    SSL_CTX_set_keylog_callback(NULL, NULL);
    printf(resultFmt, passed);

-#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
+#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && !NO_WOLFSSL_CLIENT */

    return 0;
 }
 static int test_wolfSSL_CTX_get_keylog_callback(void)
 {
-#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK)
+#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) && \
+                                !defined(NO_WOLFSSL_CLIENT)
    SSL_CTX* ctx;

    printf( testingFmt, "wolfSSL_CTX_get_keylog_callback()");
@ -34671,7 +34730,7 @@ static int test_wolfSSL_CTX_get_keylog_callback(void)
    SSL_CTX_free(ctx);
    printf(resultFmt, passed);

-#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
+#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && !NO_WOLFSSL_CLIENT */

    return 0;
 }
@ -35097,7 +35156,8 @@ static int test_wolfSSL_X509_NID(void)
 static int test_wolfSSL_CTX_set_srp_username(void)
 {
 #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
-    && !defined(NO_SHA256) && !defined(WC_NO_RNG)
+    && !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_WOLFSSL_CLIENT)
+
    WOLFSSL_CTX* ctx;
    WOLFSSL* ssl;
    const char *username = "TESTUSER";
@ -35128,7 +35188,7 @@ static int test_wolfSSL_CTX_set_srp_username(void)

    printf(resultFmt, passed);
 #endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */
-       /* && !NO_SHA256 && !WC_NO_RNG */
+       /* && !NO_SHA256 && !WC_NO_RNG && !NO_WOLFSSL_CLIENT */

    return 0;
 }
@ -35136,7 +35196,7 @@ static int test_wolfSSL_CTX_set_srp_username(void)
 static int test_wolfSSL_CTX_set_srp_password(void)
 {
 #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
-    && !defined(NO_SHA256) && !defined(WC_NO_RNG)
+    && !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_WOLFSSL_CLIENT)
    WOLFSSL_CTX* ctx;
    const char *username = "TESTUSER";
    const char *password = "TESTPASSWORD";
@ -35159,7 +35219,7 @@ static int test_wolfSSL_CTX_set_srp_password(void)

    printf(resultFmt, passed);
 #endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */
-       /* && !NO_SHA256 && !WC_NO_RNG */
+       /* && !NO_SHA256 && !WC_NO_RNG && !NO_WOLFSSL_CLIENT */

    return 0;
 }
@ -35222,6 +35282,7 @@ static int test_wolfSSL_X509_STORE(void)

    #ifndef WOLFCRYPT_ONLY
    {
+      #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
        SSL_CTX* ctx;
        SSL* ssl;
        int i;
@ -35251,6 +35312,7 @@ static int test_wolfSSL_X509_STORE(void)
            SSL_free(ssl);
            SSL_CTX_free(ctx);
        }
+      #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
    }
    #endif
    printf(resultFmt, passed);
@ -35919,6 +35981,7 @@ static int test_generate_cookie(void)
 static int test_wolfSSL_set_options(void)
 {
 #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
    WOLFSSL*     ssl;
    WOLFSSL_CTX* ctx;
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
@ -36043,6 +36106,7 @@ static int test_wolfSSL_set_options(void)
    wolfSSL_CTX_free(ctx);

    printf(resultFmt, passed);
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif /* !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) */

    return 0;
@ -36052,6 +36116,7 @@ static int test_wolfSSL_sk_SSL_CIPHER(void)
 {
    #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
       !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
    SSL*     ssl;
    SSL_CTX* ctx;
    STACK_OF(SSL_CIPHER) *sk, *dupSk;
@ -36080,6 +36145,7 @@ static int test_wolfSSL_sk_SSL_CIPHER(void)
    SSL_CTX_free(ctx);

    printf(resultFmt, passed);
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
    #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
             !defined(NO_FILESYSTEM) && !defined(NO_RSA) */

@ -36089,6 +36155,7 @@ static int test_wolfSSL_sk_SSL_CIPHER(void)
 static int test_wolfSSL_set1_curves_list(void)
 {
 #if defined(OPENSSL_EXTRA) && defined(HAVE_RSA)
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
    SSL*     ssl = NULL;
    SSL_CTX* ctx = NULL;

@ -36114,6 +36181,7 @@ static int test_wolfSSL_set1_curves_list(void)
    SSL_CTX_free(ctx);

    printf(resultFmt, passed);
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
 #endif

    return 0;
@ -36122,6 +36190,7 @@ static int test_wolfSSL_set1_curves_list(void)
 static int test_wolfSSL_set1_sigalgs_list(void)
 {
    #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
+#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
    SSL*     ssl;
    SSL_CTX* ctx;

@ -36238,6 +36307,7 @@ static int test_wolfSSL_set1_sigalgs_list(void)
    SSL_CTX_free(ctx);

    printf(resultFmt, passed);
+#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
    #endif

    return 0;
@ -40002,7 +40072,8 @@ static int test_wolfSSL_BIO_should_retry(void)

 static int test_wolfSSL_BIO_connect(void)
 {
-#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT)
+#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
+            defined(HAVE_HTTP_CLIENT) && !defined(NO_WOLFSSL_CLIENT)
    tcp_ready ready;
    func_args server_args;
    THREAD_TYPE serverThread;
@ -49667,10 +49738,15 @@ static int test_wolfSSL_SMIME_write_PKCS7(void)

        if (cert_buf)
            free(cert_buf);
-
+#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
+        if (ret == WOLFSSL_FATAL_ERROR) {
+            ret = 0;
+        }
+#else
        if (ret == ASN_SIG_CONFIRM_E) {
            ret = 0;
        }
+#endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */
        return ret;
    }

@ -49700,9 +49776,15 @@ static int test_wolfSSL_SMIME_write_PKCS7(void)
 #ifdef FP_ECC
    wc_ecc_fp_free();
 #endif
+#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
+        if (ret == WOLFSSL_FATAL_ERROR) {
+            ret = 0;
+        }
+#else
        if (ret == ASN_SIG_CONFIRM_E) {
            ret = 0;
        }
+#endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */
        return ret;
    }

@ -49758,7 +49840,9 @@ static int test_tls13_apis(void)
                               WOLFSSL_ECC_SECP256R1
 #endif
                             };
+#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
    int          bad_groups[2] = { 0xDEAD, 0xBEEF };
+#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */
    int          numGroups = 2;
 #endif
 #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
@ -54723,9 +54807,11 @@ static int test_various_pathlen_chains(void)
        printf("cert manager new failed\n");
        return -1;
    }
-
+#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
+    AssertIntEQ(test_chainG(cm), -1);
+#else
    AssertIntEQ(test_chainG(cm), 0);
-
+#endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */
    ret = wolfSSL_CertManagerUnloadCAs(cm);
    if (ret != WOLFSSL_SUCCESS)
        return -1;
@ -54758,8 +54844,11 @@ static int test_various_pathlen_chains(void)
        printf("cert manager new failed\n");
        return -1;
    }
+#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER)
+    AssertIntEQ(test_chainI(cm), -1);
+#else
    AssertIntEQ(test_chainI(cm), 0);
-
+#endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */
    wolfSSL_CertManagerUnloadCAs(cm);
    wolfSSL_CertManagerFree(cm);
    if ((cm = wolfSSL_CertManagerNew()) == NULL) {