mirror of https://github.com/wolfSSL/wolfssl.git
ocsp: enable SSL_CTX_set_tlsext_status_cb only in OPENSSL_ALL
Marco Oliverio
parent
0945101948
commit
a1d1f0ddf1
|
|
@ -8689,14 +8689,14 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl)
|
|||
#endif
|
||||
#ifdef OPENSSL_EXTRA
|
||||
XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL);
|
||||
#ifdef HAVE_OCSP
|
||||
#endif
|
||||
#if defined(HAVE_OCSP) && defined(OPENSSL_ALL)
|
||||
if (ssl->ocspResp) {
|
||||
XFREE(ssl->ocspResp, NULL, 0);
|
||||
ssl->ocspResp = NULL;
|
||||
ssl->ocspRespSz = 0;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
#endif /* defined(HAVE_OCSP) && defined(OPENSSL_ALL) */
|
||||
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
||||
while (ssl->certReqCtx != NULL) {
|
||||
CertReqCtx* curr = ssl->certReqCtx;
|
||||
|
|
@ -9021,13 +9021,13 @@ void FreeHandshakeResources(WOLFSSL* ssl)
|
|||
* !WOLFSSL_POST_HANDSHAKE_AUTH */
|
||||
#endif /* HAVE_TLS_EXTENSIONS && !NO_TLS */
|
||||
|
||||
#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA)
|
||||
#if defined(HAVE_OCSP) && defined(OPENSSL_ALL)
|
||||
if (ssl->ocspResp != NULL) {
|
||||
XFREE(ssl->ocspResp, NULL, 0);
|
||||
ssl->ocspResp = NULL;
|
||||
ssl->ocspRespSz = 0;
|
||||
}
|
||||
#endif /* HAVE_OCSP && OPENSSL_EXTRA */
|
||||
#endif /* HAVE_OCSP && OPENSSL_ALL */
|
||||
|
||||
#ifdef WOLFSSL_STATIC_MEMORY
|
||||
/* when done with handshake decrement current handshake count */
|
||||
|
|
@ -24858,7 +24858,7 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status,
|
|||
|
||||
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
|
||||
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
|
||||
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA))
|
||||
defined(WOLFSSL_HAPROXY))
|
||||
static int BuildCertificateStatusWithStatusCB(WOLFSSL* ssl)
|
||||
{
|
||||
WOLFSSL_OCSP *ocsp;
|
||||
|
|
@ -24896,9 +24896,8 @@ static int BuildCertificateStatusWithStatusCB(WOLFSSL* ssl)
|
|||
}
|
||||
return ret;
|
||||
}
|
||||
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST && \
|
||||
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
|
||||
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)) */
|
||||
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST && (defined(OPENSSL_ALL) ||
|
||||
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */
|
||||
#endif /* NO_WOLFSSL_SERVER */
|
||||
|
||||
/* handle generation of certificate_status (22) */
|
||||
|
|
@ -24926,7 +24925,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
|||
|
||||
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
|
||||
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
|
||||
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA))
|
||||
defined(WOLFSSL_HAPROXY))
|
||||
if (SSL_CM(ssl)->ocsp_stapling != NULL &&
|
||||
SSL_CM(ssl)->ocsp_stapling->statusCb != NULL) {
|
||||
if (ssl->status_request == WOLFSSL_CSR_OCSP)
|
||||
|
|
|
|||
25
src/tls.c
25
src/tls.c
|
|
@ -3238,15 +3238,14 @@ word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, byte isRequest,
|
|||
#endif
|
||||
#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
|
||||
if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) {
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|
||||
|| defined(OPENSSL_EXTRA)
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
if (csr->ssl != NULL && SSL_CM(csr->ssl) != NULL &&
|
||||
SSL_CM(csr->ssl)->ocsp_stapling != NULL &&
|
||||
SSL_CM(csr->ssl)->ocsp_stapling->statusCb != NULL &&
|
||||
idx == 0) {
|
||||
return OPAQUE8_LEN + OPAQUE24_LEN + csr->ssl->ocspRespSz;
|
||||
}
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA */
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
||||
return (word16)(OPAQUE8_LEN + OPAQUE24_LEN +
|
||||
csr->responses[idx].length);
|
||||
}
|
||||
|
|
@ -3257,8 +3256,7 @@ word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, byte isRequest,
|
|||
}
|
||||
|
||||
#if (defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)) && \
|
||||
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
|
||||
defined(OPENSSL_EXTRA))
|
||||
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
|
||||
static int TLSX_CSR_SetResponseWithStatusCB(WOLFSSL *ssl)
|
||||
{
|
||||
void *ioCtx = NULL;
|
||||
|
|
@ -3319,7 +3317,7 @@ static int TLSX_CSR_WriteWithStatusCB(CertificateStatusRequest* csr,
|
|||
return offset + respSz;
|
||||
}
|
||||
#endif /* (TLS13 && !NO_WOLFSLL_SERVER) && (OPENSSL_ALL || WOLFSSL_NGINX ||
|
||||
WOLFSSL_HAPROXY || OPENSSL_EXTRA) */
|
||||
WOLFSSL_HAPROXY) */
|
||||
|
||||
static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
|
||||
{
|
||||
|
|
@ -3373,16 +3371,14 @@ int TLSX_CSR_Write_ex(CertificateStatusRequest* csr, byte* output,
|
|||
#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
|
||||
if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) {
|
||||
word16 offset = 0;
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|
||||
|| defined(OPENSSL_EXTRA)
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
if (csr->ssl != NULL && SSL_CM(csr->ssl) != NULL &&
|
||||
SSL_CM(csr->ssl)->ocsp_stapling != NULL &&
|
||||
SSL_CM(csr->ssl)->ocsp_stapling->statusCb != NULL &&
|
||||
idx == 0) {
|
||||
return TLSX_CSR_WriteWithStatusCB(csr, output);
|
||||
}
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
|
||||
defined(OPENSSL_EXTRA) */
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
||||
output[offset++] = csr->status_type;
|
||||
c32to24(csr->responses[idx].length, output + offset);
|
||||
offset += OPAQUE24_LEN;
|
||||
|
|
@ -3658,15 +3654,13 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
|
|||
|
||||
#if defined(WOLFSSL_TLS13)
|
||||
if (ssl->options.tls1_3) {
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
|
||||
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
if (ssl != NULL && SSL_CM(ssl) != NULL &&
|
||||
SSL_CM(ssl)->ocsp_stapling != NULL &&
|
||||
SSL_CM(ssl)->ocsp_stapling->statusCb != NULL) {
|
||||
return TLSX_CSR_SetResponseWithStatusCB(ssl);
|
||||
}
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || \
|
||||
defined(OPENSSL_EXTRA) */
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
||||
if (ssl->buffers.certificate == NULL) {
|
||||
WOLFSSL_MSG("Certificate buffer not set!");
|
||||
return BUFFER_ERROR;
|
||||
|
|
@ -4163,8 +4157,7 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, const byte* input, word16 length,
|
|||
continue;
|
||||
}
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|
||||
|| defined(OPENSSL_EXTRA)
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||
/* OpenSSL status CB supports only CERTIFICATE STATUS REQ V1 */
|
||||
if (ssl != NULL && SSL_CM(ssl) != NULL &&
|
||||
SSL_CM(ssl)->ocsp_stapling != NULL &&
|
||||
|
|
|
|||
|
|
@ -361,7 +361,7 @@ int test_ocsp_basic_verify(void)
|
|||
|
||||
#if defined(HAVE_OCSP) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
|
||||
defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(WOLFSSL_NO_TLS12) && \
|
||||
(defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
|
||||
defined(OPENSSL_ALL)
|
||||
|
||||
struct _test_ocsp_status_callback_ctx {
|
||||
byte* ocsp_resp;
|
||||
|
|
@ -588,6 +588,7 @@ int test_ocsp_status_callback(void)
|
|||
{
|
||||
return TEST_SKIPPED;
|
||||
}
|
||||
#endif /* defined(HAVE_OCSP) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
|
||||
defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(WOLFSSL_NO_TLS12) && \
|
||||
(defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) */
|
||||
#endif /* defined(HAVE_OCSP) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) \
|
||||
&& defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
|
||||
!defined(WOLFSSL_NO_TLS12) \
|
||||
&& defined(OPENSSL_ALL) */
|
||||
|
|
|
|||
Loading…
Reference in New Issue