mirror of https://github.com/wolfSSL/wolfssl.git
ocsp: enable SSL_CTX_set_tlsext_status_cb only in OPENSSL_ALL
Marco Oliverio
parent
0945101948
commit
a1d1f0ddf1
|
|
@ -8689,14 +8689,14 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl)
|
||||||
#endif
|
#endif
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL);
|
XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL);
|
||||||
#ifdef HAVE_OCSP
|
#endif
|
||||||
|
#if defined(HAVE_OCSP) && defined(OPENSSL_ALL)
|
||||||
if (ssl->ocspResp) {
|
if (ssl->ocspResp) {
|
||||||
XFREE(ssl->ocspResp, NULL, 0);
|
XFREE(ssl->ocspResp, NULL, 0);
|
||||||
ssl->ocspResp = NULL;
|
ssl->ocspResp = NULL;
|
||||||
ssl->ocspRespSz = 0;
|
ssl->ocspRespSz = 0;
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* defined(HAVE_OCSP) && defined(OPENSSL_ALL) */
|
||||||
#endif
|
|
||||||
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
|
||||||
while (ssl->certReqCtx != NULL) {
|
while (ssl->certReqCtx != NULL) {
|
||||||
CertReqCtx* curr = ssl->certReqCtx;
|
CertReqCtx* curr = ssl->certReqCtx;
|
||||||
|
|
@ -9021,13 +9021,13 @@ void FreeHandshakeResources(WOLFSSL* ssl)
|
||||||
* !WOLFSSL_POST_HANDSHAKE_AUTH */
|
* !WOLFSSL_POST_HANDSHAKE_AUTH */
|
||||||
#endif /* HAVE_TLS_EXTENSIONS && !NO_TLS */
|
#endif /* HAVE_TLS_EXTENSIONS && !NO_TLS */
|
||||||
|
|
||||||
#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA)
|
#if defined(HAVE_OCSP) && defined(OPENSSL_ALL)
|
||||||
if (ssl->ocspResp != NULL) {
|
if (ssl->ocspResp != NULL) {
|
||||||
XFREE(ssl->ocspResp, NULL, 0);
|
XFREE(ssl->ocspResp, NULL, 0);
|
||||||
ssl->ocspResp = NULL;
|
ssl->ocspResp = NULL;
|
||||||
ssl->ocspRespSz = 0;
|
ssl->ocspRespSz = 0;
|
||||||
}
|
}
|
||||||
#endif /* HAVE_OCSP && OPENSSL_EXTRA */
|
#endif /* HAVE_OCSP && OPENSSL_ALL */
|
||||||
|
|
||||||
#ifdef WOLFSSL_STATIC_MEMORY
|
#ifdef WOLFSSL_STATIC_MEMORY
|
||||||
/* when done with handshake decrement current handshake count */
|
/* when done with handshake decrement current handshake count */
|
||||||
|
|
@ -24858,7 +24858,7 @@ static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status,
|
||||||
|
|
||||||
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
|
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
|
||||||
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
|
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
|
||||||
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA))
|
defined(WOLFSSL_HAPROXY))
|
||||||
static int BuildCertificateStatusWithStatusCB(WOLFSSL* ssl)
|
static int BuildCertificateStatusWithStatusCB(WOLFSSL* ssl)
|
||||||
{
|
{
|
||||||
WOLFSSL_OCSP *ocsp;
|
WOLFSSL_OCSP *ocsp;
|
||||||
|
|
@ -24896,9 +24896,8 @@ static int BuildCertificateStatusWithStatusCB(WOLFSSL* ssl)
|
||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST && \
|
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST && (defined(OPENSSL_ALL) ||
|
||||||
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
|
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) */
|
||||||
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)) */
|
|
||||||
#endif /* NO_WOLFSSL_SERVER */
|
#endif /* NO_WOLFSSL_SERVER */
|
||||||
|
|
||||||
/* handle generation of certificate_status (22) */
|
/* handle generation of certificate_status (22) */
|
||||||
|
|
@ -24926,7 +24925,7 @@ int SendCertificateStatus(WOLFSSL* ssl)
|
||||||
|
|
||||||
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
|
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
|
||||||
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
|
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
|
||||||
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA))
|
defined(WOLFSSL_HAPROXY))
|
||||||
if (SSL_CM(ssl)->ocsp_stapling != NULL &&
|
if (SSL_CM(ssl)->ocsp_stapling != NULL &&
|
||||||
SSL_CM(ssl)->ocsp_stapling->statusCb != NULL) {
|
SSL_CM(ssl)->ocsp_stapling->statusCb != NULL) {
|
||||||
if (ssl->status_request == WOLFSSL_CSR_OCSP)
|
if (ssl->status_request == WOLFSSL_CSR_OCSP)
|
||||||
|
|
|
||||||
25
src/tls.c
25
src/tls.c
|
|
@ -3238,15 +3238,14 @@ word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, byte isRequest,
|
||||||
#endif
|
#endif
|
||||||
#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
|
#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
|
||||||
if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) {
|
if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) {
|
||||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||||
|| defined(OPENSSL_EXTRA)
|
|
||||||
if (csr->ssl != NULL && SSL_CM(csr->ssl) != NULL &&
|
if (csr->ssl != NULL && SSL_CM(csr->ssl) != NULL &&
|
||||||
SSL_CM(csr->ssl)->ocsp_stapling != NULL &&
|
SSL_CM(csr->ssl)->ocsp_stapling != NULL &&
|
||||||
SSL_CM(csr->ssl)->ocsp_stapling->statusCb != NULL &&
|
SSL_CM(csr->ssl)->ocsp_stapling->statusCb != NULL &&
|
||||||
idx == 0) {
|
idx == 0) {
|
||||||
return OPAQUE8_LEN + OPAQUE24_LEN + csr->ssl->ocspRespSz;
|
return OPAQUE8_LEN + OPAQUE24_LEN + csr->ssl->ocspRespSz;
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA */
|
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
||||||
return (word16)(OPAQUE8_LEN + OPAQUE24_LEN +
|
return (word16)(OPAQUE8_LEN + OPAQUE24_LEN +
|
||||||
csr->responses[idx].length);
|
csr->responses[idx].length);
|
||||||
}
|
}
|
||||||
|
|
@ -3257,8 +3256,7 @@ word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, byte isRequest,
|
||||||
}
|
}
|
||||||
|
|
||||||
#if (defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)) && \
|
#if (defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)) && \
|
||||||
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
|
(defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
|
||||||
defined(OPENSSL_EXTRA))
|
|
||||||
static int TLSX_CSR_SetResponseWithStatusCB(WOLFSSL *ssl)
|
static int TLSX_CSR_SetResponseWithStatusCB(WOLFSSL *ssl)
|
||||||
{
|
{
|
||||||
void *ioCtx = NULL;
|
void *ioCtx = NULL;
|
||||||
|
|
@ -3319,7 +3317,7 @@ static int TLSX_CSR_WriteWithStatusCB(CertificateStatusRequest* csr,
|
||||||
return offset + respSz;
|
return offset + respSz;
|
||||||
}
|
}
|
||||||
#endif /* (TLS13 && !NO_WOLFSLL_SERVER) && (OPENSSL_ALL || WOLFSSL_NGINX ||
|
#endif /* (TLS13 && !NO_WOLFSLL_SERVER) && (OPENSSL_ALL || WOLFSSL_NGINX ||
|
||||||
WOLFSSL_HAPROXY || OPENSSL_EXTRA) */
|
WOLFSSL_HAPROXY) */
|
||||||
|
|
||||||
static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
|
static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
|
||||||
{
|
{
|
||||||
|
|
@ -3373,16 +3371,14 @@ int TLSX_CSR_Write_ex(CertificateStatusRequest* csr, byte* output,
|
||||||
#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
|
#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
|
||||||
if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) {
|
if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) {
|
||||||
word16 offset = 0;
|
word16 offset = 0;
|
||||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||||
|| defined(OPENSSL_EXTRA)
|
|
||||||
if (csr->ssl != NULL && SSL_CM(csr->ssl) != NULL &&
|
if (csr->ssl != NULL && SSL_CM(csr->ssl) != NULL &&
|
||||||
SSL_CM(csr->ssl)->ocsp_stapling != NULL &&
|
SSL_CM(csr->ssl)->ocsp_stapling != NULL &&
|
||||||
SSL_CM(csr->ssl)->ocsp_stapling->statusCb != NULL &&
|
SSL_CM(csr->ssl)->ocsp_stapling->statusCb != NULL &&
|
||||||
idx == 0) {
|
idx == 0) {
|
||||||
return TLSX_CSR_WriteWithStatusCB(csr, output);
|
return TLSX_CSR_WriteWithStatusCB(csr, output);
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
|
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
||||||
defined(OPENSSL_EXTRA) */
|
|
||||||
output[offset++] = csr->status_type;
|
output[offset++] = csr->status_type;
|
||||||
c32to24(csr->responses[idx].length, output + offset);
|
c32to24(csr->responses[idx].length, output + offset);
|
||||||
offset += OPAQUE24_LEN;
|
offset += OPAQUE24_LEN;
|
||||||
|
|
@ -3658,15 +3654,13 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length,
|
||||||
|
|
||||||
#if defined(WOLFSSL_TLS13)
|
#if defined(WOLFSSL_TLS13)
|
||||||
if (ssl->options.tls1_3) {
|
if (ssl->options.tls1_3) {
|
||||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||||
defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
|
|
||||||
if (ssl != NULL && SSL_CM(ssl) != NULL &&
|
if (ssl != NULL && SSL_CM(ssl) != NULL &&
|
||||||
SSL_CM(ssl)->ocsp_stapling != NULL &&
|
SSL_CM(ssl)->ocsp_stapling != NULL &&
|
||||||
SSL_CM(ssl)->ocsp_stapling->statusCb != NULL) {
|
SSL_CM(ssl)->ocsp_stapling->statusCb != NULL) {
|
||||||
return TLSX_CSR_SetResponseWithStatusCB(ssl);
|
return TLSX_CSR_SetResponseWithStatusCB(ssl);
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || \
|
#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
|
||||||
defined(OPENSSL_EXTRA) */
|
|
||||||
if (ssl->buffers.certificate == NULL) {
|
if (ssl->buffers.certificate == NULL) {
|
||||||
WOLFSSL_MSG("Certificate buffer not set!");
|
WOLFSSL_MSG("Certificate buffer not set!");
|
||||||
return BUFFER_ERROR;
|
return BUFFER_ERROR;
|
||||||
|
|
@ -4163,8 +4157,7 @@ static int TLSX_CSR2_Parse(WOLFSSL* ssl, const byte* input, word16 length,
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||||
|| defined(OPENSSL_EXTRA)
|
|
||||||
/* OpenSSL status CB supports only CERTIFICATE STATUS REQ V1 */
|
/* OpenSSL status CB supports only CERTIFICATE STATUS REQ V1 */
|
||||||
if (ssl != NULL && SSL_CM(ssl) != NULL &&
|
if (ssl != NULL && SSL_CM(ssl) != NULL &&
|
||||||
SSL_CM(ssl)->ocsp_stapling != NULL &&
|
SSL_CM(ssl)->ocsp_stapling != NULL &&
|
||||||
|
|
|
||||||
|
|
@ -361,7 +361,7 @@ int test_ocsp_basic_verify(void)
|
||||||
|
|
||||||
#if defined(HAVE_OCSP) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
|
#if defined(HAVE_OCSP) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
|
||||||
defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(WOLFSSL_NO_TLS12) && \
|
defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(WOLFSSL_NO_TLS12) && \
|
||||||
(defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
|
defined(OPENSSL_ALL)
|
||||||
|
|
||||||
struct _test_ocsp_status_callback_ctx {
|
struct _test_ocsp_status_callback_ctx {
|
||||||
byte* ocsp_resp;
|
byte* ocsp_resp;
|
||||||
|
|
@ -588,6 +588,7 @@ int test_ocsp_status_callback(void)
|
||||||
{
|
{
|
||||||
return TEST_SKIPPED;
|
return TEST_SKIPPED;
|
||||||
}
|
}
|
||||||
#endif /* defined(HAVE_OCSP) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
|
#endif /* defined(HAVE_OCSP) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) \
|
||||||
defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(WOLFSSL_NO_TLS12) && \
|
&& defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
|
||||||
(defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) */
|
!defined(WOLFSSL_NO_TLS12) \
|
||||||
|
&& defined(OPENSSL_ALL) */
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue