diff --git a/configure.ac b/configure.ac index dc5ed6e69..0d392a119 100644 --- a/configure.ac +++ b/configure.ac @@ -540,7 +540,7 @@ fi if test "$ENABLED_OPENSSLALL" = "yes" then -AM_CFLAGS="-DOPENSSL_ALL $AM_CFLAGS" +AM_CFLAGS="-DOPENSSL_ALL -DWOLFSSL_EITHER_SIDE $AM_CFLAGS" fi # OPENSSL Extra Compatibility diff --git a/src/internal.c b/src/internal.c index ef64900dd..46db1b04a 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1921,11 +1921,10 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) void FreeSSL_Ctx(WOLFSSL_CTX* ctx) { - int doFree = 0; - - if (wc_LockMutex(&ctx->countMutex) != 0) { - WOLFSSL_MSG("Couldn't lock count mutex"); + int refCount; + /* decrement CTX reference count */ + if ((refCount = SSL_CTX_RefCount(ctx, -1)) < 0) { /* check error state, if mutex error code then mutex init failed but * CTX was still malloc'd */ if (ctx->err == CTX_INIT_MUTEX_E) { @@ -1934,12 +1933,8 @@ void FreeSSL_Ctx(WOLFSSL_CTX* ctx) } return; } - ctx->refCount--; - if (ctx->refCount == 0) - doFree = 1; - wc_UnLockMutex(&ctx->countMutex); - if (doFree) { + if (refCount == 0) { void* heap = ctx->heap; WOLFSSL_MSG("CTX ref count down to 0, doing full free"); SSL_CtxResourceFree(ctx); @@ -4857,6 +4852,32 @@ int InitSSL_Suites(WOLFSSL* ssl) return WOLFSSL_SUCCESS; } +/* returns new reference count. Arg incr positive=up or negative=down */ +int SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr) +{ + int refCount; + + if (ctx == NULL) { + return BAD_FUNC_ARG; + } + + if (wc_LockMutex(&ctx->countMutex) != 0) { + WOLFSSL_MSG("Couldn't lock CTX count mutex"); + return BAD_MUTEX_E; + } + + ctx->refCount += incr; + /* make sure refCount is never negative */ + if (ctx->refCount < 0) { + ctx->refCount = 0; + } + refCount = ctx->refCount; + + wc_UnLockMutex(&ctx->countMutex); + + return refCount; +} + /* This function inherits a WOLFSSL_CTX's fields into an SSL object. It is used during initialization and to switch an ssl's CTX with wolfSSL_Set_SSL_CTX. Requires ssl->suites alloc and ssl-arrays with PSK @@ -4869,7 +4890,7 @@ int InitSSL_Suites(WOLFSSL* ssl) WOLFSSL_SUCCESS return value on success */ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) { - int ret = WOLFSSL_SUCCESS; + int ret; byte newSSL; if (!ssl || !ctx) @@ -4896,12 +4917,11 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) } /* increment CTX reference count */ - if (wc_LockMutex(&ctx->countMutex) != 0) { - WOLFSSL_MSG("Couldn't lock CTX count mutex"); - return BAD_MUTEX_E; + if ((ret = SSL_CTX_RefCount(ctx, 1)) < 0) { + return ret; } - ctx->refCount++; - wc_UnLockMutex(&ctx->countMutex); + ret = WOLFSSL_SUCCESS; /* set default ret */ + ssl->ctx = ctx; /* only for passing to calls, options could change */ ssl->version = ctx->method->version; @@ -9445,7 +9465,12 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args) } #endif /* if verify callback has been set */ - if (use_cb && ssl->verifyCallback) { + if (use_cb && (ssl->verifyCallback + #ifdef OPENSSL_ALL + || ssl->ctx->verifyCertCb + #endif + )) { + int verifyFail = 0; #ifdef WOLFSSL_SMALL_STACK WOLFSSL_X509_STORE_CTX* store; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -9563,14 +9588,36 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args) #ifdef SESSION_CERTS store->sesChain = &ssl->session.chain; #endif + + #ifdef OPENSSL_ALL /* non-zero return code indicates failure override */ - if (ssl->verifyCallback(verify_ok, store)) { - if (ret != 0) { - WOLFSSL_MSG("Verify callback overriding error!"); - ret = 0; + if (ssl->ctx->verifyCertCb) { + if (ssl->ctx->verifyCertCb(store, ssl->ctx->verifyCertCbArg)) { + if (ret != 0) { + WOLFSSL_MSG("Verify Cert callback overriding error!"); + ret = 0; + } + } + else { + verifyFail = 1; } } - else { + #endif + + /* non-zero return code indicates failure override */ + if (ssl->verifyCallback) { + if (ssl->verifyCallback(verify_ok, store)) { + if (ret != 0) { + WOLFSSL_MSG("Verify callback overriding error!"); + ret = 0; + } + } + else { + verifyFail = 1; + } + } + + if (verifyFail) { /* induce error if one not present */ if (ret == 0) { ret = VERIFY_CERT_ERROR; diff --git a/src/ssl.c b/src/ssl.c index 61440ce43..c2171691e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -385,6 +385,14 @@ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method) #endif } +#ifdef OPENSSL_EXTRA +/* increases CTX reference count to track proper time to "free" */ +int wolfSSL_CTX_up_ref(WOLFSSL_CTX* ctx) +{ + int refCount = SSL_CTX_RefCount(ctx, 1); + return ((refCount > 1) ? 1 : 0); +} +#endif WOLFSSL_ABI void wolfSSL_CTX_free(WOLFSSL_CTX* ctx) @@ -9736,6 +9744,19 @@ void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc) ctx->verifyCallback = vc; } +#ifdef OPENSSL_ALL +void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx, + CertVerifyCallback cb, void* arg) +{ + WOLFSSL_ENTER("SSL_CTX_set_cert_verify_callback"); + if (ctx == NULL) + return; + + ctx->verifyCertCb = cb; + ctx->verifyCertCbArg = arg; +} +#endif + void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback vc) { @@ -14513,10 +14534,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return bio; } - - - - WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len) + WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(const void* buf, int len) { WOLFSSL_BIO* bio = NULL; @@ -19634,20 +19652,6 @@ const char* wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher) return wolfSSL_get_version(cipher->ssl); } -#ifndef NO_WOLFSSL_STUB -char* wolfSSL_CIPHER_get_rfc_name(const WOLFSSL_CIPHER* cipher) -{ - char* rfcName = NULL; - WOLFSSL_STUB("SSL_CIPHER_get_rfc_name"); - - if (cipher == NULL || cipher->ssl == NULL) { - return NULL; - } - - return rfcName; -} -#endif - const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session) { if (session == NULL) { @@ -23174,6 +23178,14 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_CTX_get0_store( return ctx->store; } +WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_cert(WOLFSSL_X509_STORE_CTX* ctx) +{ + if (ctx == NULL) + return NULL; + + return ctx->current_cert; +} + void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX* ctx, unsigned long flags, time_t t) @@ -36793,6 +36805,14 @@ err: return WOLFSSL_SUCCESS; } + int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) + { + /* TODO: Add X509 certificate to CertificateManager... */ + (void)ctx; + (void)x509; + return 0; + } + #ifndef NO_WOLFSSL_STUB int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) { #ifndef NO_FILESYSTEM @@ -41074,14 +41094,14 @@ void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char ** #endif /* WOLFSSL_NGINX / WOLFSSL_HAPROXY */ #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) -WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, char* names) +int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names) { int idx, start = 0, len; int curve; char name[MAX_CURVE_NAME_SZ]; /* Disable all curves so that only the ones the user wants are enabled. */ - ctx->disabledCurves = (word32)-1; + ctx->disabledCurves = 0xFFFFFFFFUL; for (idx = 1; names[idx-1] != '\0'; idx++) { if (names[idx] != ':' && names[idx] != '\0') continue; @@ -41118,7 +41138,15 @@ WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, char* names) return WOLFSSL_SUCCESS; } -#endif + +int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names) +{ + if (ssl == NULL) { + return WOLFSSL_FAILURE; + } + return wolfSSL_CTX_set1_curves_list(ssl->ctx, names); +} +#endif /* OPENSSL_EXTRA && HAVE_ECC */ #ifdef OPENSSL_EXTRA #ifndef NO_WOLFSSL_STUB diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 677f9030e..75e10fc61 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2661,6 +2661,10 @@ struct WOLFSSL_CTX { #endif #endif /* WOLFSSL_DTLS */ VerifyCallback verifyCallback; /* cert verification callback */ +#ifdef OPENSSL_ALL + CertVerifyCallback verifyCertCb; + void* verifyCertCbArg; +#endif /* OPENSSL_ALL */ word32 timeout; /* session timeout */ #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) word32 ecdhCurveOID; /* curve Ecc_Sum */ @@ -4082,14 +4086,11 @@ struct WOLFSSL { }; -WOLFSSL_LOCAL -int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int); -WOLFSSL_LOCAL -int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int); -WOLFSSL_LOCAL -void FreeSSL(WOLFSSL*, void* heap); -WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ - +WOLFSSL_LOCAL int SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr); +WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int); +WOLFSSL_LOCAL int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int); +WOLFSSL_LOCAL void FreeSSL(WOLFSSL*, void* heap); +WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */ #ifndef NO_CERTS diff --git a/wolfssl/openssl/ossl_typ.h b/wolfssl/openssl/ossl_typ.h index 65b00c728..9966b8932 100644 --- a/wolfssl/openssl/ossl_typ.h +++ b/wolfssl/openssl/ossl_typ.h @@ -1,2 +1,32 @@ -/* ossl_typ.h for openssl */ +/* ossl_typ.h + * + * Copyright (C) 2006-2019 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +/*! + \file wolfssl/openssl/ossl_typ.h +*/ + + +#ifndef WOLFSSL_OSSL_TYP_H_ +#define WOLFSSL_OSSL_TYP_H_ + +#include + +#endif /* !WOLFSSL_OSSL_TYP_H_ */ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index c0a99dbb2..73fe39ef3 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -192,6 +192,7 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define TLSv1_3_method wolfTLSv1_3_method #define TLSv1_3_server_method wolfTLSv1_3_server_method #define TLSv1_3_client_method wolfTLSv1_3_client_method +#define TLS_method wolfSSLv23_method #define X509_FILETYPE_ASN1 SSL_FILETYPE_ASN1 @@ -202,6 +203,7 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define DTLSv1_server_method wolfDTLSv1_server_method #define DTLSv1_2_client_method wolfDTLSv1_2_client_method #define DTLSv1_2_server_method wolfDTLSv1_2_server_method + #define DTLS_method wolfDTLS_method #endif @@ -219,6 +221,9 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #endif #define SSL_CTX_new(method) wolfSSL_CTX_new((WOLFSSL_METHOD*)(method)) +#ifdef OPENSSL_EXTRA +#define SSL_CTX_up_ref wolfSSL_CTX_up_ref +#endif #define SSL_new wolfSSL_new #define SSL_set_fd wolfSSL_set_fd #define SSL_get_fd wolfSSL_get_fd @@ -245,6 +250,7 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define SSL_CTX_get_session_cache_mode(ctx) 0 #define SSL_CTX_set_verify wolfSSL_CTX_set_verify +#define SSL_CTX_set_cert_verify_callback wolfSSL_CTX_set_cert_verify_callback #define SSL_set_verify wolfSSL_set_verify #define SSL_set_verify_result wolfSSL_set_verify_result #define SSL_pending wolfSSL_pending @@ -280,7 +286,8 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define SSL_CIPHER_get_name wolfSSL_CIPHER_get_name #define SSL_CIPHER_get_version wolfSSL_CIPHER_get_version #define SSL_CIPHER_get_id wolfSSL_CIPHER_get_id -#define SSL_CIPHER_get_rfc_name wolfSSL_CIPHER_get_rfc_name +#define SSL_CIPHER_get_rfc_name wolfSSL_CIPHER_get_name +#define SSL_CIPHER_standard_name wolfSSL_CIPHER_get_name #define SSL_get_cipher_by_value wolfSSL_get_cipher_by_value #define SSL_get1_session wolfSSL_get1_session @@ -472,6 +479,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_STORE_CTX_get0_current_issuer \ wolfSSL_X509_STORE_CTX_get0_current_issuer #define X509_STORE_CTX_get0_store wolfSSL_X509_STORE_CTX_get0_store +#define X509_STORE_CTX_get0_cert wolfSSL_X509_STORE_CTX_get0_cert #define X509_STORE_new wolfSSL_X509_STORE_new #define X509_STORE_free wolfSSL_X509_STORE_free @@ -803,6 +811,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #endif #define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate +#define SSL_CTX_add1_chain_cert wolfSSL_CTX_add1_chain_cert #define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey #define BIO_read_filename wolfSSL_BIO_read_filename #define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth @@ -870,7 +879,7 @@ enum { #define SSL_CTX_get_app_data(ctx) wolfSSL_CTX_get_ex_data(ctx,0) #define SSL_CTX_set_app_data(ctx,arg) wolfSSL_CTX_set_ex_data(ctx,0, \ (char *)(arg)) -#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ +#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY */ #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh @@ -1101,11 +1110,15 @@ enum { #define SSL_set_alpn_protos wolfSSL_set_alpn_protos #define SSL_get0_next_proto_negotiated wolfSSL_get0_next_proto_negotiated #define SSL_is_server wolfSSL_is_server -#define SSL_CTX_set1_curves_list wolfSSL_CTX_set1_curves_list #endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || WOLFSSL_MYSQL_COMPATIBLE || OPENSSL_ALL || HAVE_LIGHTY */ +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +#define SSL_CTX_set1_curves_list wolfSSL_CTX_set1_curves_list +#define SSL_set1_curves_list wolfSSL_set1_curves_list +#endif + #ifdef OPENSSL_EXTRA #define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA #define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 425697535..de0b98518 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -806,6 +806,9 @@ WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int); WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap); WOLFSSL_ABI WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*); +#ifdef OPENSSL_EXTRA +WOLFSSL_API int wolfSSL_CTX_up_ref(WOLFSSL_CTX*); +#endif WOLFSSL_ABI WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*); WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl); WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl); @@ -922,6 +925,13 @@ WOLFSSL_API int wolfSSL_get_ex_new_index(long argValue, void* arg, WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX*, int, VerifyCallback verify_callback); + +#ifdef OPENSSL_ALL +typedef int (*CertVerifyCallback)(WOLFSSL_X509_STORE_CTX* store, void* arg); +WOLFSSL_API void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx, + CertVerifyCallback cb, void* arg); +#endif + WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback); WOLFSSL_API void wolfSSL_set_verify_result(WOLFSSL*, long); WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*); @@ -1109,7 +1119,6 @@ WOLFSSL_API char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER*, char*, int); WOLFSSL_API const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher); WOLFSSL_API const char* wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher); WOLFSSL_API word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher); -WOLFSSL_API char* wolfSSL_CIPHER_get_rfc_name(const WOLFSSL_CIPHER* cipher); WOLFSSL_API const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value); WOLFSSL_API const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session); WOLFSSL_API const char* wolfSSL_get_cipher(WOLFSSL*); @@ -1179,7 +1188,7 @@ WOLFSSL_API int wolfSSL_BIO_meth_set_gets(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_ WOLFSSL_API int wolfSSL_BIO_meth_set_ctrl(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_ctrl_get_cb); WOLFSSL_API int wolfSSL_BIO_meth_set_create(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_create_cb); WOLFSSL_API int wolfSSL_BIO_meth_set_destroy(WOLFSSL_BIO_METHOD*, wolfSSL_BIO_meth_destroy_cb); -WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len); +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(const void* buf, int len); WOLFSSL_API long wolfSSL_BIO_set_ssl(WOLFSSL_BIO*, WOLFSSL*, int flag); #ifndef NO_FILESYSTEM @@ -1429,6 +1438,8 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer( WOLFSSL_X509_STORE_CTX* ctx); WOLFSSL_API WOLFSSL_X509_STORE* wolfSSL_X509_STORE_CTX_get0_store( WOLFSSL_X509_STORE_CTX* ctx); +WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_cert( + WOLFSSL_X509_STORE_CTX*); WOLFSSL_API int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void); WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error( WOLFSSL_X509_STORE_CTX* ctx, int er); @@ -3243,7 +3254,8 @@ struct WOLFSSL_ASN1_BIT_STRING { WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne); WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void); WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name); -WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x); +WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX*, WOLFSSL_X509*); +WOLFSSL_API int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX*, WOLFSSL_X509*); WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name); /* These are to be merged shortly */ WOLFSSL_API void wolfSSL_set_verify_depth(WOLFSSL *ssl,int depth); @@ -3464,6 +3476,11 @@ WOLFSSL_API void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *a); WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void (*f) (WOLFSSL_X509*)); #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */ +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names); +WOLFSSL_API int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names); +#endif /* OPENSSL_EXTRA && HAVE_ECC */ + #if defined(OPENSSL_ALL) || \ defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) @@ -3485,8 +3502,6 @@ WOLFSSL_API int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int #endif /* WOLFSSL_ASYNC_CRYPT */ #ifdef OPENSSL_EXTRA -WOLFSSL_API int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, char* names); - typedef void (*SSL_Msg_Cb)(int write_p, int version, int content_type, const void *buf, size_t len, WOLFSSL *ssl, void *arg);