mirror of https://github.com/wolfSSL/wolfssl.git
Merge pull request #4253 from julek-wolfssl/lighttpd-1.4.55
Implement `wolfSSL_set_client_CA_list` and add 'HIGH' cipher suitepull/4250/head
Hayden Roche
GitHub
commit
c6f0fb11d0
114
src/internal.c
114
src/internal.c
|
|
@ -2195,14 +2195,13 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
|
||||||
ctx->x509_store.objs = NULL;
|
ctx->x509_store.objs = NULL;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifdef OPENSSL_EXTRA
|
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
|
||||||
|
defined(WOLFSSL_WPAS_SMALL)
|
||||||
wolfSSL_X509_STORE_free(ctx->x509_store_pt);
|
wolfSSL_X509_STORE_free(ctx->x509_store_pt);
|
||||||
while (ctx->ca_names != NULL) {
|
#endif
|
||||||
WOLFSSL_STACK *next = ctx->ca_names->next;
|
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY)
|
||||||
wolfSSL_X509_NAME_free(ctx->ca_names->data.name);
|
wolfSSL_sk_X509_NAME_pop_free(ctx->ca_names, NULL);
|
||||||
XFREE(ctx->ca_names, NULL, DYNAMIC_TYPE_OPENSSL);
|
ctx->ca_names = NULL;
|
||||||
ctx->ca_names = next;
|
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
|
||||||
if (ctx->x509Chain) {
|
if (ctx->x509Chain) {
|
||||||
|
|
@ -7075,6 +7074,10 @@ void SSL_ResourceFree(WOLFSSL* ssl)
|
||||||
wolfSSL_sk_X509_free(ssl->peerCertChain);
|
wolfSSL_sk_X509_free(ssl->peerCertChain);
|
||||||
wolfSSL_sk_X509_free(ssl->ourCertChain);
|
wolfSSL_sk_X509_free(ssl->ourCertChain);
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY)
|
||||||
|
wolfSSL_sk_X509_NAME_pop_free(ssl->ca_names, NULL);
|
||||||
|
ssl->ca_names = NULL;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Free any handshake resources no longer needed */
|
/* Free any handshake resources no longer needed */
|
||||||
|
|
@ -10291,6 +10294,31 @@ static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain,
|
||||||
|
|
||||||
#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
|
#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
|
||||||
defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
|
static void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType)
|
||||||
|
{
|
||||||
|
if (nameType == SUBJECT) {
|
||||||
|
XSTRNCPY(name->name, dCert->subject, ASN_NAME_MAX);
|
||||||
|
name->name[ASN_NAME_MAX - 1] = '\0';
|
||||||
|
name->sz = (int)XSTRLEN(name->name) + 1;
|
||||||
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)
|
||||||
|
name->rawLen = min(dCert->subjectRawLen, ASN_NAME_MAX);
|
||||||
|
XMEMCPY(name->raw, dCert->subjectRaw, name->rawLen);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
XSTRNCPY(name->name, dCert->issuer, ASN_NAME_MAX);
|
||||||
|
name->name[ASN_NAME_MAX - 1] = '\0';
|
||||||
|
name->sz = (int)XSTRLEN(name->name) + 1;
|
||||||
|
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) \
|
||||||
|
&& (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT))
|
||||||
|
name->rawLen = min(dCert->issuerRawLen, ASN_NAME_MAX);
|
||||||
|
if (name->rawLen) {
|
||||||
|
XMEMCPY(name->raw, dCert->issuerRaw, name->rawLen);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* Copy parts X509 needs from Decoded cert, 0 on success */
|
/* Copy parts X509 needs from Decoded cert, 0 on success */
|
||||||
/* The same DecodedCert cannot be copied to WOLFSSL_X509 twice otherwise the
|
/* The same DecodedCert cannot be copied to WOLFSSL_X509 twice otherwise the
|
||||||
* altNames pointers could be free'd by second x509 still active by first */
|
* altNames pointers could be free'd by second x509 still active by first */
|
||||||
|
|
@ -10309,9 +10337,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||||
|
|
||||||
x509->version = dCert->version + 1;
|
x509->version = dCert->version + 1;
|
||||||
|
|
||||||
XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX);
|
CopyDecodedName(&x509->issuer, dCert, ISSUER);
|
||||||
x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
|
|
||||||
x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
|
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
if (dCert->issuerName != NULL) {
|
if (dCert->issuerName != NULL) {
|
||||||
wolfSSL_X509_set_issuer_name(x509,
|
wolfSSL_X509_set_issuer_name(x509,
|
||||||
|
|
@ -10319,10 +10345,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||||
x509->issuer.x509 = x509;
|
x509->issuer.x509 = x509;
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||||
|
CopyDecodedName(&x509->subject, dCert, SUBJECT);
|
||||||
XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
|
|
||||||
x509->subject.name[ASN_NAME_MAX - 1] = '\0';
|
|
||||||
x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
|
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
if (dCert->subjectName != NULL) {
|
if (dCert->subjectName != NULL) {
|
||||||
wolfSSL_X509_set_subject_name(x509,
|
wolfSSL_X509_set_subject_name(x509,
|
||||||
|
|
@ -10330,16 +10353,6 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
|
||||||
x509->subject.x509 = x509;
|
x509->subject.x509 = x509;
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
|
|
||||||
x509->subject.rawLen = min(dCert->subjectRawLen, sizeof(x509->subject.raw));
|
|
||||||
XMEMCPY(x509->subject.raw, dCert->subjectRaw, x509->subject.rawLen);
|
|
||||||
#ifdef WOLFSSL_CERT_EXT
|
|
||||||
x509->issuer.rawLen = min(dCert->issuerRawLen, sizeof(x509->issuer.raw));
|
|
||||||
if (x509->issuer.rawLen) {
|
|
||||||
XMEMCPY(x509->issuer.raw, dCert->issuerRaw, x509->issuer.rawLen);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
|
XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
|
||||||
x509->serialSz = dCert->serialSz;
|
x509->serialSz = dCert->serialSz;
|
||||||
|
|
@ -18688,7 +18701,7 @@ int SendCertificateRequest(WOLFSSL* ssl)
|
||||||
|
|
||||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)
|
||||||
/* Certificate Authorities */
|
/* Certificate Authorities */
|
||||||
names = ssl->ctx->ca_names;
|
names = SSL_CA_NAMES(ssl);
|
||||||
while (names != NULL) {
|
while (names != NULL) {
|
||||||
byte seq[MAX_SEQ_SZ];
|
byte seq[MAX_SEQ_SZ];
|
||||||
WOLFSSL_X509_NAME* name = names->data.name;
|
WOLFSSL_X509_NAME* name = names->data.name;
|
||||||
|
|
@ -18759,7 +18772,7 @@ int SendCertificateRequest(WOLFSSL* ssl)
|
||||||
c16toa((word16)dnLen, &output[i]); /* auth's */
|
c16toa((word16)dnLen, &output[i]); /* auth's */
|
||||||
i += REQ_HEADER_SZ;
|
i += REQ_HEADER_SZ;
|
||||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)
|
||||||
names = ssl->ctx->ca_names;
|
names = SSL_CA_NAMES(ssl);
|
||||||
while (names != NULL) {
|
while (names != NULL) {
|
||||||
byte seq[MAX_SEQ_SZ];
|
byte seq[MAX_SEQ_SZ];
|
||||||
WOLFSSL_X509_NAME* name = names->data.name;
|
WOLFSSL_X509_NAME* name = names->data.name;
|
||||||
|
|
@ -21105,7 +21118,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0 ||
|
if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0 ||
|
||||||
XSTRNCMP(next, "DEFAULT", 7) == 0)
|
XSTRNCMP(next, "DEFAULT", 7) == 0 || XSTRNCMP(next, "HIGH", 4) == 0)
|
||||||
return 1; /* wolfSSL default */
|
return 1; /* wolfSSL default */
|
||||||
|
|
||||||
do {
|
do {
|
||||||
|
|
@ -22928,8 +22941,11 @@ exit_dpk:
|
||||||
{
|
{
|
||||||
word16 len;
|
word16 len;
|
||||||
word32 begin = *inOutIdx;
|
word32 begin = *inOutIdx;
|
||||||
#ifdef OPENSSL_EXTRA
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
|
||||||
|
defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)
|
||||||
int ret;
|
int ret;
|
||||||
|
#endif
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
WOLFSSL_X509* x509 = NULL;
|
WOLFSSL_X509* x509 = NULL;
|
||||||
WOLFSSL_EVP_PKEY* pkey = NULL;
|
WOLFSSL_EVP_PKEY* pkey = NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -22991,12 +23007,22 @@ exit_dpk:
|
||||||
if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
|
if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
|
||||||
return BUFFER_ERROR;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
|
/* DN seq length */
|
||||||
ato16(input + *inOutIdx, &len);
|
ato16(input + *inOutIdx, &len);
|
||||||
*inOutIdx += OPAQUE16_LEN;
|
*inOutIdx += OPAQUE16_LEN;
|
||||||
|
|
||||||
if ((*inOutIdx - begin) + len > size)
|
if ((*inOutIdx - begin) + len > size)
|
||||||
return BUFFER_ERROR;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)
|
||||||
|
if (ssl->ca_names != ssl->ctx->ca_names)
|
||||||
|
wolfSSL_sk_X509_NAME_pop_free(ssl->ca_names, NULL);
|
||||||
|
ssl->ca_names = wolfSSL_sk_X509_NAME_new(NULL);
|
||||||
|
if (ssl->ca_names == NULL) {
|
||||||
|
return MEMORY_ERROR;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
while (len) {
|
while (len) {
|
||||||
word16 dnSz;
|
word16 dnSz;
|
||||||
|
|
||||||
|
|
@ -23009,6 +23035,38 @@ exit_dpk:
|
||||||
if ((*inOutIdx - begin) + dnSz > size)
|
if ((*inOutIdx - begin) + dnSz > size)
|
||||||
return BUFFER_ERROR;
|
return BUFFER_ERROR;
|
||||||
|
|
||||||
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)
|
||||||
|
{
|
||||||
|
/* Use a DecodedCert struct to get access to GetName to
|
||||||
|
* parse DN name */
|
||||||
|
DecodedCert cert;
|
||||||
|
WOLFSSL_X509_NAME* name;
|
||||||
|
|
||||||
|
InitDecodedCert(&cert, input + *inOutIdx, dnSz, ssl->heap);
|
||||||
|
|
||||||
|
if ((ret = GetName(&cert, SUBJECT, dnSz)) != 0) {
|
||||||
|
FreeDecodedCert(&cert);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((name = wolfSSL_X509_NAME_new()) == NULL) {
|
||||||
|
FreeDecodedCert(&cert);
|
||||||
|
return MEMORY_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
CopyDecodedName(name, &cert, SUBJECT);
|
||||||
|
|
||||||
|
if (wolfSSL_sk_X509_NAME_push(ssl->ca_names, name)
|
||||||
|
== WOLFSSL_FAILURE) {
|
||||||
|
FreeDecodedCert(&cert);
|
||||||
|
wolfSSL_X509_NAME_free(name);
|
||||||
|
return MEMORY_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
|
FreeDecodedCert(&cert);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
*inOutIdx += dnSz;
|
*inOutIdx += dnSz;
|
||||||
len -= OPAQUE16_LEN + dnSz;
|
len -= OPAQUE16_LEN + dnSz;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
631
src/ssl.c
631
src/ssl.c
|
|
@ -16032,70 +16032,27 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
||||||
#endif /* !NO_BIO */
|
#endif /* !NO_BIO */
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
|
|
||||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
|
||||||
void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx,
|
void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx,
|
||||||
WOLF_STACK_OF(WOLFSSL_X509_NAME)* names)
|
WOLF_STACK_OF(WOLFSSL_X509_NAME)* names)
|
||||||
{
|
{
|
||||||
WOLFSSL_ENTER("wolfSSL_CTX_set_client_CA_list");
|
WOLFSSL_ENTER("wolfSSL_CTX_set_client_CA_list");
|
||||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
|
if (ctx != NULL) {
|
||||||
if (ctx != NULL)
|
wolfSSL_sk_X509_NAME_pop_free(ctx->ca_names, NULL);
|
||||||
ctx->ca_names = names;
|
ctx->ca_names = names;
|
||||||
#else
|
}
|
||||||
(void)ctx;
|
|
||||||
(void)names;
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void wolfSSL_set_client_CA_list(WOLFSSL* ssl,
|
||||||
/* returns the CA's set on server side or the CA's sent from server when
|
WOLF_STACK_OF(WOLFSSL_X509_NAME)* names)
|
||||||
* on client side */
|
|
||||||
#if defined(SESSION_CERTS) && defined(OPENSSL_ALL)
|
|
||||||
WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list(
|
|
||||||
const WOLFSSL* ssl)
|
|
||||||
{
|
{
|
||||||
WOLFSSL_ENTER("wolfSSL_get_client_CA_list");
|
WOLFSSL_ENTER("wolfSSL_set_client_CA_list");
|
||||||
|
if (ssl != NULL) {
|
||||||
if (ssl == NULL) {
|
if (ssl->ca_names != ssl->ctx->ca_names)
|
||||||
WOLFSSL_MSG("Bad argument passed to wolfSSL_get_client_CA_list");
|
wolfSSL_sk_X509_NAME_pop_free(ssl->ca_names, NULL);
|
||||||
return NULL;
|
ssl->ca_names = names;
|
||||||
}
|
|
||||||
|
|
||||||
/* return list of CAs sent from the server */
|
|
||||||
if (ssl->options.side == WOLFSSL_CLIENT_END) {
|
|
||||||
WOLF_STACK_OF(WOLFSSL_X509)* sk;
|
|
||||||
|
|
||||||
sk = wolfSSL_get_peer_cert_chain(ssl);
|
|
||||||
if (sk != NULL) {
|
|
||||||
WOLF_STACK_OF(WOLFSSL_X509_NAME)* ret;
|
|
||||||
WOLFSSL_X509* x509;
|
|
||||||
|
|
||||||
ret = wolfSSL_sk_X509_NAME_new(NULL);
|
|
||||||
do {
|
|
||||||
x509 = wolfSSL_sk_X509_pop(sk);
|
|
||||||
if (x509 != NULL) {
|
|
||||||
if (wolfSSL_X509_get_isCA(x509)) {
|
|
||||||
if (wolfSSL_sk_X509_NAME_push(ret,
|
|
||||||
wolfSSL_X509_get_subject_name(x509)) != 0) {
|
|
||||||
WOLFSSL_MSG("Error pushing X509 name to stack");
|
|
||||||
/* continue on to try other certificates and
|
|
||||||
* do not fail out here */
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
wolfSSL_X509_free(x509);
|
|
||||||
}
|
|
||||||
} while (x509 != NULL);
|
|
||||||
wolfSSL_sk_X509_free(sk);
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
/* currently only can be set in the CTX */
|
|
||||||
return ssl->ctx->ca_names;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif /* SESSION_CERTS */
|
|
||||||
|
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
/* registers client cert callback, called during handshake if server
|
/* registers client cert callback, called during handshake if server
|
||||||
|
|
@ -16155,18 +16112,69 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
||||||
|
|
||||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
|
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
|
||||||
WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list(
|
WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list(
|
||||||
const WOLFSSL_CTX *s)
|
const WOLFSSL_CTX *ctx)
|
||||||
{
|
{
|
||||||
WOLFSSL_ENTER("wolfSSL_CTX_get_client_CA_list");
|
WOLFSSL_ENTER("wolfSSL_CTX_get_client_CA_list");
|
||||||
|
|
||||||
if (s == NULL)
|
if (ctx == NULL) {
|
||||||
|
WOLFSSL_MSG("Bad argument passed to wolfSSL_CTX_get_client_CA_list");
|
||||||
return NULL;
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
return s->ca_names;
|
return ctx->ca_names;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* returns the CA's set on server side or the CA's sent from server when
|
||||||
|
* on client side */
|
||||||
|
WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list(
|
||||||
|
const WOLFSSL* ssl)
|
||||||
|
{
|
||||||
|
WOLFSSL_ENTER("wolfSSL_get_client_CA_list");
|
||||||
|
|
||||||
|
if (ssl == NULL) {
|
||||||
|
WOLFSSL_MSG("Bad argument passed to wolfSSL_get_client_CA_list");
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
return SSL_CA_NAMES(ssl);
|
||||||
|
}
|
||||||
|
|
||||||
|
#if !defined(NO_CERTS)
|
||||||
|
int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
|
||||||
|
{
|
||||||
|
WOLFSSL_X509_NAME *nameCopy = NULL;
|
||||||
|
|
||||||
|
WOLFSSL_ENTER("wolfSSL_CTX_add_client_CA");
|
||||||
|
|
||||||
|
if (ctx == NULL || x509 == NULL){
|
||||||
|
WOLFSSL_MSG("Bad argument");
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ctx->ca_names == NULL) {
|
||||||
|
ctx->ca_names = wolfSSL_sk_X509_NAME_new(NULL);
|
||||||
|
if (ctx->ca_names == NULL) {
|
||||||
|
WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error");
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
nameCopy = wolfSSL_X509_NAME_dup(wolfSSL_X509_get_subject_name(x509));
|
||||||
|
if (nameCopy == NULL) {
|
||||||
|
WOLFSSL_MSG("wolfSSL_X509_NAME_dup error");
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (wolfSSL_sk_X509_NAME_push(ctx->ca_names, nameCopy) != WOLFSSL_SUCCESS) {
|
||||||
|
WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error");
|
||||||
|
wolfSSL_X509_NAME_free(nameCopy);
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
return WOLFSSL_SUCCESS;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
|
|
||||||
#ifndef NO_BIO
|
#ifndef NO_BIO
|
||||||
#if !defined(NO_RSA) && !defined(NO_CERTS)
|
#if !defined(NO_RSA) && !defined(NO_CERTS)
|
||||||
WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname)
|
WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname)
|
||||||
|
|
@ -16177,43 +16185,49 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
||||||
* the function. */
|
* the function. */
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
WOLFSSL_STACK *list = NULL;
|
WOLFSSL_STACK *list = NULL;
|
||||||
WOLFSSL_STACK *node;
|
WOLFSSL_BIO* bio = NULL;
|
||||||
WOLFSSL_BIO* bio;
|
|
||||||
WOLFSSL_X509 *cert = NULL;
|
WOLFSSL_X509 *cert = NULL;
|
||||||
WOLFSSL_X509_NAME *subjectName = NULL;
|
WOLFSSL_X509_NAME *nameCopy = NULL;
|
||||||
unsigned long err;
|
unsigned long err = WOLFSSL_FAILURE;
|
||||||
|
|
||||||
WOLFSSL_ENTER("wolfSSL_load_client_CA_file");
|
WOLFSSL_ENTER("wolfSSL_load_client_CA_file");
|
||||||
|
|
||||||
bio = wolfSSL_BIO_new_file(fname, "rb");
|
bio = wolfSSL_BIO_new_file(fname, "rb");
|
||||||
if (bio == NULL)
|
if (bio == NULL) {
|
||||||
return NULL;
|
WOLFSSL_MSG("wolfSSL_BIO_new_file error");
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
|
list = wolfSSL_sk_X509_NAME_new(NULL);
|
||||||
|
if (list == NULL) {
|
||||||
|
WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error");
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
/* Read each certificate in the chain out of the file. */
|
/* Read each certificate in the chain out of the file. */
|
||||||
while (wolfSSL_PEM_read_bio_X509(bio, &cert, NULL, NULL) != NULL) {
|
while (wolfSSL_PEM_read_bio_X509(bio, &cert, NULL, NULL) != NULL) {
|
||||||
subjectName = wolfSSL_X509_get_subject_name(cert);
|
|
||||||
if (subjectName == NULL)
|
|
||||||
break;
|
|
||||||
|
|
||||||
node = wolfSSL_sk_new_node(NULL);
|
|
||||||
if (node == NULL)
|
|
||||||
break;
|
|
||||||
node->type = STACK_TYPE_X509_NAME;
|
|
||||||
|
|
||||||
/* Need a persistent copy of the subject name. */
|
/* Need a persistent copy of the subject name. */
|
||||||
node->data.name = wolfSSL_X509_NAME_dup(subjectName);
|
nameCopy = wolfSSL_X509_NAME_dup(
|
||||||
if (node->data.name != NULL) {
|
wolfSSL_X509_get_subject_name(cert));
|
||||||
|
if (nameCopy == NULL) {
|
||||||
|
WOLFSSL_MSG("wolfSSL_X509_NAME_dup error");
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
/*
|
/*
|
||||||
* Original cert will be freed so make sure not to try to access
|
* Original cert will be freed so make sure not to try to access
|
||||||
* it in the future.
|
* it in the future.
|
||||||
*/
|
*/
|
||||||
node->data.name->x509 = NULL;
|
nameCopy->x509 = NULL;
|
||||||
}
|
|
||||||
|
|
||||||
/* Put node on the front of the list. */
|
if (wolfSSL_sk_X509_NAME_push(list, nameCopy) !=
|
||||||
node->num = (list == NULL) ? 1 : list->num + 1;
|
WOLFSSL_SUCCESS) {
|
||||||
node->next = list;
|
WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error");
|
||||||
list = node;
|
/* Do free in loop because nameCopy is now responsibility
|
||||||
|
* of list to free and adding jumps to cleanup after this
|
||||||
|
* might result in a double free. */
|
||||||
|
wolfSSL_X509_NAME_free(nameCopy);
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
wolfSSL_X509_free(cert);
|
wolfSSL_X509_free(cert);
|
||||||
cert = NULL;
|
cert = NULL;
|
||||||
|
|
@ -16231,8 +16245,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
||||||
wc_RemoveErrorNode(-1);
|
wc_RemoveErrorNode(-1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
err = WOLFSSL_SUCCESS;
|
||||||
|
cleanup:
|
||||||
wolfSSL_X509_free(cert);
|
wolfSSL_X509_free(cert);
|
||||||
wolfSSL_BIO_free(bio);
|
wolfSSL_BIO_free(bio);
|
||||||
|
if (err != WOLFSSL_SUCCESS) {
|
||||||
|
/* We failed so return NULL */
|
||||||
|
wolfSSL_sk_X509_NAME_pop_free(list, NULL);
|
||||||
|
list = NULL;
|
||||||
|
}
|
||||||
return list;
|
return list;
|
||||||
#else
|
#else
|
||||||
(void)fname;
|
(void)fname;
|
||||||
|
|
@ -16241,57 +16262,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#endif /* !NO_BIO */
|
#endif /* !NO_BIO */
|
||||||
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
|
#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA */
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
#if !defined(NO_RSA) && !defined(NO_CERTS)
|
|
||||||
int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
|
|
||||||
{
|
|
||||||
WOLFSSL_STACK *node = NULL;
|
|
||||||
WOLFSSL_X509_NAME *subjectName = NULL;
|
|
||||||
|
|
||||||
WOLFSSL_ENTER("wolfSSL_CTX_add_client_CA");
|
|
||||||
|
|
||||||
if (ctx == NULL || x509 == NULL){
|
|
||||||
WOLFSSL_MSG("Bad argument");
|
|
||||||
return SSL_FAILURE;
|
|
||||||
}
|
|
||||||
|
|
||||||
subjectName = wolfSSL_X509_get_subject_name(x509);
|
|
||||||
if (subjectName == NULL){
|
|
||||||
WOLFSSL_MSG("invalid x509 data");
|
|
||||||
return SSL_FAILURE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Alloc stack struct */
|
|
||||||
node = (WOLF_STACK_OF(WOLFSSL_X509_NAME)*)XMALLOC(
|
|
||||||
sizeof(WOLF_STACK_OF(WOLFSSL_X509_NAME)),
|
|
||||||
NULL, DYNAMIC_TYPE_OPENSSL);
|
|
||||||
if (node == NULL){
|
|
||||||
WOLFSSL_MSG("memory allocation error");
|
|
||||||
return SSL_FAILURE;
|
|
||||||
}
|
|
||||||
XMEMSET(node, 0, sizeof(WOLF_STACK_OF(WOLFSSL_X509_NAME)));
|
|
||||||
|
|
||||||
/* Alloc and copy WOLFSSL_X509_NAME */
|
|
||||||
node->data.name = (WOLFSSL_X509_NAME*)XMALLOC(
|
|
||||||
sizeof(WOLFSSL_X509_NAME),
|
|
||||||
NULL, DYNAMIC_TYPE_OPENSSL);
|
|
||||||
if (node->data.name == NULL) {
|
|
||||||
XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
||||||
WOLFSSL_MSG("memory allocation error");
|
|
||||||
return SSL_FAILURE;
|
|
||||||
}
|
|
||||||
XMEMCPY(node->data.name, subjectName, sizeof(WOLFSSL_X509_NAME));
|
|
||||||
XMEMSET(subjectName, 0, sizeof(WOLFSSL_X509_NAME));
|
|
||||||
|
|
||||||
/* push new node onto head of stack */
|
|
||||||
node->num = (ctx->ca_names == NULL) ? 1 : ctx->ca_names->num + 1;
|
|
||||||
node->next = ctx->ca_names;
|
|
||||||
ctx->ca_names = node;
|
|
||||||
return WOLFSSL_SUCCESS;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef NO_WOLFSSL_STUB
|
#ifndef NO_WOLFSSL_STUB
|
||||||
int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
|
int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
|
||||||
|
|
@ -19037,7 +19010,9 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl)
|
||||||
if (ssl == NULL)
|
if (ssl == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
if (ssl->peerCertChain == NULL)
|
/* Try to populate if NULL or empty */
|
||||||
|
if (ssl->peerCertChain == NULL ||
|
||||||
|
wolfSSL_sk_X509_num(ssl->peerCertChain) == 0)
|
||||||
wolfSSL_set_peer_cert_chain((WOLFSSL*) ssl);
|
wolfSSL_set_peer_cert_chain((WOLFSSL*) ssl);
|
||||||
return ssl->peerCertChain;
|
return ssl->peerCertChain;
|
||||||
}
|
}
|
||||||
|
|
@ -19142,6 +19117,8 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
|
||||||
wolfSSL_sk_X509_shift(sk);
|
wolfSSL_sk_X509_shift(sk);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
if (ssl->peerCertChain != NULL)
|
||||||
|
wolfSSL_sk_X509_free(ssl->peerCertChain);
|
||||||
/* This is Free'd when ssl is Free'd */
|
/* This is Free'd when ssl is Free'd */
|
||||||
ssl->peerCertChain = sk;
|
ssl->peerCertChain = sk;
|
||||||
return sk;
|
return sk;
|
||||||
|
|
@ -45081,6 +45058,204 @@ void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || FORTRESS */
|
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || FORTRESS */
|
||||||
|
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
|
||||||
|
defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \
|
||||||
|
defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)
|
||||||
|
|
||||||
|
WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new(wolf_sk_compare_cb cb)
|
||||||
|
{
|
||||||
|
WOLFSSL_STACK* sk;
|
||||||
|
(void)cb;
|
||||||
|
|
||||||
|
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_new");
|
||||||
|
|
||||||
|
sk = wolfSSL_sk_new_node(NULL);
|
||||||
|
if (sk != NULL) {
|
||||||
|
sk->type = STACK_TYPE_X509_NAME;
|
||||||
|
#ifdef OPENSSL_ALL
|
||||||
|
sk->comp = cb;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
return sk;
|
||||||
|
}
|
||||||
|
|
||||||
|
int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk)
|
||||||
|
{
|
||||||
|
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_num");
|
||||||
|
|
||||||
|
if (sk == NULL)
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
return (int)sk->num;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Getter function for WOLFSSL_X509_NAME pointer
|
||||||
|
*
|
||||||
|
* sk is the stack to retrieve pointer from
|
||||||
|
* i is the index value in stack
|
||||||
|
*
|
||||||
|
* returns a pointer to a WOLFSSL_X509_NAME structure on success and NULL on
|
||||||
|
* fail
|
||||||
|
*/
|
||||||
|
WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(const STACK_OF(WOLFSSL_X509_NAME)* sk,
|
||||||
|
int i)
|
||||||
|
{
|
||||||
|
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value");
|
||||||
|
|
||||||
|
for (; sk != NULL && i > 0; i--) {
|
||||||
|
sk = sk->next;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (i != 0 || sk == NULL)
|
||||||
|
return NULL;
|
||||||
|
|
||||||
|
return sk->data.name;
|
||||||
|
}
|
||||||
|
|
||||||
|
WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
|
||||||
|
{
|
||||||
|
WOLFSSL_STACK* node;
|
||||||
|
WOLFSSL_X509_NAME* name;
|
||||||
|
|
||||||
|
if (sk == NULL) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
node = sk->next;
|
||||||
|
name = sk->data.name;
|
||||||
|
|
||||||
|
if (node != NULL) { /* update sk and remove node from stack */
|
||||||
|
sk->data.name = node->data.name;
|
||||||
|
sk->next = node->next;
|
||||||
|
XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||||
|
}
|
||||||
|
else { /* last x509 in stack */
|
||||||
|
sk->data.name = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (sk->num > 0) {
|
||||||
|
sk->num -= 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return name;
|
||||||
|
}
|
||||||
|
|
||||||
|
void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
|
||||||
|
void (*f) (WOLFSSL_X509_NAME*))
|
||||||
|
{
|
||||||
|
WOLFSSL_STACK* node;
|
||||||
|
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_pop_free");
|
||||||
|
|
||||||
|
if (sk == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
|
node = sk->next;
|
||||||
|
while (node && sk->num > 1) {
|
||||||
|
WOLFSSL_STACK* tmp = node;
|
||||||
|
node = node->next;
|
||||||
|
if (f)
|
||||||
|
f(tmp->data.name);
|
||||||
|
else
|
||||||
|
wolfSSL_X509_NAME_free(tmp->data.name);
|
||||||
|
tmp->data.name = NULL;
|
||||||
|
XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||||
|
sk->num -= 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* free head of stack */
|
||||||
|
if (sk->num == 1) {
|
||||||
|
if (f)
|
||||||
|
f(sk->data.name);
|
||||||
|
else
|
||||||
|
wolfSSL_X509_NAME_free(sk->data.name);
|
||||||
|
sk->data.name = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
XFREE(sk, sk->heap, DYNAMIC_TYPE_OPENSSL);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Free only the sk structure, NOT X509_NAME members */
|
||||||
|
void wolfSSL_sk_X509_NAME_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
|
||||||
|
{
|
||||||
|
WOLFSSL_STACK* node;
|
||||||
|
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_free");
|
||||||
|
|
||||||
|
if (sk == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
|
node = sk->next;
|
||||||
|
while (sk->num > 1) {
|
||||||
|
WOLFSSL_STACK* tmp = node;
|
||||||
|
node = node->next;
|
||||||
|
XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||||
|
sk->num -= 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
XFREE(sk, sk->heap, DYNAMIC_TYPE_OPENSSL);
|
||||||
|
}
|
||||||
|
|
||||||
|
int wolfSSL_sk_X509_NAME_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
|
||||||
|
WOLFSSL_X509_NAME* name)
|
||||||
|
{
|
||||||
|
WOLFSSL_STACK* node;
|
||||||
|
|
||||||
|
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_push");
|
||||||
|
|
||||||
|
if (sk == NULL || name == NULL) {
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* no previous values in stack */
|
||||||
|
if (sk->data.name == NULL) {
|
||||||
|
sk->data.name = name;
|
||||||
|
sk->num += 1;
|
||||||
|
return WOLFSSL_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* stack already has value(s) create a new node and add more */
|
||||||
|
node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
|
||||||
|
DYNAMIC_TYPE_OPENSSL);
|
||||||
|
if (node == NULL) {
|
||||||
|
WOLFSSL_MSG("Memory error");
|
||||||
|
return WOLFSSL_FAILURE;
|
||||||
|
}
|
||||||
|
XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
|
||||||
|
|
||||||
|
/* push new obj onto head of stack */
|
||||||
|
node->data.name = sk->data.name;
|
||||||
|
node->next = sk->next;
|
||||||
|
sk->type = STACK_TYPE_X509_NAME;
|
||||||
|
sk->next = node;
|
||||||
|
sk->data.name = name;
|
||||||
|
sk->num += 1;
|
||||||
|
|
||||||
|
return WOLFSSL_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* return index of found, or negative to indicate not found */
|
||||||
|
int wolfSSL_sk_X509_NAME_find(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk,
|
||||||
|
WOLFSSL_X509_NAME *name)
|
||||||
|
{
|
||||||
|
int i;
|
||||||
|
|
||||||
|
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_find");
|
||||||
|
|
||||||
|
if (sk == NULL)
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
for (i = 0; sk; i++, sk = sk->next) {
|
||||||
|
if (wolfSSL_X509_NAME_cmp(sk->data.name, name) == 0) {
|
||||||
|
return i;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* OPENSSL_EXTRA || HAVE_STUNNEL || WOLFSSL_NGINX ||
|
||||||
|
HAVE_LIGHTY || WOLFSSL_HAPROXY ||
|
||||||
|
WOLFSSL_OPENSSH || HAVE_SBLIM_SFCB */
|
||||||
|
|
||||||
/* Note: This is a huge section of API's - through
|
/* Note: This is a huge section of API's - through
|
||||||
* wolfSSL_X509_OBJECT_get0_X509_CRL */
|
* wolfSSL_X509_OBJECT_get0_X509_CRL */
|
||||||
#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
|
#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \
|
||||||
|
|
@ -45453,21 +45628,6 @@ int wolfSSL_sk_X509_INFO_push(WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
|
||||||
return WOLFSSL_SUCCESS;
|
return WOLFSSL_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new(wolf_sk_compare_cb cb)
|
|
||||||
{
|
|
||||||
WOLFSSL_STACK* sk;
|
|
||||||
|
|
||||||
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_new");
|
|
||||||
|
|
||||||
sk = wolfSSL_sk_new_node(NULL);
|
|
||||||
if (sk != NULL) {
|
|
||||||
sk->type = STACK_TYPE_X509_NAME;
|
|
||||||
sk->comp = cb;
|
|
||||||
}
|
|
||||||
|
|
||||||
return sk;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Creates a duplicate of WOLF_STACK_OF(WOLFSSL_X509_NAME).
|
/* Creates a duplicate of WOLF_STACK_OF(WOLFSSL_X509_NAME).
|
||||||
* Returns a new WOLF_STACK_OF(WOLFSSL_X509_NAME) or NULL on failure */
|
* Returns a new WOLF_STACK_OF(WOLFSSL_X509_NAME) or NULL on failure */
|
||||||
WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list(
|
WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list(
|
||||||
|
|
@ -45480,7 +45640,7 @@ WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list(
|
||||||
|
|
||||||
WOLFSSL_ENTER("wolfSSL_dup_CA_list");
|
WOLFSSL_ENTER("wolfSSL_dup_CA_list");
|
||||||
|
|
||||||
copy = wolfSSL_sk_X509_NAME_new(NULL);
|
copy = wolfSSL_sk_X509_NAME_new(sk->comp);
|
||||||
if (copy == NULL) {
|
if (copy == NULL) {
|
||||||
WOLFSSL_MSG("Memory error");
|
WOLFSSL_MSG("Memory error");
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
@ -45498,63 +45658,6 @@ WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list(
|
||||||
return copy;
|
return copy;
|
||||||
}
|
}
|
||||||
|
|
||||||
int wolfSSL_sk_X509_NAME_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
|
|
||||||
WOLFSSL_X509_NAME* name)
|
|
||||||
{
|
|
||||||
WOLFSSL_STACK* node;
|
|
||||||
|
|
||||||
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_push");
|
|
||||||
|
|
||||||
if (sk == NULL || name == NULL) {
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* no previous values in stack */
|
|
||||||
if (sk->data.name == NULL) {
|
|
||||||
sk->data.name = name;
|
|
||||||
sk->num += 1;
|
|
||||||
return WOLFSSL_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* stack already has value(s) create a new node and add more */
|
|
||||||
node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
|
|
||||||
DYNAMIC_TYPE_OPENSSL);
|
|
||||||
if (node == NULL) {
|
|
||||||
WOLFSSL_MSG("Memory error");
|
|
||||||
return WOLFSSL_FAILURE;
|
|
||||||
}
|
|
||||||
XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
|
|
||||||
|
|
||||||
/* push new obj onto head of stack */
|
|
||||||
node->data.name = sk->data.name;
|
|
||||||
node->next = sk->next;
|
|
||||||
sk->type = STACK_TYPE_X509_NAME;
|
|
||||||
sk->next = node;
|
|
||||||
sk->data.name = name;
|
|
||||||
sk->num += 1;
|
|
||||||
|
|
||||||
return WOLFSSL_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* return index of found, or negative to indicate not found */
|
|
||||||
int wolfSSL_sk_X509_NAME_find(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk,
|
|
||||||
WOLFSSL_X509_NAME *name)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
|
|
||||||
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_find");
|
|
||||||
|
|
||||||
if (sk == NULL)
|
|
||||||
return BAD_FUNC_ARG;
|
|
||||||
|
|
||||||
for (i = 0; sk; i++, sk = sk->next) {
|
|
||||||
if (wolfSSL_X509_NAME_cmp(sk->data.name, name) == 0) {
|
|
||||||
return i;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i)
|
void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i)
|
||||||
{
|
{
|
||||||
WOLFSSL_ENTER("wolfSSL_sk_X509_OBJECT_value");
|
WOLFSSL_ENTER("wolfSSL_sk_X509_OBJECT_value");
|
||||||
|
|
@ -45589,121 +45692,6 @@ int wolfSSL_sk_X509_NAME_set_cmp_func(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_ALL */
|
#endif /* OPENSSL_ALL */
|
||||||
|
|
||||||
int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk)
|
|
||||||
{
|
|
||||||
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_num");
|
|
||||||
|
|
||||||
if (sk == NULL)
|
|
||||||
return BAD_FUNC_ARG;
|
|
||||||
|
|
||||||
return (int)sk->num;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Getter function for WOLFSSL_X509_NAME pointer
|
|
||||||
*
|
|
||||||
* sk is the stack to retrieve pointer from
|
|
||||||
* i is the index value in stack
|
|
||||||
*
|
|
||||||
* returns a pointer to a WOLFSSL_X509_NAME structure on success and NULL on
|
|
||||||
* fail
|
|
||||||
*/
|
|
||||||
WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(const STACK_OF(WOLFSSL_X509_NAME)* sk,
|
|
||||||
int i)
|
|
||||||
{
|
|
||||||
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value");
|
|
||||||
|
|
||||||
for (; sk != NULL && i > 0; i--) {
|
|
||||||
sk = sk->next;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (i != 0 || sk == NULL)
|
|
||||||
return NULL;
|
|
||||||
|
|
||||||
return sk->data.name;
|
|
||||||
}
|
|
||||||
|
|
||||||
WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
|
|
||||||
{
|
|
||||||
WOLFSSL_STACK* node;
|
|
||||||
WOLFSSL_X509_NAME* name;
|
|
||||||
|
|
||||||
if (sk == NULL) {
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
node = sk->next;
|
|
||||||
name = sk->data.name;
|
|
||||||
|
|
||||||
if (node != NULL) { /* update sk and remove node from stack */
|
|
||||||
sk->data.name = node->data.name;
|
|
||||||
sk->next = node->next;
|
|
||||||
XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
||||||
}
|
|
||||||
else { /* last x509 in stack */
|
|
||||||
sk->data.name = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (sk->num > 0) {
|
|
||||||
sk->num -= 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
return name;
|
|
||||||
}
|
|
||||||
|
|
||||||
void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
|
|
||||||
void (*f) (WOLFSSL_X509_NAME*))
|
|
||||||
{
|
|
||||||
WOLFSSL_STACK* node;
|
|
||||||
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_pop_free");
|
|
||||||
|
|
||||||
if (sk == NULL)
|
|
||||||
return;
|
|
||||||
|
|
||||||
node = sk->next;
|
|
||||||
while (node && sk->num > 1) {
|
|
||||||
WOLFSSL_STACK* tmp = node;
|
|
||||||
node = node->next;
|
|
||||||
if (f)
|
|
||||||
f(tmp->data.name);
|
|
||||||
else
|
|
||||||
wolfSSL_X509_NAME_free(tmp->data.name);
|
|
||||||
tmp->data.name = NULL;
|
|
||||||
XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
||||||
sk->num -= 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* free head of stack */
|
|
||||||
if (sk->num == 1) {
|
|
||||||
if (f)
|
|
||||||
f(sk->data.name);
|
|
||||||
else
|
|
||||||
wolfSSL_X509_NAME_free(sk->data.name);
|
|
||||||
sk->data.name = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
XFREE(sk, sk->heap, DYNAMIC_TYPE_OPENSSL);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Free only the sk structure, NOT X509_NAME members */
|
|
||||||
void wolfSSL_sk_X509_NAME_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
|
|
||||||
{
|
|
||||||
WOLFSSL_STACK* node;
|
|
||||||
WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_free");
|
|
||||||
|
|
||||||
if (sk == NULL)
|
|
||||||
return;
|
|
||||||
|
|
||||||
node = sk->next;
|
|
||||||
while (sk->num > 1) {
|
|
||||||
WOLFSSL_STACK* tmp = node;
|
|
||||||
node = node->next;
|
|
||||||
XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
||||||
sk->num -= 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
XFREE(sk, sk->heap, DYNAMIC_TYPE_OPENSSL);
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifndef NO_BIO
|
#ifndef NO_BIO
|
||||||
|
|
||||||
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
|
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
|
||||||
|
|
@ -58174,7 +58162,8 @@ int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
|
||||||
* START OF X509_STORE APIs
|
* START OF X509_STORE APIs
|
||||||
******************************************************************************/
|
******************************************************************************/
|
||||||
|
|
||||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
|
||||||
|
defined(WOLFSSL_WPAS_SMALL)
|
||||||
WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
|
WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
|
||||||
{
|
{
|
||||||
WOLFSSL_X509_STORE* store = NULL;
|
WOLFSSL_X509_STORE* store = NULL;
|
||||||
|
|
@ -58367,7 +58356,7 @@ int wolfSSL_X509_STORE_set_ex_data_with_cleanup(
|
||||||
|
|
||||||
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
|
#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
|
||||||
|
|
||||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER || WOLFSSL_WPAS_SMALL */
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
|
|
||||||
|
|
|
||||||
96
tests/api.c
96
tests/api.c
|
|
@ -30772,17 +30772,42 @@ static void test_wolfSSL_CTX_set_client_CA_list(void)
|
||||||
#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
|
#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
|
||||||
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_BIO)
|
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_BIO)
|
||||||
WOLFSSL_CTX* ctx;
|
WOLFSSL_CTX* ctx;
|
||||||
|
WOLFSSL* ssl;
|
||||||
X509_NAME* name = NULL;
|
X509_NAME* name = NULL;
|
||||||
STACK_OF(X509_NAME)* names = NULL;
|
STACK_OF(X509_NAME)* names = NULL;
|
||||||
STACK_OF(X509_NAME)* ca_list = NULL;
|
STACK_OF(X509_NAME)* ca_list = NULL;
|
||||||
int i, names_len;
|
int i, names_len;
|
||||||
|
|
||||||
printf(testingFmt, "wolfSSL_CTX_set_client_CA_list()");
|
printf(testingFmt, "wolfSSL_CTX_set_client_CA_list()");
|
||||||
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
|
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
|
||||||
|
/* Send two X501 names in cert request */
|
||||||
names = SSL_load_client_CA_file(cliCertFile);
|
names = SSL_load_client_CA_file(cliCertFile);
|
||||||
AssertNotNull(names);
|
AssertNotNull(names);
|
||||||
|
ca_list = SSL_load_client_CA_file(caCertFile);
|
||||||
|
AssertNotNull(ca_list);
|
||||||
|
AssertIntEQ(sk_X509_NAME_push(names, sk_X509_NAME_value(ca_list, 0)), 1);
|
||||||
SSL_CTX_set_client_CA_list(ctx, names);
|
SSL_CTX_set_client_CA_list(ctx, names);
|
||||||
|
/* This should only free the stack structure */
|
||||||
|
sk_X509_NAME_free(ca_list);
|
||||||
AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
|
AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
|
||||||
|
AssertIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names));
|
||||||
|
|
||||||
|
AssertIntGT((names_len = sk_X509_NAME_num(names)), 0);
|
||||||
|
for (i=0; i<names_len; i++) {
|
||||||
|
AssertNotNull(name = sk_X509_NAME_value(names, i));
|
||||||
|
AssertIntEQ(sk_X509_NAME_find(names, name), i);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Needed to be able to create ssl object */
|
||||||
|
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
|
||||||
|
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
|
||||||
|
AssertNotNull(ssl = wolfSSL_new(ctx));
|
||||||
|
/* load again as old names are responsibility of ctx to free*/
|
||||||
|
names = SSL_load_client_CA_file(cliCertFile);
|
||||||
|
AssertNotNull(names);
|
||||||
|
SSL_set_client_CA_list(ssl, names);
|
||||||
|
AssertNotNull(ca_list = SSL_get_client_CA_list(ssl));
|
||||||
|
AssertIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names));
|
||||||
|
|
||||||
AssertIntGT((names_len = sk_X509_NAME_num(names)), 0);
|
AssertIntGT((names_len = sk_X509_NAME_num(names)), 0);
|
||||||
for (i=0; i<names_len; i++) {
|
for (i=0; i<names_len; i++) {
|
||||||
|
|
@ -30790,8 +30815,75 @@ static void test_wolfSSL_CTX_set_client_CA_list(void)
|
||||||
AssertIntEQ(sk_X509_NAME_find(names, name), i);
|
AssertIntEQ(sk_X509_NAME_find(names, name), i);
|
||||||
}
|
}
|
||||||
|
|
||||||
wolfSSL_CTX_free(ctx);
|
|
||||||
printf(resultFmt, passed);
|
printf(resultFmt, passed);
|
||||||
|
|
||||||
|
#if !defined(SINGLE_THREADED) && defined(SESSION_CERTS)
|
||||||
|
{
|
||||||
|
tcp_ready ready;
|
||||||
|
func_args server_args;
|
||||||
|
callback_functions server_cb;
|
||||||
|
THREAD_TYPE serverThread;
|
||||||
|
WOLFSSL* ssl_client;
|
||||||
|
WOLFSSL_CTX* ctx_client;
|
||||||
|
SOCKET_T sockfd = 0;
|
||||||
|
|
||||||
|
printf(testingFmt, "wolfSSL_get_client_CA_list() with handshake");
|
||||||
|
|
||||||
|
StartTCP();
|
||||||
|
InitTcpReady(&ready);
|
||||||
|
|
||||||
|
XMEMSET(&server_args, 0, sizeof(func_args));
|
||||||
|
XMEMSET(&server_cb, 0, sizeof(callback_functions));
|
||||||
|
|
||||||
|
server_args.signal = &ready;
|
||||||
|
server_args.callbacks = &server_cb;
|
||||||
|
|
||||||
|
/* we are responsible for free'ing WOLFSSL_CTX */
|
||||||
|
server_cb.ctx = ctx;
|
||||||
|
server_cb.isSharedCtx = 1;
|
||||||
|
|
||||||
|
AssertIntEQ(WOLFSSL_SUCCESS,
|
||||||
|
wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0));
|
||||||
|
|
||||||
|
start_thread(test_server_nofail, &server_args, &serverThread);
|
||||||
|
wait_tcp_ready(&server_args);
|
||||||
|
|
||||||
|
tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
|
||||||
|
AssertNotNull(ctx_client = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
|
||||||
|
AssertIntEQ(WOLFSSL_SUCCESS,
|
||||||
|
wolfSSL_CTX_load_verify_locations(ctx_client, caCertFile, 0));
|
||||||
|
AssertIntEQ(WOLFSSL_SUCCESS,
|
||||||
|
wolfSSL_CTX_use_certificate_file(ctx_client, cliCertFile, SSL_FILETYPE_PEM));
|
||||||
|
AssertIntEQ(WOLFSSL_SUCCESS,
|
||||||
|
wolfSSL_CTX_use_PrivateKey_file(ctx_client, cliKeyFile, SSL_FILETYPE_PEM));
|
||||||
|
|
||||||
|
AssertNotNull(ssl_client = wolfSSL_new(ctx_client));
|
||||||
|
AssertIntEQ(wolfSSL_set_fd(ssl_client, sockfd), WOLFSSL_SUCCESS);
|
||||||
|
AssertIntEQ(wolfSSL_connect(ssl_client), WOLFSSL_SUCCESS);
|
||||||
|
|
||||||
|
AssertNotNull(ca_list = SSL_get_client_CA_list(ssl_client));
|
||||||
|
/* We are expecting two cert names to be sent */
|
||||||
|
AssertIntEQ(sk_X509_NAME_num(ca_list), 2);
|
||||||
|
|
||||||
|
AssertNotNull(names = SSL_CTX_get_client_CA_list(ctx));
|
||||||
|
for (i=0; i<sk_X509_NAME_num(ca_list); i++) {
|
||||||
|
AssertNotNull(name = sk_X509_NAME_value(ca_list, i));
|
||||||
|
AssertIntGE(sk_X509_NAME_find(names, name), 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
wolfSSL_shutdown(ssl_client);
|
||||||
|
wolfSSL_free(ssl_client);
|
||||||
|
wolfSSL_CTX_free(ctx_client);
|
||||||
|
|
||||||
|
join_thread(serverThread);
|
||||||
|
FreeTcpReady(&ready);
|
||||||
|
|
||||||
|
printf(resultFmt, passed);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
wolfSSL_free(ssl);
|
||||||
|
wolfSSL_CTX_free(ctx);
|
||||||
#endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT && !NO_BIO */
|
#endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT && !NO_BIO */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -136,6 +136,7 @@ extern int wc_InitRsaHw(RsaKey* key);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
|
#include <wolfssl/internal.h>
|
||||||
#include <wolfssl/openssl/objects.h>
|
#include <wolfssl/openssl/objects.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
@ -6542,9 +6543,18 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx)
|
||||||
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
||||||
!defined(WOLFCRYPT_ONLY)
|
!defined(WOLFCRYPT_ONLY)
|
||||||
if (nameType == ISSUER) {
|
if (nameType == ISSUER) {
|
||||||
|
#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \
|
||||||
|
(defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT))
|
||||||
|
dName->rawLen = min(cert->issuerRawLen, ASN_NAME_MAX);
|
||||||
|
XMEMCPY(dName->raw, cert->issuerRaw, dName->rawLen);
|
||||||
|
#endif
|
||||||
cert->issuerName = dName;
|
cert->issuerName = dName;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
|
||||||
|
dName->rawLen = min(cert->subjectRawLen, ASN_NAME_MAX);
|
||||||
|
XMEMCPY(dName->raw, cert->subjectRaw, dName->rawLen);
|
||||||
|
#endif
|
||||||
cert->subjectName = dName;
|
cert->subjectName = dName;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -9694,7 +9704,9 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* from SSL proper, for locking can't do find here anymore */
|
#if !defined(OPENSSL_EXTRA) && !defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
|
/* from SSL proper, for locking can't do find here anymore.
|
||||||
|
* brought in from internal.h if built with compat layer */
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -9705,6 +9717,7 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(WOLFCRYPT_ONLY) || defined(NO_CERTS)
|
#if defined(WOLFCRYPT_ONLY) || defined(NO_CERTS)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4508,6 +4508,9 @@ struct WOLFSSL {
|
||||||
byte clientFinished[TLS_FINISHED_SZ];
|
byte clientFinished[TLS_FINISHED_SZ];
|
||||||
byte serverFinished[TLS_FINISHED_SZ];
|
byte serverFinished[TLS_FINISHED_SZ];
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY)
|
||||||
|
WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names;
|
||||||
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -4524,6 +4527,9 @@ struct WOLFSSL {
|
||||||
#define SSL_CM(ssl) ssl->ctx->cm
|
#define SSL_CM(ssl) ssl->ctx->cm
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#define SSL_CA_NAMES(ssl) (ssl->ca_names != NULL ? ssl->ca_names : \
|
||||||
|
ssl->ctx->ca_names)
|
||||||
|
|
||||||
WOLFSSL_LOCAL int SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr);
|
WOLFSSL_LOCAL int SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr);
|
||||||
WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int);
|
WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int);
|
||||||
WOLFSSL_LOCAL int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int);
|
WOLFSSL_LOCAL int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int);
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,6 @@
|
||||||
#define WOLFSSL_OBJECTS_H_
|
#define WOLFSSL_OBJECTS_H_
|
||||||
|
|
||||||
#include <wolfssl/wolfcrypt/settings.h>
|
#include <wolfssl/wolfcrypt/settings.h>
|
||||||
//#include <wolfssl/openssl/ssl.h>
|
|
||||||
#ifndef OPENSSL_EXTRA_SSL_GUARD
|
#ifndef OPENSSL_EXTRA_SSL_GUARD
|
||||||
#define OPENSSL_EXTRA_SSL_GUARD
|
#define OPENSSL_EXTRA_SSL_GUARD
|
||||||
#include <wolfssl/ssl.h>
|
#include <wolfssl/ssl.h>
|
||||||
|
|
|
||||||
|
|
@ -835,13 +835,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
||||||
#define SSL_set1_verify_cert_store wolfSSL_set1_verify_cert_store
|
#define SSL_set1_verify_cert_store wolfSSL_set1_verify_cert_store
|
||||||
#define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((WOLFSSL_CTX*) (x))
|
#define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((WOLFSSL_CTX*) (x))
|
||||||
#define SSL_get_client_CA_list wolfSSL_get_client_CA_list
|
#define SSL_get_client_CA_list wolfSSL_get_client_CA_list
|
||||||
|
#define SSL_set_client_CA_list wolfSSL_set_client_CA_list
|
||||||
#define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx
|
#define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx
|
||||||
#define SSL_get_ex_data wolfSSL_get_ex_data
|
#define SSL_get_ex_data wolfSSL_get_ex_data
|
||||||
|
|
||||||
#ifndef WOLFSSL_NO_STUB
|
|
||||||
#define SSL_set_client_CA_list(...)
|
|
||||||
#endif /* WOLFSSL_NO_STUB */
|
|
||||||
|
|
||||||
#define SSL_CTX_set_default_passwd_cb_userdata wolfSSL_CTX_set_default_passwd_cb_userdata
|
#define SSL_CTX_set_default_passwd_cb_userdata wolfSSL_CTX_set_default_passwd_cb_userdata
|
||||||
#define SSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb
|
#define SSL_CTX_set_default_passwd_cb wolfSSL_CTX_set_default_passwd_cb
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -561,7 +561,8 @@ struct WOLFSSL_X509_STORE {
|
||||||
int cache; /* stunnel dereference */
|
int cache; /* stunnel dereference */
|
||||||
WOLFSSL_CERT_MANAGER* cm;
|
WOLFSSL_CERT_MANAGER* cm;
|
||||||
WOLFSSL_X509_LOOKUP lookup;
|
WOLFSSL_X509_LOOKUP lookup;
|
||||||
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
|
||||||
|
defined(WOLFSSL_WPAS_SMALL)
|
||||||
int isDynamic;
|
int isDynamic;
|
||||||
WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
|
WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */
|
||||||
#endif
|
#endif
|
||||||
|
|
@ -574,7 +575,8 @@ struct WOLFSSL_X509_STORE {
|
||||||
#ifdef HAVE_EX_DATA
|
#ifdef HAVE_EX_DATA
|
||||||
WOLFSSL_CRYPTO_EX_DATA ex_data;
|
WOLFSSL_CRYPTO_EX_DATA ex_data;
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_CRL
|
#if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
|
||||||
|
defined(WOLFSSL_WPAS_SMALL)) && defined(HAVE_CRL)
|
||||||
WOLFSSL_X509_CRL *crl; /* points to cm->crl */
|
WOLFSSL_X509_CRL *crl; /* points to cm->crl */
|
||||||
#endif
|
#endif
|
||||||
#ifndef SINGLE_THREADED
|
#ifndef SINGLE_THREADED
|
||||||
|
|
@ -1807,12 +1809,14 @@ WOLFSSL_API void wolfSSL_ASN1_TIME_free(WOLFSSL_ASN1_TIME* t);
|
||||||
|
|
||||||
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*);
|
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*);
|
||||||
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list(
|
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list(
|
||||||
const WOLFSSL_CTX *s);
|
const WOLFSSL_CTX *ctx);
|
||||||
/* deprecated function name */
|
/* deprecated function name */
|
||||||
#define wolfSSL_SSL_CTX_get_client_CA_list wolfSSL_CTX_get_client_CA_list
|
#define wolfSSL_SSL_CTX_get_client_CA_list wolfSSL_CTX_get_client_CA_list
|
||||||
|
|
||||||
WOLFSSL_API void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*,
|
WOLFSSL_API void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*,
|
||||||
WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
|
WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
|
||||||
|
WOLFSSL_API void wolfSSL_set_client_CA_list(WOLFSSL*,
|
||||||
|
WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
|
||||||
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list(
|
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list(
|
||||||
const WOLFSSL* ssl);
|
const WOLFSSL* ssl);
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue