diff --git a/src/crl.c b/src/crl.c index 532282a2f..e632dbf10 100755 --- a/src/crl.c +++ b/src/crl.c @@ -349,7 +349,10 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert) if (crl->crlIOCb) { ret = crl->crlIOCb(crl, (const char*)cert->extCrlInfo, cert->extCrlInfoSz); - if (ret >= 0) { + if (ret == WOLFSSL_CBIO_ERR_WANT_READ) { + ret = WANT_READ; + } + else if (ret >= 0) { /* try again */ ret = CheckCertCRLList(crl, cert, &foundEntry); } diff --git a/src/internal.c b/src/internal.c index a634f9210..eab408824 100755 --- a/src/internal.c +++ b/src/internal.c @@ -7692,6 +7692,12 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz WOLFSSL_MSG("Doing Non Leaf OCSP check"); ret = CheckCertOCSP(ssl->ctx->cm->ocsp, args->dCert, NULL); + #ifdef WOLFSSL_ASYNC_CRYPT + /* non-blocking socket re-entry requires async */ + if (ret == WANT_READ) { + goto exit_ppc; + } + #endif doCrlLookup = (ret == OCSP_CERT_UNKNOWN); if (ret != 0) { doCrlLookup = 0; @@ -7706,6 +7712,12 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz ssl->ctx->cm->crlCheckAll) { WOLFSSL_MSG("Doing Non Leaf CRL check"); ret = CheckCertCRL(ssl->ctx->cm->crl, args->dCert); + #ifdef WOLFSSL_ASYNC_CRYPT + /* non-blocking socket re-entry requires async */ + if (ret == WANT_READ) { + goto exit_ppc; + } + #endif if (ret != 0) { WOLFSSL_MSG("\tCRL check not ok"); } @@ -7845,8 +7857,14 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz #ifdef HAVE_OCSP if (doLookup && ssl->ctx->cm->ocspEnabled) { WOLFSSL_MSG("Doing Leaf OCSP check"); - ret = CheckCertOCSP(ssl->ctx->cm->ocsp, - args->dCert, NULL); + ret = CheckCertOCSP(ssl->ctx->cm->ocsp, args->dCert, + NULL); + #ifdef WOLFSSL_ASYNC_CRYPT + /* non-blocking socket re-entry requires async */ + if (ret == WANT_READ) { + goto exit_ppc; + } + #endif doLookup = (ret == OCSP_CERT_UNKNOWN); if (ret != 0) { WOLFSSL_MSG("\tOCSP Lookup not ok"); @@ -7862,6 +7880,12 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz if (doLookup && ssl->ctx->cm->crlEnabled) { WOLFSSL_MSG("Doing Leaf CRL check"); ret = CheckCertCRL(ssl->ctx->cm->crl, args->dCert); + #ifdef WOLFSSL_ASYNC_CRYPT + /* non-blocking socket re-entry requires async */ + if (ret == WANT_READ) { + goto exit_ppc; + } + #endif if (ret != 0) { WOLFSSL_MSG("\tCRL check not ok"); args->fatal = 0; @@ -8268,8 +8292,7 @@ exit_ppc: WOLFSSL_LEAVE("ProcessPeerCerts", ret); #ifdef WOLFSSL_ASYNC_CRYPT - /* Handle WC_PENDING_E */ - if (ret == WC_PENDING_E) { + if (ret == WC_PENDING_E || ret == WANT_READ) { /* Mark message as not recevied so it can process again */ ssl->msgsReceived.got_certificate = 0; diff --git a/src/io.c b/src/io.c index 8b9a9b960..7dc7c6584 100644 --- a/src/io.c +++ b/src/io.c @@ -1168,7 +1168,7 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz, httpBuf, httpBufSz); ret = wolfIO_TcpConnect(&sfd, domainName, port, io_timeout_sec); - if ((ret != 0) || (sfd <= 0)) { + if ((ret != 0) || (sfd < 0)) { WOLFSSL_MSG("OCSP Responder connection failed"); } else if (wolfIO_Send(sfd, (char*)httpBuf, httpBufSz, 0) != @@ -1267,7 +1267,7 @@ int EmbedCrlLookup(WOLFSSL_CRL* crl, const char* url, int urlSz) httpBuf, httpBufSz); ret = wolfIO_TcpConnect(&sfd, domainName, port, io_timeout_sec); - if ((ret != 0) || (sfd <= 0)) { + if ((ret != 0) || (sfd < 0)) { WOLFSSL_MSG("CRL connection failed"); } else if (wolfIO_Send(sfd, (char*)httpBuf, httpBufSz, 0) diff --git a/src/ocsp.c b/src/ocsp.c index ae45322ed..4554b24b0 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -445,6 +445,9 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, responseSz = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz, request, requestSz, &response); } + if (responseSz == WOLFSSL_CBIO_ERR_WANT_READ) { + ret = WANT_READ; + } XFREE(request, ocsp->cm->heap, DYNAMIC_TYPE_OCSP);