forked from wolfSSL/wolfssl
Added example client/server support for loading certificate and private key into WOLFSSL object using -H loadSSL. Added load_ssl_buffer function to load buffers into WOLFSSL objects. Changed wolfSSL_get_SSL_CTX API to always be exposed. Added TEST_LOAD_BUFFER build option to use the load_buffer and load_ssl_buffer calls for example client/server.
This commit is contained in:
David Garske
@@ -1036,6 +1036,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
#endif
|
#endif
|
||||||
int useX25519 = 0;
|
int useX25519 = 0;
|
||||||
int exitWithRet = 0;
|
int exitWithRet = 0;
|
||||||
|
int loadCertKeyIntoSSLObj = 0;
|
||||||
|
|
||||||
#ifdef HAVE_WNR
|
#ifdef HAVE_WNR
|
||||||
const char* wnrConfigFile = wnrConfig;
|
const char* wnrConfigFile = wnrConfig;
|
||||||
@@ -1094,6 +1095,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
(void)helloRetry;
|
(void)helloRetry;
|
||||||
(void)onlyKeyShare;
|
(void)onlyKeyShare;
|
||||||
(void)useSupCurve;
|
(void)useSupCurve;
|
||||||
|
(void)loadCertKeyIntoSSLObj;
|
||||||
|
|
||||||
StackTrap();
|
StackTrap();
|
||||||
|
|
||||||
@@ -1201,6 +1203,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
|
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
|
||||||
else if (myoptarg[0] == 'e') {
|
else if (myoptarg[0] == 'e') {
|
||||||
version = EITHER_DOWNGRADE_VERSION;
|
version = EITHER_DOWNGRADE_VERSION;
|
||||||
|
loadCertKeyIntoSSLObj = 1;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@@ -1236,6 +1239,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
printf("Test use supported curve\n");
|
printf("Test use supported curve\n");
|
||||||
useSupCurve = 1;
|
useSupCurve = 1;
|
||||||
}
|
}
|
||||||
|
else if (XSTRNCMP(myoptarg, "loadSSL", 7) == 0) {
|
||||||
|
printf("Load cert/key into wolfSSL object\n");
|
||||||
|
loadCertKeyIntoSSLObj = 1;
|
||||||
|
}
|
||||||
else {
|
else {
|
||||||
Usage();
|
Usage();
|
||||||
XEXIT_T(MY_EX_USAGE);
|
XEXIT_T(MY_EX_USAGE);
|
||||||
@@ -1586,6 +1593,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
if (doDTLS) {
|
if (doDTLS) {
|
||||||
if (version == 3)
|
if (version == 3)
|
||||||
version = -2;
|
version = -2;
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
|
||||||
|
else if (version == EITHER_DOWNGRADE_VERSION)
|
||||||
|
version = -3;
|
||||||
|
#endif
|
||||||
else
|
else
|
||||||
version = -1;
|
version = -1;
|
||||||
}
|
}
|
||||||
@@ -1652,6 +1663,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
method = wolfDTLSv1_2_client_method_ex;
|
method = wolfDTLSv1_2_client_method_ex;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
|
||||||
|
case -3:
|
||||||
|
method = wolfDTLSv1_2_method_ex;
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
default:
|
default:
|
||||||
@@ -1826,8 +1842,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef NO_CERTS
|
#ifndef NO_CERTS
|
||||||
if (useClientCert){
|
if (useClientCert && !loadCertKeyIntoSSLObj){
|
||||||
#ifndef NO_FILESYSTEM
|
#ifndef TEST_LOAD_BUFFER
|
||||||
if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert)
|
if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert)
|
||||||
!= WOLFSSL_SUCCESS) {
|
!= WOLFSSL_SUCCESS) {
|
||||||
wolfSSL_CTX_free(ctx); ctx = NULL;
|
wolfSSL_CTX_free(ctx); ctx = NULL;
|
||||||
@@ -1837,14 +1853,17 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
#else
|
#else
|
||||||
load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN);
|
load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN);
|
||||||
#endif
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef HAVE_PK_CALLBACKS
|
#ifdef HAVE_PK_CALLBACKS
|
||||||
pkCbInfo.ourKey = ourKey;
|
pkCbInfo.ourKey = ourKey;
|
||||||
#ifdef TEST_PK_PRIVKEY
|
|
||||||
if (!pkCallbacks)
|
|
||||||
#endif
|
|
||||||
#endif
|
#endif
|
||||||
#ifndef NO_FILESYSTEM
|
if (!loadCertKeyIntoSSLObj
|
||||||
|
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
|
||||||
|
&& !pkCallbacks
|
||||||
|
#endif
|
||||||
|
) {
|
||||||
|
#ifndef TEST_LOAD_BUFFER
|
||||||
if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM)
|
if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM)
|
||||||
!= WOLFSSL_SUCCESS) {
|
!= WOLFSSL_SUCCESS) {
|
||||||
wolfSSL_CTX_free(ctx); ctx = NULL;
|
wolfSSL_CTX_free(ctx); ctx = NULL;
|
||||||
@@ -1857,7 +1876,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!usePsk && !useAnon && (!useVerifyCb || myVerifyFail)) {
|
if (!usePsk && !useAnon && (!useVerifyCb || myVerifyFail)) {
|
||||||
#if !defined(NO_FILESYSTEM)
|
#ifndef TEST_LOAD_BUFFER
|
||||||
if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert, 0)
|
if (wolfSSL_CTX_load_verify_locations(ctx, verifyCert, 0)
|
||||||
!= WOLFSSL_SUCCESS) {
|
!= WOLFSSL_SUCCESS) {
|
||||||
wolfSSL_CTX_free(ctx); ctx = NULL;
|
wolfSSL_CTX_free(ctx); ctx = NULL;
|
||||||
@@ -1866,9 +1885,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
#else
|
#else
|
||||||
load_buffer(ctx, verifyCert, WOLFSSL_CA);
|
load_buffer(ctx, verifyCert, WOLFSSL_CA);
|
||||||
#endif /* !NO_FILESYSTEM */
|
#endif /* !NO_FILESYSTEM */
|
||||||
|
|
||||||
#ifdef HAVE_ECC
|
#ifdef HAVE_ECC
|
||||||
/* load ecc verify too, echoserver uses it by default w/ ecc */
|
/* load ecc verify too, echoserver uses it by default w/ ecc */
|
||||||
#ifndef NO_FILESYSTEM
|
#ifndef TEST_LOAD_BUFFER
|
||||||
if (wolfSSL_CTX_load_verify_locations(ctx, eccCertFile, 0)
|
if (wolfSSL_CTX_load_verify_locations(ctx, eccCertFile, 0)
|
||||||
!= WOLFSSL_SUCCESS) {
|
!= WOLFSSL_SUCCESS) {
|
||||||
wolfSSL_CTX_free(ctx); ctx = NULL;
|
wolfSSL_CTX_free(ctx); ctx = NULL;
|
||||||
@@ -1876,7 +1896,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
load_buffer(ctx, eccCertFile, WOLFSSL_CA);
|
load_buffer(ctx, eccCertFile, WOLFSSL_CA);
|
||||||
#endif /* !NO_FILESYSTEM */
|
#endif /* !TEST_LOAD_BUFFER */
|
||||||
#endif /* HAVE_ECC */
|
#endif /* HAVE_ECC */
|
||||||
#if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM)
|
#if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM)
|
||||||
if (trustCert) {
|
if (trustCert) {
|
||||||
@@ -2039,19 +2059,52 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
err_sys("unable to get SSL object");
|
err_sys("unable to get SSL object");
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
|
||||||
wolfSSL_KeepArrays(ssl);
|
#ifndef NO_CERTS
|
||||||
|
if (useClientCert && loadCertKeyIntoSSLObj){
|
||||||
|
#ifndef TEST_LOAD_BUFFER
|
||||||
|
if (wolfSSL_use_certificate_chain_file(ssl, ourCert)
|
||||||
|
!= WOLFSSL_SUCCESS) {
|
||||||
|
wolfSSL_CTX_free(ctx); ctx = NULL;
|
||||||
|
err_sys("can't load client cert file, check file and run from"
|
||||||
|
" wolfSSL home dir");
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
load_ssl_buffer(ssl, ourCert, WOLFSSL_CERT_CHAIN);
|
||||||
#endif
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
if (loadCertKeyIntoSSLObj
|
||||||
|
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
|
||||||
|
&& !pkCallbacks
|
||||||
|
#endif
|
||||||
|
) {
|
||||||
|
#ifndef TEST_LOAD_BUFFER
|
||||||
|
if (wolfSSL_use_PrivateKey_file(ssl, ourKey, WOLFSSL_FILETYPE_PEM)
|
||||||
|
!= WOLFSSL_SUCCESS) {
|
||||||
|
wolfSSL_CTX_free(ctx); ctx = NULL;
|
||||||
|
err_sys("can't load client private key file, check file and run "
|
||||||
|
"from wolfSSL home dir");
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
load_ssl_buffer(ssl, ourKey, WOLFSSL_KEY);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
#endif /* !NO_CERTS */
|
||||||
|
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
wolfSSL_KeepArrays(ssl);
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
|
#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL)
|
||||||
fprintf(stderr, "After creating SSL\n");
|
fprintf(stderr, "After creating SSL\n");
|
||||||
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
|
if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1)
|
||||||
err_sys("ctx not using static memory");
|
err_sys("ctx not using static memory");
|
||||||
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
|
if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */
|
||||||
err_sys("error printing out memory stats");
|
err_sys("error printing out memory stats");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WOLFSSL_TLS13
|
#ifdef WOLFSSL_TLS13
|
||||||
if (!helloRetry) {
|
if (!helloRetry) {
|
||||||
if (onlyKeyShare == 0 || onlyKeyShare == 2) {
|
if (onlyKeyShare == 0 || onlyKeyShare == 2) {
|
||||||
#ifdef HAVE_CURVE25519
|
#ifdef HAVE_CURVE25519
|
||||||
@@ -2083,7 +2136,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
else {
|
else {
|
||||||
wolfSSL_NoKeyShares(ssl);
|
wolfSSL_NoKeyShares(ssl);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (doMcast) {
|
if (doMcast) {
|
||||||
#ifdef WOLFSSL_MULTICAST
|
#ifdef WOLFSSL_MULTICAST
|
||||||
|
|||||||
@@ -572,6 +572,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||||||
#endif
|
#endif
|
||||||
int useX25519 = 0;
|
int useX25519 = 0;
|
||||||
int exitWithRet = 0;
|
int exitWithRet = 0;
|
||||||
|
int loadCertKeyIntoSSLObj = 0;
|
||||||
|
|
||||||
((func_args*)args)->return_code = -1; /* error state */
|
((func_args*)args)->return_code = -1; /* error state */
|
||||||
|
|
||||||
@@ -605,6 +606,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||||||
(void)postHandAuth;
|
(void)postHandAuth;
|
||||||
(void)mcastID;
|
(void)mcastID;
|
||||||
(void)useX25519;
|
(void)useX25519;
|
||||||
|
(void)loadCertKeyIntoSSLObj;
|
||||||
|
|
||||||
#ifdef WOLFSSL_TIRTOS
|
#ifdef WOLFSSL_TIRTOS
|
||||||
fdOpenSession(Task_self());
|
fdOpenSession(Task_self());
|
||||||
@@ -701,6 +703,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
|
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
|
||||||
else if (myoptarg[0] == 'e') {
|
else if (myoptarg[0] == 'e') {
|
||||||
version = EITHER_DOWNGRADE_VERSION;
|
version = EITHER_DOWNGRADE_VERSION;
|
||||||
|
loadCertKeyIntoSSLObj = 1;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@@ -728,6 +731,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||||||
printf("Verify should fail\n");
|
printf("Verify should fail\n");
|
||||||
myVerifyFail = 1;
|
myVerifyFail = 1;
|
||||||
}
|
}
|
||||||
|
else if (XSTRNCMP(myoptarg, "loadSSL", 7) == 0) {
|
||||||
|
printf("Load cert/key into wolfSSL object\n");
|
||||||
|
loadCertKeyIntoSSLObj = 1;
|
||||||
|
}
|
||||||
else {
|
else {
|
||||||
Usage();
|
Usage();
|
||||||
XEXIT_T(MY_EX_USAGE);
|
XEXIT_T(MY_EX_USAGE);
|
||||||
@@ -950,6 +957,10 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||||||
if (doDTLS) {
|
if (doDTLS) {
|
||||||
if (version == 3)
|
if (version == 3)
|
||||||
version = -2;
|
version = -2;
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
|
||||||
|
else if (version == EITHER_DOWNGRADE_VERSION)
|
||||||
|
version = -3;
|
||||||
|
#endif
|
||||||
else
|
else
|
||||||
version = -1;
|
version = -1;
|
||||||
}
|
}
|
||||||
@@ -1016,6 +1027,11 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||||||
method = wolfDTLSv1_2_server_method_ex;
|
method = wolfDTLSv1_2_server_method_ex;
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
|
||||||
|
case -3:
|
||||||
|
method = wolfDTLSv1_2_method_ex;
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
default:
|
default:
|
||||||
@@ -1090,8 +1106,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if !defined(NO_CERTS)
|
#if !defined(NO_CERTS)
|
||||||
if ((!usePsk || usePskPlus) && !useAnon) {
|
if ((!usePsk || usePskPlus) && !useAnon && !loadCertKeyIntoSSLObj) {
|
||||||
#if !defined(NO_FILESYSTEM)
|
#ifndef TEST_LOAD_BUFFER
|
||||||
if (SSL_CTX_use_certificate_chain_file(ctx, ourCert)
|
if (SSL_CTX_use_certificate_chain_file(ctx, ourCert)
|
||||||
!= WOLFSSL_SUCCESS)
|
!= WOLFSSL_SUCCESS)
|
||||||
err_sys_ex(runWithErrors, "can't load server cert file, check file and run from"
|
err_sys_ex(runWithErrors, "can't load server cert file, check file and run from"
|
||||||
@@ -1128,14 +1144,15 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#if !defined(NO_CERTS)
|
#if !defined(NO_CERTS)
|
||||||
#ifdef HAVE_PK_CALLBACKS
|
#ifdef HAVE_PK_CALLBACKS
|
||||||
pkCbInfo.ourKey = ourKey;
|
pkCbInfo.ourKey = ourKey;
|
||||||
#ifdef TEST_PK_PRIVKEY
|
|
||||||
if (!pkCallbacks)
|
|
||||||
#endif
|
#endif
|
||||||
#endif
|
if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon && !loadCertKeyIntoSSLObj
|
||||||
if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon) {
|
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
|
||||||
#if !defined(NO_FILESYSTEM)
|
&& !pkCallbacks
|
||||||
|
#endif /* HAVE_PK_CALLBACKS && TEST_PK_PRIVKEY */
|
||||||
|
) {
|
||||||
|
#ifndef TEST_LOAD_BUFFER
|
||||||
if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM)
|
if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM)
|
||||||
!= WOLFSSL_SUCCESS)
|
!= WOLFSSL_SUCCESS)
|
||||||
err_sys_ex(runWithErrors, "can't load server private key file, check file and run "
|
err_sys_ex(runWithErrors, "can't load server private key file, check file and run "
|
||||||
@@ -1294,6 +1311,37 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
|
|||||||
wolfSSL_KeepArrays(ssl);
|
wolfSSL_KeepArrays(ssl);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* Support for loading private key and cert using WOLFSSL object */
|
||||||
|
#if !defined(NO_CERTS)
|
||||||
|
if ((!usePsk || usePskPlus) && !useAnon && loadCertKeyIntoSSLObj) {
|
||||||
|
#ifndef TEST_LOAD_BUFFER
|
||||||
|
if (SSL_use_certificate_chain_file(ssl, ourCert)
|
||||||
|
!= WOLFSSL_SUCCESS)
|
||||||
|
err_sys_ex(runWithErrors, "can't load server cert file, check file and run from"
|
||||||
|
" wolfSSL home dir");
|
||||||
|
#else
|
||||||
|
/* loads cert chain file using buffer API */
|
||||||
|
load_ssl_buffer(ssl, ourCert, WOLFSSL_CERT_CHAIN);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!useNtruKey && (!usePsk || usePskPlus) && !useAnon && loadCertKeyIntoSSLObj
|
||||||
|
#if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY)
|
||||||
|
&& !pkCallbacks
|
||||||
|
#endif /* HAVE_PK_CALLBACKS && TEST_PK_PRIVKEY */
|
||||||
|
) {
|
||||||
|
#ifndef TEST_LOAD_BUFFER
|
||||||
|
if (SSL_use_PrivateKey_file(ssl, ourKey, WOLFSSL_FILETYPE_PEM)
|
||||||
|
!= WOLFSSL_SUCCESS)
|
||||||
|
err_sys_ex(runWithErrors, "can't load server private key file, check file and run "
|
||||||
|
"from wolfSSL home dir");
|
||||||
|
#else
|
||||||
|
/* loads private key file using buffer API */
|
||||||
|
load_ssl_buffer(ssl, ourKey, WOLFSSL_KEY);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
#endif /* !NO_CERTS */
|
||||||
|
|
||||||
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
#ifdef WOLFSSL_SEND_HRR_COOKIE
|
||||||
if (hrrCookie && wolfSSL_send_hrr_cookie(ssl, NULL, 0) != WOLFSSL_SUCCESS) {
|
if (hrrCookie && wolfSSL_send_hrr_cookie(ssl, NULL, 0) != WOLFSSL_SUCCESS) {
|
||||||
err_sys("unable to set use of cookie with HRR msg");
|
err_sys("unable to set use of cookie with HRR msg");
|
||||||
|
|||||||
@@ -32626,12 +32626,13 @@ unsigned long wolfSSL_ERR_peek_last_error(void)
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#endif /* OPENSSL_EXTRA */
|
||||||
|
|
||||||
WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl)
|
WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl)
|
||||||
{
|
{
|
||||||
WOLFSSL_ENTER("wolfSSL_get_SSL_CTX");
|
WOLFSSL_ENTER("wolfSSL_get_SSL_CTX");
|
||||||
return ssl->ctx;
|
return ssl->ctx;
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_EXTRA */
|
|
||||||
|
|
||||||
#if defined(OPENSSL_ALL) || \
|
#if defined(OPENSSL_ALL) || \
|
||||||
(defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
|
(defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
|
||||||
|
|||||||
@@ -569,6 +569,7 @@ WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int);
|
|||||||
|
|
||||||
WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*);
|
WOLFSSL_API WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*);
|
||||||
WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
|
WOLFSSL_API WOLFSSL* wolfSSL_new(WOLFSSL_CTX*);
|
||||||
|
WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl);
|
||||||
WOLFSSL_API int wolfSSL_is_server(WOLFSSL*);
|
WOLFSSL_API int wolfSSL_is_server(WOLFSSL*);
|
||||||
WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*);
|
WOLFSSL_API WOLFSSL* wolfSSL_write_dup(WOLFSSL*);
|
||||||
WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int);
|
WOLFSSL_API int wolfSSL_set_fd (WOLFSSL*, int);
|
||||||
@@ -2776,8 +2777,6 @@ WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(
|
|||||||
|
|
||||||
WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*);
|
WOLFSSL_API int wolfSSL_CTX_add_session(WOLFSSL_CTX*, WOLFSSL_SESSION*);
|
||||||
|
|
||||||
WOLFSSL_API WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl);
|
|
||||||
|
|
||||||
WOLFSSL_API int wolfSSL_version(WOLFSSL*);
|
WOLFSSL_API int wolfSSL_version(WOLFSSL*);
|
||||||
|
|
||||||
WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*);
|
WOLFSSL_API int wolfSSL_get_state(const WOLFSSL*);
|
||||||
|
|||||||
@@ -1421,6 +1421,48 @@ static WC_INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response)
|
|||||||
free(buff);
|
free(buff);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static WC_INLINE void load_ssl_buffer(WOLFSSL* ssl, const char* fname, int type)
|
||||||
|
{
|
||||||
|
int format = WOLFSSL_FILETYPE_PEM;
|
||||||
|
byte* buff = NULL;
|
||||||
|
size_t sz = 0;
|
||||||
|
|
||||||
|
if (load_file(fname, &buff, &sz) != 0) {
|
||||||
|
err_sys("can't open file for buffer load "
|
||||||
|
"Please run from wolfSSL home directory if not");
|
||||||
|
}
|
||||||
|
|
||||||
|
/* determine format */
|
||||||
|
if (strstr(fname, ".der"))
|
||||||
|
format = WOLFSSL_FILETYPE_ASN1;
|
||||||
|
|
||||||
|
if (type == WOLFSSL_CA) {
|
||||||
|
/* verify certs (CA's) use the shared ctx->cm (WOLFSSL_CERT_MANAGER) */
|
||||||
|
WOLFSSL_CTX* ctx = wolfSSL_get_SSL_CTX(ssl);
|
||||||
|
if (wolfSSL_CTX_load_verify_buffer(ctx, buff, (long)sz, format)
|
||||||
|
!= WOLFSSL_SUCCESS)
|
||||||
|
err_sys("can't load buffer ca file");
|
||||||
|
}
|
||||||
|
else if (type == WOLFSSL_CERT) {
|
||||||
|
if (wolfSSL_use_certificate_buffer(ssl, buff, (long)sz,
|
||||||
|
format) != WOLFSSL_SUCCESS)
|
||||||
|
err_sys("can't load buffer cert file");
|
||||||
|
}
|
||||||
|
else if (type == WOLFSSL_KEY) {
|
||||||
|
if (wolfSSL_use_PrivateKey_buffer(ssl, buff, (long)sz,
|
||||||
|
format) != WOLFSSL_SUCCESS)
|
||||||
|
err_sys("can't load buffer key file");
|
||||||
|
}
|
||||||
|
else if (type == WOLFSSL_CERT_CHAIN) {
|
||||||
|
if (wolfSSL_use_certificate_chain_buffer_format(ssl, buff,
|
||||||
|
(long)sz, format) != WOLFSSL_SUCCESS)
|
||||||
|
err_sys("can't load cert chain buffer");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (buff)
|
||||||
|
free(buff);
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef TEST_PK_PRIVKEY
|
#ifdef TEST_PK_PRIVKEY
|
||||||
static WC_INLINE int load_key_file(const char* fname, byte** derBuf, word32* derLen)
|
static WC_INLINE int load_key_file(const char* fname, byte** derBuf, word32* derLen)
|
||||||
{
|
{
|
||||||
|
|||||||
Reference in New Issue
Block a user