diff --git a/certs/include.am b/certs/include.am index eedd53aa2..b7fad51e5 100644 --- a/certs/include.am +++ b/certs/include.am @@ -31,7 +31,8 @@ EXTRA_DIST += \ certs/server-revoked-cert.pem \ certs/server-revoked-key.pem \ certs/wolfssl-website-ca.pem \ - certs/test-servercert.p12 + certs/test-servercert.p12 \ + certs/dsaparams.pem EXTRA_DIST += \ certs/ca-key.der \ certs/ca-cert.der \ diff --git a/src/bio.c b/src/bio.c index 988cd9e82..5210f40ce 100644 --- a/src/bio.c +++ b/src/bio.c @@ -39,13 +39,17 @@ WOLFSSL_API long wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b) return 0; } -/*** TBD ***/ -WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *b, void *m) + +long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) { - (void) b; - (void) m; WOLFSSL_ENTER("BIO_get_mem_ptr"); - return 0; + + if (bio == NULL || ptr == NULL) { + return SSL_FAILURE; + } + + *ptr = (WOLFSSL_BUF_MEM*)(bio->mem); + return SSL_SUCCESS; } /*** TBD ***/ @@ -59,13 +63,6 @@ WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int i return 0; } -/*** TBD ***/ -WOLFSSL_API const WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void) -{ - WOLFSSL_ENTER("BIO_s_socket"); - return NULL; -} - /*** TBD ***/ WOLFSSL_API long wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *b, long size) { diff --git a/src/internal.c b/src/internal.c index b38e6c48c..287e683ff 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6462,8 +6462,12 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, while (listSz) { word32 certSz; - if (totalCerts >= MAX_CHAIN_DEPTH) + if (totalCerts >= MAX_CHAIN_DEPTH) { + #ifdef OPENSSL_EXTRA + ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG; + #endif return MAX_CHAIN_ERROR; + } if ((*inOutIdx - begin) + OPAQUE24_LEN > size) return BUFFER_ERROR; @@ -6684,6 +6688,9 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ret == 0) { WOLFSSL_MSG("Verified Peer's cert"); + #ifdef OPENSSL_EXTRA + ssl->peerVerifyRet = X509_V_OK; + #endif fatal = 0; } else if (ret == ASN_PARSE_E) { @@ -6821,6 +6828,9 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, XFREE(dCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif ssl->error = ret; + #ifdef OPENSSL_EXTRA + ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED; + #endif return ret; } ssl->options.havePeerCert = 1; diff --git a/src/ssl.c b/src/ssl.c index 139b4cb54..8d9b77c3d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -9945,6 +9945,17 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } + const WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void) + { + static WOLFSSL_BIO_METHOD meth; + + WOLFSSL_ENTER("BIO_s_socket"); + meth.type = BIO_SOCKET; + + return &meth; + } + + WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int closeF) { WOLFSSL_BIO* bio = (WOLFSSL_BIO*) XMALLOC(sizeof(WOLFSSL_BIO), 0, @@ -13711,13 +13722,18 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag) { + int ret = SSL_SUCCESS; - WOLFSSL_STUB("wolfSSL_X509_STORE_set_flags"); + WOLFSSL_ENTER("wolfSSL_X509_STORE_set_flags"); + + if ((flag & WOLFSSL_CRL_CHECKALL) || (flag & WOLFSSL_CRL_CHECK)) { + ret = wolfSSL_CertManagerEnableCRL(store->cm, (int)flag); + } (void)store; (void)flag; - return 1; + return ret; } @@ -14217,13 +14233,13 @@ WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char * return 0; } -/*** TBD ***/ -WOLFSSL_API unsigned long wolfSSL_get_verify_result(const WOLFSSL *ssl) + +unsigned long wolfSSL_get_verify_result(const WOLFSSL *ssl) { - (void)ssl; - return 0; + return ssl->peerVerifyRet; } + long wolfSSL_CTX_sess_accept(WOLFSSL_CTX* ctx) { (void)ctx; @@ -14934,16 +14950,28 @@ int wolfSSL_BN_mod(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a, return 0; } -/*** TBFD ***/ -WOLFSSL_API int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, + +/* r = (a^p) % m */ +int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx) { - (void) r; - (void) a; - (void) p; - (void) m; + int ret; + + WOLFSSL_ENTER("wolfSSL_BN_mod_exp"); + (void) ctx; - return 0; + if (r == NULL || a == NULL || p == NULL || m == NULL) { + WOLFSSL_MSG("Bad Argument"); + return SSL_FAILURE; + } + + if ((ret = mp_exptmod((mp_int*)a->internal,(mp_int*)p->internal, + (mp_int*)m->internal, (mp_int*)r->internal)) == MP_OKAY) { + return SSL_SUCCESS; + } + + WOLFSSL_LEAVE("wolfSSL_BN_mod_exp", ret); + return SSL_FAILURE; } const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void) @@ -19795,9 +19823,9 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) } #ifdef HAVE_ECC - const char * wolf_OBJ_nid2sn(int n) { + const char * wolfSSL_OBJ_nid2sn(int n) { int i; - WOLFSSL_ENTER("wolf_OBJ_nid2sn"); + WOLFSSL_ENTER("wolfSSL_OBJ_nid2sn"); /* find based on NID and return name */ for (i = 0; i < ecc_sets[i].size; i++) { @@ -19808,17 +19836,17 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) return NULL; } - int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) { + int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) { (void)o; - WOLFSSL_ENTER("wolf_OBJ_obj2nid"); - WOLFSSL_STUB("wolf_OBJ_obj2nid"); + WOLFSSL_ENTER("wolfSSL_OBJ_obj2nid"); + WOLFSSL_STUB("wolfSSL_OBJ_obj2nid"); return 0; } - int wolf_OBJ_sn2nid(const char *sn) { + int wolfSSL_OBJ_sn2nid(const char *sn) { int i; - WOLFSSL_ENTER("wolf_OBJ_osn2nid"); + WOLFSSL_ENTER("wolfSSL_OBJ_osn2nid"); /* find based on name and return NID */ for (i = 0; i < ecc_sets[i].size; i++) { @@ -19831,25 +19859,25 @@ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) #endif /* HAVE_ECC */ - WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { + WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { (void)bp; (void)x; (void)cb; (void)u; - WOLFSSL_ENTER("PEM_read_bio_WOLFSSL_X509"); - WOLFSSL_STUB("PEM_read_bio_WOLFSSL_X509"); + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509"); + WOLFSSL_STUB("wolfSSL_PEM_read_bio_X509"); return NULL; } /*** TBD ***/ - WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { + WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { (void)bp; (void)x; (void)cb; (void)u; - WOLFSSL_ENTER("PEM_read_bio_WOLFSSL_X509"); - WOLFSSL_STUB("PEM_read_bio_WOLFSSL_X509"); + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509"); + WOLFSSL_STUB("wolfSSL_PEM_read_bio_X509"); return NULL; } @@ -19974,7 +20002,7 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line) } return wc_last_error; #else - return NOT_COMPILED_IN; + return (unsigned long)(0 - NOT_COMPILED_IN); #endif } diff --git a/tests/api.c b/tests/api.c index bfa9c9f41..de22ba030 100644 --- a/tests/api.c +++ b/tests/api.c @@ -48,6 +48,7 @@ #include #include #include + #include #include #ifndef NO_DES3 #include @@ -2414,7 +2415,7 @@ static void test_wolfSSL_certs(void) /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); wolfSSL_sk_ASN1_OBJECT_free(sk); - + /* test invalid cases */ crit = 0; sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, -1, &crit, NULL); @@ -2576,13 +2577,26 @@ static void test_wolfSSL_tmp_dh(void) static void test_wolfSSL_ctrl(void) { #if defined(OPENSSL_EXTRA) + byte buffer[5300]; + BIO* bio; + int bytes; + BUF_MEM* ptr = NULL; + printf(testingFmt, "wolfSSL_crtl()"); + bytes = sizeof(buffer); + bio = BIO_new_mem_buf((void*)buffer, bytes); + AssertNotNull(bio); + AssertNotNull(BIO_s_socket()); + + AssertIntEQ((int)wolfSSL_BIO_get_mem_ptr(bio, &ptr), SSL_SUCCESS); + /* needs tested after stubs filled out @TODO SSL_ctrl SSL_CTX_ctrl */ + BIO_free(bio); printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) */ } @@ -2657,7 +2671,7 @@ static void test_wolfSSL_ERR_peek_last_error_line(void) FreeTcpReady(&ready); /* check that error code was stored */ - AssertIntNE(wolfSSL_ERR_peek_last_error_line(NULL, NULL), 0); + AssertIntNE((int)wolfSSL_ERR_peek_last_error_line(NULL, NULL), 0); wolfSSL_ERR_peek_last_error_line(NULL, &line); AssertIntNE(line, 0); wolfSSL_ERR_peek_last_error_line(&file, NULL); @@ -2669,7 +2683,81 @@ static void test_wolfSSL_ERR_peek_last_error_line(void) printf(resultFmt, passed); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + !defined(NO_FILESYSTEM) && !defined(DEBUG_WOLFSSL) */ +} + + +static void test_wolfSSL_X509_STORE_set_flags(void) +{ + #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) + + X509_STORE* store; + X509* x509; + + printf(testingFmt, "wolfSSL_ERR_peek_last_error_line()"); + AssertNotNull((store = wolfSSL_X509_STORE_new())); + AssertNotNull((x509 = + wolfSSL_X509_load_certificate_file(svrCert, SSL_FILETYPE_PEM))); + AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS); + +#ifdef HAVE_CRL + AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), SSL_SUCCESS); +#else + AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), + NOT_COMPILED_IN); +#endif + + wolfSSL_X509_free(x509); + wolfSSL_X509_STORE_free(store); + + printf(resultFmt, passed); + #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) */ +} + + +static void test_wolfSSL_BN(void) +{ + #if defined(OPENSSL_EXTRA) + BIGNUM* a; + BIGNUM* b; + BIGNUM* c; + BIGNUM* d; + unsigned char value[1]; + + printf(testingFmt, "wolfSSL_BN()"); + + AssertNotNull(a = BN_new()); + AssertNotNull(b = BN_new()); + AssertNotNull(c = BN_new()); + AssertNotNull(d = BN_new()); + + value[0] = 0x03; + AssertNotNull(BN_bin2bn(value, sizeof(value), a)); + + value[0] = 0x02; + AssertNotNull(BN_bin2bn(value, sizeof(value), b)); + + value[0] = 0x05; + AssertNotNull(BN_bin2bn(value, sizeof(value), c)); + + /* a^b mod c = */ + AssertIntEQ(BN_mod_exp(d, NULL, b, c, NULL), SSL_FAILURE); + AssertIntEQ(BN_mod_exp(d, a, b, c, NULL), SSL_SUCCESS); + + /* check result 3^2 mod 5 */ + value[0] = 0; + AssertIntEQ(BN_bn2bin(d, value), SSL_SUCCESS); + AssertIntEQ((int)(value[0] & 0x04), 4); + + BN_free(a); + BN_free(b); + BN_free(c); + BN_clear_free(d); + + printf(resultFmt, passed); + #endif /* defined(OPENSSL_EXTRA) */ } /*----------------------------------------------------------------------------* @@ -2725,6 +2813,8 @@ void ApiTest(void) test_wolfSSL_ctrl(); test_wolfSSL_CTX_add_extra_chain_cert(); test_wolfSSL_ERR_peek_last_error_line(); + test_wolfSSL_X509_STORE_set_flags(); + test_wolfSSL_BN(); AssertIntEQ(test_wolfSSL_Cleanup(), SSL_SUCCESS); printf(" End API Tests\n"); diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 2c7e5be04..9307413b5 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -217,7 +217,6 @@ void WOLFSSL_ERROR(int error) { if (loggingEnabled) { char buffer[80]; - sprintf(buffer, "wolfSSL error occurred, error = %d", error); #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) (void)usrCtx; /* a user ctx for future flexibility */ (void)func; @@ -228,7 +227,10 @@ void WOLFSSL_ERROR(int error) if (XSTRLEN(file) < sizeof(file)) { XSTRNCPY((char*)wc_last_error_file, file, XSTRLEN(file)); } - sprintf(buffer, "%s line:%d file:%s", buffer, line, file); + sprintf(buffer, "wolfSSL error occurred, error = %d line:%d file:%s", + error, line, file); + #else + sprintf(buffer, "wolfSSL error occurred, error = %d", error); #endif wolfssl_log(ERROR_LOG , buffer); } diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 8f7b4c02a..9c35e020c 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2750,6 +2750,7 @@ struct WOLFSSL { #ifdef OPENSSL_EXTRA WOLFSSL_BIO* biord; /* socket bio read to free/close */ WOLFSSL_BIO* biowr; /* socket bio write to free/close */ + unsigned long peerVerifyRet; #ifdef HAVE_PK_CALLBACKS void* loggingCtx; /* logging callback argument */ #endif diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index a8ecfebc6..41da77db8 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -80,6 +80,7 @@ typedef WOLFSSL_ASN1_INTEGER ASN1_INTEGER; typedef WOLFSSL_ASN1_OBJECT ASN1_OBJECT; typedef WOLFSSL_ASN1_STRING ASN1_STRING; typedef WOLFSSL_dynlock_value CRYPTO_dynlock_value; +typedef WOLFSSL_BUF_MEM BUF_MEM; /* GENERAL_NAME and BASIC_CONSTRAINTS structs may need implemented as * compatibility layer expands. For now treating them as an ASN1_OBJECT */ @@ -109,7 +110,7 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define ERR_print_errors_fp(file) wolfSSL_print_all_errors_fp((file)) /* at the moment only returns ok */ -#define SSL_get_verify_result(ctx) X509_V_OK +#define SSL_get_verify_result wolfSSL_get_verify_result #define SSL_get_verify_mode wolfSSL_SSL_get_mode #define SSL_get_verify_depth wolfSSL_get_verify_depth #define SSL_CTX_get_verify_mode wolfSSL_CTX_get_verify_mode @@ -474,11 +475,11 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey #define BIO_read_filename wolfSSL_BIO_read_filename #define BIO_s_file wolfSSL_BIO_s_file -#define OBJ_nid2sn wolf_OBJ_nid2sn -#define OBJ_obj2nid wolf_OBJ_obj2nid -#define OBJ_sn2nid wolf_OBJ_sn2nid -#define PEM_read_bio_X509 PEM_read_bio_WOLFSSL_X509 -#define PEM_read_bio_X509_AUX PEM_read_bio_WOLFSSL_X509_AUX +#define OBJ_nid2sn wolfSSL_OBJ_nid2sn +#define OBJ_obj2nid wolfSSL_OBJ_obj2nid +#define OBJ_sn2nid wolfSSL_OBJ_sn2nid +#define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 +#define PEM_read_bio_X509_AUX wolfSSL_PEM_read_bio_X509_AUX #define SSL_CTX_set_verify_depth wolfSSL_CTX_set_verify_depth #define SSL_get_app_data wolfSSL_get_app_data #define SSL_set_app_data wolfSSL_set_app_data @@ -588,6 +589,9 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define SSL_ctrl wolfSSL_ctrl #define SSL_CTX_ctrl wolfSSL_CTX_ctrl +#define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK +#define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL + #ifdef HAVE_STUNNEL #include diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index f81a3a004..0950aeef7 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -115,6 +115,7 @@ typedef struct WOLFSSL_ASN1_STRING WOLFSSL_ASN1_STRING; typedef struct WOLFSSL_dynlock_value WOLFSSL_dynlock_value; typedef struct WOLFSSL_DH WOLFSSL_DH; typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING; +typedef unsigned char* WOLFSSL_BUF_MEM; #define WOLFSSL_ASN1_UTCTIME WOLFSSL_ASN1_TIME @@ -541,7 +542,7 @@ WOLFSSL_API long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE fp); WOLFSSL_API long wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs); WOLFSSL_API long wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name); WOLFSSL_API long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v); -WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *b, void *m); +WOLFSSL_API long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **m); WOLFSSL_API void wolfSSL_RAND_screen(void); WOLFSSL_API const char* wolfSSL_RAND_file_name(char*, unsigned long); @@ -751,6 +752,7 @@ enum { WOLFSSL_OCSP_CHECKALL = 4, WOLFSSL_CRL_CHECKALL = 1, + WOLFSSL_CRL_CHECK = 27, ASN1_GENERALIZEDTIME = 4, @@ -1954,11 +1956,11 @@ WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x); WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void); /* These are to be merged shortly */ -WOLFSSL_API const char * wolf_OBJ_nid2sn(int n); -WOLFSSL_API int wolf_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o); -WOLFSSL_API int wolf_OBJ_sn2nid(const char *sn); -WOLFSSL_API WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); -WOLFSSL_API WOLFSSL_X509 *PEM_read_bio_WOLFSSL_X509_AUX +WOLFSSL_API const char * wolfSSL_OBJ_nid2sn(int n); +WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o); +WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn); +WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); +WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX (WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u); WOLFSSL_API void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx,int depth); WOLFSSL_API void* wolfSSL_get_app_data( const WOLFSSL *ssl); diff --git a/wolfssl/test.h b/wolfssl/test.h index e0a3c1a0e..4fad067c1 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -524,6 +524,7 @@ static INLINE void showPeer(WOLFSSL* ssl) #endif #if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT) ShowX509(wolfSSL_get_certificate(ssl), "our cert info:"); + printf("Peer verify result = %lu\n", wolfSSL_get_verify_result(ssl)); #endif /* SHOW_CERTS */ printf("SSL version is %s\n", wolfSSL_get_version(ssl));