Fixes for openssl compatibility. Added SSL_CTX_set_post_handshake_auth and SSL_set_post_handshake_auth API's for enabling or disabling post handshake authentication for TLS v1.3.

src/ssl.c

@@ -10357,30 +10357,34 @@ void wolfSSL_set_verify_result(WOLFSSL *ssl, long v)
 #endif
 }
 
-/* For TLS v1.3 perform rehandshake. Returns 1=WOLFSSL_SUCCESS or 0=WOLFSSL_FAILURE */
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+    defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+/* For TLS v1.3 send handshake messages after handshake completes. */
+/* Returns 1=WOLFSSL_SUCCESS or 0=WOLFSSL_FAILURE */
 int wolfSSL_verify_client_post_handshake(WOLFSSL* ssl)
 {
-    int ret = NOT_COMPILED_IN;
+    int ret = wolfSSL_request_certificate(ssl);
-#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \
+    return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
-    (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
-    #ifndef NO_WOLFSSL_SERVER
-    if (ssl->options.side == WOLFSSL_SERVER_END) {
-        ret = wolfSSL_request_certificate(ssl);
-    }
-    #endif
-    #ifndef NO_WOLFSSL_CLIENT
-    if (ssl->options.side == WOLFSSL_CLIENT_END) {
-        ret = wolfSSL_allow_post_handshake_auth(ssl);
-    }
-    #endif
-#else
-    (void)ssl;
-#endif
-    ret = (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
-    
-    return ret;
 }
 
+void wolfSSL_CTX_set_post_handshake_auth(WOLFSSL_CTX* ctx, int val)
+{
+    int ret = wolfSSL_CTX_allow_post_handshake_auth(ctx);
+    if (ret == 0) {
+        ctx->postHandshakeAuth = (val != 0);
+    }
+    return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+}
+void wolfSSL_set_post_handshake_auth(WOLFSSL* ssl, int val)
+{
+    int ret = wolfSSL_allow_post_handshake_auth(ssl);
+    if (ret == 0) {
+        ssl->options.postHandshakeAuth = (val != 0);
+    }
+    return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
+}
+#endif /* OPENSSL_EXTRA && !NO_CERTS && WOLFSSL_TLS13 && WOLFSSL_POST_HANDSHAKE_AUTH */
+
 /* store user ctx for verify callback */
 void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx)
 {

wolfssl/openssl/ssl.h

@@ -284,6 +284,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_set_verify                  wolfSSL_set_verify
 #define SSL_set_verify_result           wolfSSL_set_verify_result
 #define SSL_verify_client_post_handshake wolfSSL_verify_client_post_handshake
+#define SSL_set_post_handshake_auth     wolfSSL_set_post_handshake_auth
+#define SSL_CTX_set_post_handshake_auth wolfSSL_CTX_set_post_handshake_auth
 #define SSL_pending                     wolfSSL_pending
 #define SSL_load_error_strings          wolfSSL_load_error_strings
 #define SSL_library_init                wolfSSL_library_init

wolfssl/ssl.h

@@ -974,7 +974,13 @@ WOLFSSL_API void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx,
 
 WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback);
 WOLFSSL_API void wolfSSL_set_verify_result(WOLFSSL*, long);
+
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
+    defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
 WOLFSSL_API int  wolfSSL_verify_client_post_handshake(WOLFSSL*);
+WOLFSSL_API void wolfSSL_CTX_set_post_handshake_auth(WOLFSSL_CTX*, int);
+WOLFSSL_API void wolfSSL_set_post_handshake_auth(WOLFSSL*, int);
+#endif
 
 WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*);