feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fixes for openssl compatibility. Added SSL_CTX_set_post_handshake_auth and SSL_set_post_handshake_auth API's for enabling or disabling post handshake authentication for TLS v1.3.

Browse Source
This commit is contained in:
David Garske
2020-11-04 15:05:50 -08:00
parent 685a35e097
commit 3b4ec74174
3 changed files with 32 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
src/ssl.c
View File

@ -10357,30 +10357,34 @@ void wolfSSL_set_verify_result(WOLFSSL *ssl, long v)
#endif
}
/* For TLS v1.3 perform rehandshake. Returns 1=WOLFSSL_SUCCESS or 0=WOLFSSL_FAILURE */
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
/* For TLS v1.3 send handshake messages after handshake completes. */
/* Returns 1=WOLFSSL_SUCCESS or 0=WOLFSSL_FAILURE */
int wolfSSL_verify_client_post_handshake(WOLFSSL* ssl)
{
int ret = NOT_COMPILED_IN;
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \
(!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_SERVER_END) {
ret = wolfSSL_request_certificate(ssl);
}
#endif
#ifndef NO_WOLFSSL_CLIENT
if (ssl->options.side == WOLFSSL_CLIENT_END) {
ret = wolfSSL_allow_post_handshake_auth(ssl);
}
#endif
#else
(void)ssl;
#endif
ret = (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
return ret;
int ret = wolfSSL_request_certificate(ssl);
return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
}
void wolfSSL_CTX_set_post_handshake_auth(WOLFSSL_CTX* ctx, int val)
{
int ret = wolfSSL_CTX_allow_post_handshake_auth(ctx);
if (ret == 0) {
ctx->postHandshakeAuth = (val != 0);
}
return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
}
void wolfSSL_set_post_handshake_auth(WOLFSSL* ssl, int val)
{
int ret = wolfSSL_allow_post_handshake_auth(ssl);
if (ret == 0) {
ssl->options.postHandshakeAuth = (val != 0);
}
return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
}
#endif /* OPENSSL_EXTRA && !NO_CERTS && WOLFSSL_TLS13 && WOLFSSL_POST_HANDSHAKE_AUTH */
/* store user ctx for verify callback */
void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx)
{

2
wolfssl/openssl/ssl.h
View File

@ -284,6 +284,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_set_verify wolfSSL_set_verify
#define SSL_set_verify_result wolfSSL_set_verify_result
#define SSL_verify_client_post_handshake wolfSSL_verify_client_post_handshake
#define SSL_set_post_handshake_auth wolfSSL_set_post_handshake_auth
#define SSL_CTX_set_post_handshake_auth wolfSSL_CTX_set_post_handshake_auth
#define SSL_pending wolfSSL_pending
#define SSL_load_error_strings wolfSSL_load_error_strings
#define SSL_library_init wolfSSL_library_init

6
wolfssl/ssl.h
View File

@ -974,7 +974,13 @@ WOLFSSL_API void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx,
WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback);
WOLFSSL_API void wolfSSL_set_verify_result(WOLFSSL*, long);
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
WOLFSSL_API int wolfSSL_verify_client_post_handshake(WOLFSSL*);
WOLFSSL_API void wolfSSL_CTX_set_post_handshake_auth(WOLFSSL_CTX*, int);
WOLFSSL_API void wolfSSL_set_post_handshake_auth(WOLFSSL*, int);
#endif
WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*);