feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Added missing API's for disabling OCSP stapling. Added OCSP stapling enable/disable for WOLFSSL.

Browse Source
This commit is contained in:
David Garske
2017-10-17 13:52:05 -07:00
parent ddb5e57811
commit 3d7e86f08d
3 changed files with 79 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
examples/server/server.c
View File

@@ -1504,6 +1504,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
} }
} /* while(1) */ } /* while(1) */
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL_CTX_DisableOCSPStapling(ctx);
#endif
CloseSocket(sockfd); CloseSocket(sockfd);
SSL_CTX_free(ctx); SSL_CTX_free(ctx);

49
src/ssl.c
View File

@@ -5759,6 +5759,7 @@ int wolfSSL_CertManagerEnableOCSPStapling(WOLFSSL_CERT_MANAGER* cm)
int ret = WOLFSSL_SUCCESS; int ret = WOLFSSL_SUCCESS;
WOLFSSL_ENTER("wolfSSL_CertManagerEnableOCSPStapling"); WOLFSSL_ENTER("wolfSSL_CertManagerEnableOCSPStapling");
if (cm == NULL) if (cm == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
@@ -5791,6 +5792,24 @@ int wolfSSL_CertManagerEnableOCSPStapling(WOLFSSL_CERT_MANAGER* cm)
return ret; return ret;
} }
int wolfSSL_CertManagerDisableOCSPStapling(WOLFSSL_CERT_MANAGER* cm)
{
int ret = WOLFSSL_SUCCESS;
WOLFSSL_ENTER("wolfSSL_CertManagerDisableOCSPStapling");
if (cm == NULL)
return BAD_FUNC_ARG;
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
|| defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
cm->ocspStaplingEnabled = 0;
#else
ret = NOT_COMPILED_IN;
#endif
return ret;
}
#ifdef HAVE_OCSP #ifdef HAVE_OCSP
@@ -5885,7 +5904,6 @@ int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
int wolfSSL_DisableOCSP(WOLFSSL* ssl) int wolfSSL_DisableOCSP(WOLFSSL* ssl)
{ {
WOLFSSL_ENTER("wolfSSL_DisableOCSP"); WOLFSSL_ENTER("wolfSSL_DisableOCSP");
@@ -5896,6 +5914,24 @@ int wolfSSL_DisableOCSP(WOLFSSL* ssl)
} }
int wolfSSL_EnableOCSPStapling(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_EnableOCSPStapling");
if (ssl)
return wolfSSL_CertManagerEnableOCSPStapling(ssl->ctx->cm);
else
return BAD_FUNC_ARG;
}
int wolfSSL_DisableOCSPStapling(WOLFSSL* ssl)
{
WOLFSSL_ENTER("wolfSSL_DisableOCSPStapling");
if (ssl)
return wolfSSL_CertManagerDisableOCSPStapling(ssl->ctx->cm);
else
return BAD_FUNC_ARG;
}
int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url) int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url)
{ {
WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL"); WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL");
@@ -5971,7 +6007,16 @@ int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx)
else else
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#endif
int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX* ctx)
{
WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSPStapling");
if (ctx)
return wolfSSL_CertManagerDisableOCSPStapling(ctx->cm);
else
return BAD_FUNC_ARG;
}
#endif /* HAVE_CERTIFICATE_STATUS_REQUEST || HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
#endif /* HAVE_OCSP */ #endif /* HAVE_OCSP */

7
wolfssl/ssl.h
View File

@@ -1789,6 +1789,8 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_CertManagerEnableOCSPStapling( WOLFSSL_API int wolfSSL_CertManagerEnableOCSPStapling(
WOLFSSL_CERT_MANAGER* cm); WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_API int wolfSSL_CertManagerDisableOCSPStapling(
WOLFSSL_CERT_MANAGER* cm);
WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options); WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options);
WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl);
@@ -1803,6 +1805,8 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_DisableOCSP(WOLFSSL*); WOLFSSL_API int wolfSSL_DisableOCSP(WOLFSSL*);
WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL(WOLFSSL*, const char*); WOLFSSL_API int wolfSSL_SetOCSP_OverrideURL(WOLFSSL*, const char*);
WOLFSSL_API int wolfSSL_SetOCSP_Cb(WOLFSSL*, CbOCSPIO, CbOCSPRespFree, void*); WOLFSSL_API int wolfSSL_SetOCSP_Cb(WOLFSSL*, CbOCSPIO, CbOCSPRespFree, void*);
WOLFSSL_API int wolfSSL_EnableOCSPStapling(WOLFSSL*);
WOLFSSL_API int wolfSSL_DisableOCSPStapling(WOLFSSL*);
WOLFSSL_API int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options); WOLFSSL_API int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options);
WOLFSSL_API int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx); WOLFSSL_API int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx);
@@ -1813,13 +1817,14 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
#ifdef HAVE_CRL_IO #ifdef HAVE_CRL_IO
WOLFSSL_API int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX*, CbCrlIO); WOLFSSL_API int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX*, CbCrlIO);
#endif #endif
WOLFSSL_API int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX*, int options); WOLFSSL_API int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX*, int options);
WOLFSSL_API int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*); WOLFSSL_API int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX*, const char*); WOLFSSL_API int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX*, const char*);
WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX*, WOLFSSL_API int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX*,
CbOCSPIO, CbOCSPRespFree, void*); CbOCSPIO, CbOCSPRespFree, void*);
WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*); WOLFSSL_API int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*);
WOLFSSL_API int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX*);
#endif /* !NO_CERTS */ #endif /* !NO_CERTS */