From ebc64db7d05766f33f7f4fb008cd181ca3a72590 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Mon, 20 Dec 2021 10:17:50 -0800
Subject: [PATCH 1/2] Fix for `--enable-pkcallbacks --disable-aes
 --disable-aesgcm`.

---
 wolfssl/internal.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 0312e517b..10c88121e 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -3070,7 +3070,9 @@ struct WOLFSSL_CTX {
     CallbackGenSessionKey       GenSessionKeyCb;    /* Use generate session key handler */
     CallbackEncryptKeys         EncryptKeysCb;/* Use setting encrypt keys handler */
     CallbackTlsFinished         TlsFinishedCb;      /* Use Tls finished handler */
+#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY)
     CallbackVerifyMac           VerifyMacCb;        /* Use Verify mac handler */
+#endif
 #endif /* HAVE_PK_CALLBACKS */
 #ifdef HAVE_WOLF_EVENT
     WOLF_EVENT_QUEUE event_queue;

From d8b58b8b0530134a440fcb25ae5f673252058926 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Mon, 20 Dec 2021 11:47:34 -0800
Subject: [PATCH 2/2] Put both `DigiCert Global Root CA` and `GlobalSign Root
 CA` into the Google CA list. Fixes `--enable-dtls --enable-ocsp`
 ./scripts/ocsp.test`.

---
 certs/external/ca-google-root.pem | 21 +++++++++++++++++++++
 scripts/ocsp.test                 |  2 ++
 scripts/resume.test               |  2 ++
 3 files changed, 25 insertions(+)

diff --git a/certs/external/ca-google-root.pem b/certs/external/ca-google-root.pem
index fd4341df2..cc9dd0873 100644
--- a/certs/external/ca-google-root.pem
+++ b/certs/external/ca-google-root.pem
@@ -20,3 +20,24 @@ PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
 YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
 CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
 -----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw
+MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
+BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B
+AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz
+yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE
+38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
+AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad
+DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
+HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
+-----END CERTIFICATE-----
diff --git a/scripts/ocsp.test b/scripts/ocsp.test
index e89ecbe77..acedc254e 100755
--- a/scripts/ocsp.test
+++ b/scripts/ocsp.test
@@ -35,6 +35,7 @@ if [ "$OUTPUT" = "SNI is: ON" ]; then
 
     if [ $RESULT -eq 0 ]; then
         # client test against the server
+        echo "./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N -v d -S $server"
         ./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N -v d -S $server
         GL_RESULT=$?
         [ $GL_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"
@@ -54,6 +55,7 @@ ${SCRIPT_DIR}/ping.test $server 2
 RESULT=$?
 if [ $RESULT -eq 0 ]; then
     # client test against the server
+    echo "./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N"
     ./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N
     GR_RESULT=$?
     [ $GR_RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed"
diff --git a/scripts/resume.test b/scripts/resume.test
index f811e34b2..129f7a669 100755
--- a/scripts/resume.test
+++ b/scripts/resume.test
@@ -69,6 +69,7 @@ do_test() {
     esac
 
     remove_ready_file
+    echo "./examples/server/server -r -R "$ready_file" -p $resume_port"
     ./examples/server/server -r -R "$ready_file" -p $resume_port &
     server_pid=$!
 
@@ -92,6 +93,7 @@ do_test() {
     # get created port 0 ephemeral port
     resume_port=`cat "$ready_file"`
 
+    echo "./examples/client/client $1 -r -p $resume_port"
     capture_out=$(./examples/client/client $1 -r -p $resume_port 2>&1)
     client_result=$?