feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix for OCSP non-blocking with check all flag set.

Browse Source
This commit is contained in:
David Garske
2017-12-19 16:52:47 -08:00
parent d6472c7f71
commit 4712376ce1
2 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
examples/client/client.c
View File

@ -1583,7 +1583,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
| WOLFSSL_OCSP_URL_OVERRIDE); | WOLFSSL_OCSP_URL_OVERRIDE);
} }
else { else {
wolfSSL_CTX_EnableOCSP(ctx, 0); wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL);
} }
#ifdef WOLFSSL_NONBLOCK_OCSP #ifdef WOLFSSL_NONBLOCK_OCSP

15
src/internal.c
View File

@ -8101,6 +8101,12 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
args->dCertInit = 1; args->dCertInit = 1;
} }
/* check if returning from non-blocking OCSP */
#ifdef WOLFSSL_NONBLOCK_OCSP
if (args->lastErr != OCSP_WANT_READ)
{
#endif
ret = ParseCertRelative(args->dCert, CERT_TYPE, ret = ParseCertRelative(args->dCert, CERT_TYPE,
!ssl->options.verifyNone, ssl->ctx->cm); !ssl->options.verifyNone, ssl->ctx->cm);
#ifdef WOLFSSL_ASYNC_CRYPT #ifdef WOLFSSL_ASYNC_CRYPT
@ -8225,6 +8231,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
WOLFSSL_MSG("Verified CA from chain and already had it"); WOLFSSL_MSG("Verified CA from chain and already had it");
} }
#ifdef WOLFSSL_NONBLOCK_OCSP
}
else {
args->lastErr = 0; /* clear last error */
}
#endif
#if defined(HAVE_OCSP) || defined(HAVE_CRL) #if defined(HAVE_OCSP) || defined(HAVE_CRL)
if (ret == 0) { if (ret == 0) {
int doCrlLookup = 1; int doCrlLookup = 1;
@ -8243,6 +8256,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
args->dCert, NULL, ssl); args->dCert, NULL, ssl);
#ifdef WOLFSSL_NONBLOCK_OCSP #ifdef WOLFSSL_NONBLOCK_OCSP
if (ret == OCSP_WANT_READ) { if (ret == OCSP_WANT_READ) {
args->lastErr = ret;
goto exit_ppc; goto exit_ppc;
} }
#endif #endif
@ -8262,6 +8276,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ret = CheckCertCRL(ssl->ctx->cm->crl, args->dCert); ret = CheckCertCRL(ssl->ctx->cm->crl, args->dCert);
#ifdef WOLFSSL_NONBLOCK_OCSP #ifdef WOLFSSL_NONBLOCK_OCSP
if (ret == OCSP_WANT_READ) { if (ret == OCSP_WANT_READ) {
args->lastErr = ret;
goto exit_ppc; goto exit_ppc;
} }
#endif #endif