add KEEP_PEER_CERT flag for non opensslextra peer cert storage, ssn3

cyassl/ctaocrypt/settings.h

@@ -471,6 +471,13 @@
     #define USE_CYASSL_MEMORY
 #endif
 
+
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS)
+    #undef  KEEP_PEER_CERT
+    #define KEEP_PEER_CERT
+#endif
+
+
 /* Place any other flags or defines here */
 
 

cyassl/internal.h

@@ -112,6 +112,7 @@
     #define SHA256_DIGEST_SIZE 32 
 #endif
 
+
 #ifdef __cplusplus
     extern "C" {
 #endif
@@ -1634,7 +1635,7 @@ struct CYASSL {
     byte            hsInfoOn;           /* track handshake info        */
     byte            toInfoOn;           /* track timeout   info        */
 #endif
-#ifdef OPENSSL_EXTRA
+#ifdef KEEP_PEER_CERT
     CYASSL_X509     peerCert;           /* X509 peer cert */
 #endif
 #ifdef FORTRESS
@@ -1868,8 +1869,6 @@ CYASSL_LOCAL  int GrowInputBuffer(CYASSL* ssl, int size, int usedLength);
 
 #endif /* NO_TLS */
 
-
-
 typedef double timer_d;
 
 CYASSL_LOCAL timer_d Timer(void);

cyassl/test.h

@@ -253,11 +253,12 @@ static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
 
 static INLINE void showPeer(CYASSL* ssl)
 {
-#ifdef OPENSSL_EXTRA
 
     CYASSL_CIPHER* cipher;
+#ifdef KEEP_PEER_CERT
     CYASSL_X509*   peer = CyaSSL_get_peer_certificate(ssl);
     if (peer) {
+#ifdef OPENSSL_EXTRA
         char* altName;
         char* issuer  = CyaSSL_X509_NAME_oneline(
                                        CyaSSL_X509_get_issuer_name(peer), 0, 0);
@@ -289,14 +290,17 @@ static INLINE void showPeer(CYASSL* ssl)
 
         XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
         XFREE(issuer,  0, DYNAMIC_TYPE_OPENSSL);
+#else
+        printf("peer has a cert!\n");
+#endif
     }
     else
         printf("peer has no cert!\n");
+#endif
     printf("SSL version is %s\n", CyaSSL_get_version(ssl));
 
     cipher = CyaSSL_get_current_cipher(ssl);
     printf("SSL cipher suite is %s\n", CyaSSL_CIPHER_get_name(cipher));
-#endif
 
 #if defined(SESSION_CERTS) && defined(SHOW_CERTS)
     {

src/internal.c

@@ -1203,7 +1203,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
     ssl->buffers.prevSent                  = 0;
     ssl->buffers.plainSz                   = 0;
 
-#ifdef OPENSSL_EXTRA
+#ifdef KEEP_PEER_CERT
     ssl->peerCert.derCert.buffer = NULL;
     ssl->peerCert.altNames     = NULL;
     ssl->peerCert.altNamesNext = NULL;
@@ -1353,7 +1353,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
     ssl->buffers.dtlsCtx.peer.sz = 0;
 #endif
 
-#ifdef OPENSSL_EXTRA
+#ifdef KEEP_PEER_CERT
     ssl->peerCert.issuer.sz    = 0;
     ssl->peerCert.subject.sz   = 0;
 #endif
@@ -1565,10 +1565,12 @@ void SSL_ResourceFree(CYASSL* ssl)
     XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
     ssl->buffers.dtlsCtx.peer.sa = NULL;
 #endif
-#if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
+#if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)
     XFREE(ssl->peerCert.derCert.buffer, ssl->heap, DYNAMIC_TYPE_CERT);
     if (ssl->peerCert.altNames)
         FreeAltNames(ssl->peerCert.altNames, ssl->heap);
+#endif
+#if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
     CyaSSL_BIO_free(ssl->biord);
     if (ssl->biord != ssl->biowr)        /* in case same as write */
         CyaSSL_BIO_free(ssl->biowr);
@@ -2831,7 +2833,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
 
 #endif /* HAVE_CRL */
 
-#ifdef OPENSSL_EXTRA
+#ifdef KEEP_PEER_CERT
         /* set X509 format for peer cert even if fatal */
         XSTRNCPY(ssl->peerCert.issuer.name, dCert.issuer, ASN_NAME_MAX);
         ssl->peerCert.issuer.name[ASN_NAME_MAX - 1] = '\0';
@@ -2955,7 +2957,7 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx)
                 store.error = ret;
                 store.error_depth = totalCerts;
                 store.domain = domain;
-#ifdef OPENSSL_EXTRA
+#ifdef KEEP_PEER_CERT
                 store.current_cert = &ssl->peerCert;
 #else
                 store.current_cert = NULL;

src/ssl.c

@@ -3960,8 +3960,8 @@ int CyaSSL_set_compression(CYASSL* ssl)
                    ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
                    ssl->options.side);
     }
+#endif
 
-   
     /* return true if connection established */
     int CyaSSL_is_init_finished(CYASSL* ssl)
     {
@@ -3974,7 +3974,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
         return 0;
     }
 
-
+#if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
     void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX* ctx,
                                       CYASSL_RSA*(*f)(CYASSL*, int, int))
     {
@@ -5452,8 +5452,8 @@ int CyaSSL_set_compression(CYASSL* ssl)
         (void)flags; 
         return 0;
     }
-
+#endif
-
+#ifdef KEEP_PEER_CERT
     CYASSL_X509* CyaSSL_get_peer_certificate(CYASSL* ssl)
     {
         CYASSL_ENTER("SSL_get_peer_certificate");
@@ -5462,9 +5462,9 @@ int CyaSSL_set_compression(CYASSL* ssl)
         else
             return 0;
     }
+#endif
 
-
+#ifdef OPENSSL_EXTRA
-
     int CyaSSL_set_ex_data(CYASSL* ssl, int idx, void* data)
     {
 #ifdef FORTRESS