From 520a032b718d80500f198b3c6b726e7eb0ff097a Mon Sep 17 00:00:00 2001
From: Tesfa Mael <tesfa@wolfssl.com>
Date: Tue, 12 Nov 2019 14:58:06 -0800
Subject: [PATCH] Add show x509 test

---
 src/internal.c |  1 +
 src/ssl.c      | 66 +++++++++++++-------------------------------------
 tests/api.c    | 10 ++++----
 wolfssl/ssl.h  |  4 +--
 wolfssl/test.h | 24 ++++++++++++++++++
 5 files changed, 49 insertions(+), 56 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 34e6b37e7..6cde72fbe 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -9501,6 +9501,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
         }
 
     #if defined(OPENSSL_EXTRA)
+        store->depth = args->count;
         store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
                         sizeof(WOLFSSL_X509_VERIFY_PARAM),
                         ssl->heap, DYNAMIC_TYPE_OPENSSL);
diff --git a/src/ssl.c b/src/ssl.c
index 1e2206fa7..62fd551a0 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -3451,13 +3451,13 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
 #if defined(WOLFSSL_SIGNER_DER_CERT)
 /******************************************************************************
-* wolfSSL_CertManager_GetCerts - retrieve stack of X509 certificates in a
+* wolfSSL_CertManagerGetCerts - retrieve stack of X509 certificates in a
 * certificate manager (CM), also knows as cert store in OpenSSL.
 *
 * RETURNS:
 * returns stack of X509 certs on success, otherwise returns a NULL.
 */
-WOLFSSL_STACK* wolfSSL_CertManager_GetCerts(WOLFSSL_CERT_MANAGER* cm)
+WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm)
 {
     WOLFSSL_STACK* sk = NULL;
     Signer* signers = NULL;
@@ -3475,8 +3475,6 @@ WOLFSSL_STACK* wolfSSL_CertManager_GetCerts(WOLFSSL_CERT_MANAGER* cm)
         return NULL;
     }
 
-    XMEMSET(sk, 0, sizeof(WOLFSSL_STACK));
-
     if (wc_LockMutex(&cm->caLock) != 0) {
         goto error_init;
     }
@@ -3561,35 +3559,7 @@ error_init:
 * wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate store ctx
 *
 * This API can be used in SSL verify callback function to view cert chain
-* Here's an example to display certs to stdout.
-
-static int verify_callback(int ok, X509_STORE_CTX *ctx)
-{
-    WOLFSSL_BIO* bio = NULL;
-    WOLFSSL_STACK* sk = NULL;
-    X509* x509 = NULL;
-    int i = 0;
-
-    sk = wolfSSL_X509_STORE_GetCerts(ctx->store->cm);
-
-    for (i = 0; i < sk_X509_num(sk); i++) {
-        x509 = sk_X509_value(sk, i);
-        bio = BIO_new(wolfSSL_BIO_s_file());
-        if (bio != NULL) {
-            BIO_set_fp(bio, stdout, BIO_NOCLOSE);
-            X509_print(bio, x509);
-            BIO_free(bio);
-        }
-    }
-
-    sk_X509_free(sk);
-    return ok;
-}
-* You can register your call back function in your app as follows:
-*
-* ctx = SSL_CTX_new(SSLv23_method());
-* SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
-*                    verify_callback);
+* See examples/client/client.c and myVerify() function in test.h
 *
 * RETURNS:
 * returns stack of X509 certs on success, otherwise returns a NULL.
@@ -3613,10 +3583,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s)
         return NULL;
     }
 
-    XMEMSET(sk, 0, sizeof(WOLFSSL_STACK));
-    certIdx = s->totalCerts;
-
-    while (certIdx-- > 0) {
+    for (certIdx = s->totalCerts - 1; certIdx >= 0; certIdx--) {
         /* get certificate buffer */
         cert = &s->certs[certIdx];
 
@@ -3681,7 +3648,7 @@ error:
 
     return NULL;
 }
-#endif /* defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) */
+#endif /* OPENSSL_EXTRA && !NO_FILESYSTEM */
 
 /* Unload the CA signer list */
 int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm)
@@ -38374,15 +38341,6 @@ int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
     return ret;
 }
 
-int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s)
-{
-    WOLFSSL_ENTER("wolfSSL_sk_X509_num");
-
-    if (s == NULL)
-        return -1;
-    return (int)s->num;
-}
-
 #if defined(OPENSSL_ALL)
 WOLFSSL_X509_INFO* wolfSSL_X509_INFO_new(void)
 {
@@ -39110,6 +39068,16 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(WOLFSSL_X509_STORE_CT
 
 
 #if defined(OPENSSL_EXTRA)
+
+int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s)
+{
+    WOLFSSL_ENTER("wolfSSL_sk_X509_num");
+
+    if (s == NULL)
+        return -1;
+    return (int)s->num;
+}
+
 unsigned long wolfSSL_ERR_peek_last_error(void)
 {
     WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error");
@@ -43780,9 +43748,9 @@ error:
     }
     return WOLFSSL_FAILURE;
 }
-#endif /* defined(OPENSSL_ALL) && defined(HAVE_PKCS7) */
+#endif /* OPENSSL_ALL && HAVE_PKCS7 */
 
-#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
+#if defined(OPENSSL_EXTRA)
 WOLFSSL_STACK* wolfSSL_sk_X509_new(void)
 {
     WOLFSSL_STACK* s = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
diff --git a/tests/api.c b/tests/api.c
index cee4447e2..674be630e 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -1093,7 +1093,7 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void)
     return ret;
 }
 
-static void test_wolfSSL_CertManager_GetCerts(void)
+static void test_wolfSSL_CertManagerGetCerts(void)
 {
 #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
     !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
@@ -1109,18 +1109,18 @@ static void test_wolfSSL_CertManager_GetCerts(void)
 #endif
     int i = 0;
 
-    printf(testingFmt, "wolfSSL_CertManager_GetCerts()");
+    printf(testingFmt, "wolfSSL_CertManagerGetCerts()");
     AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb"));
 
     AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
     fclose(file1);
 
     AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
-    AssertNull(sk = wolfSSL_CertManager_GetCerts(cm));
+    AssertNull(sk = wolfSSL_CertManagerGetCerts(cm));
     AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
                 "./certs/ca-cert.pem", NULL));
 
-    AssertNotNull(sk = wolfSSL_CertManager_GetCerts(cm));
+    AssertNotNull(sk = wolfSSL_CertManagerGetCerts(cm));
 
     for (i = 0; i < sk_X509_num(sk); i++) {
         x509 = sk_X509_value(sk, i);
@@ -28317,7 +28317,7 @@ void ApiTest(void)
     test_wolfSSL_CTX_use_PrivateKey_file();
     test_wolfSSL_CTX_load_verify_locations();
     test_wolfSSL_CertManagerLoadCABuffer();
-    test_wolfSSL_CertManager_GetCerts();
+    test_wolfSSL_CertManagerGetCerts();
     test_wolfSSL_CertManagerCRL();
     test_wolfSSL_CTX_load_verify_locations_ex();
     test_wolfSSL_CTX_load_verify_buffer_ex();
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 87b47c72f..535ab05e3 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -570,7 +570,7 @@ typedef struct WOLFSSL_X509_STORE_CTX {
 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
     void* ex_data[MAX_EX_DATA];  /* external data */
 #endif
-#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL)
+#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_EXTRA)
     int depth;                   /* used in X509_STORE_CTX_*_depth */
 #endif
     void* userCtx;               /* user ctx */
@@ -2575,7 +2575,7 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
     WOLFSSL_API int wolfSSL_CertManagerDisableOCSPStapling(
                                                       WOLFSSL_CERT_MANAGER* cm);
 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
-WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManager_GetCerts(WOLFSSL_CERT_MANAGER* cm);
+WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm);
 #endif
     WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options);
     WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl);
diff --git a/wolfssl/test.h b/wolfssl/test.h
index 69b7bddd8..bcf9c4568 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -1650,6 +1650,12 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
     char buffer[WOLFSSL_MAX_ERROR_SZ];
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
     WOLFSSL_X509* peer;
+#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM)
+    WOLFSSL_BIO* bio = NULL;
+    WOLFSSL_STACK* sk = NULL;
+    X509* x509 = NULL;
+    int i = 0;
+#endif
 #endif
     (void)preverify;
 
@@ -1681,6 +1687,24 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
                                                                   subject);
         XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
         XFREE(issuer,  0, DYNAMIC_TYPE_OPENSSL);
+#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM)
+/* avoid printing same certs since myVerify is called for every cert in the chain */
+        if (store->depth == 1) {
+            /* retrieve x509 certs and display them on stdout */
+            sk = wolfSSL_X509_STORE_GetCerts(store);
+
+            for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) {
+                x509 = wolfSSL_sk_X509_value(sk, i);
+                bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
+                if (bio != NULL) {
+                    wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
+                    wolfSSL_X509_print(bio, x509);
+                    wolfSSL_BIO_free(bio);
+                }
+            }
+            wolfSSL_sk_X509_free(sk);
+        }
+#endif
     }
     else
         printf("\tPeer has no cert!\n");