feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Add show x509 test

Browse Source
This commit is contained in:
Tesfa Mael
2019-11-12 14:58:06 -08:00
parent 6ca12787ae
commit 520a032b71
5 changed files with 49 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/internal.c
View File

@ -9501,6 +9501,7 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args)
} }
#if defined(OPENSSL_EXTRA) #if defined(OPENSSL_EXTRA)
store->depth = args->count;
store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC( store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
sizeof(WOLFSSL_X509_VERIFY_PARAM), sizeof(WOLFSSL_X509_VERIFY_PARAM),
ssl->heap, DYNAMIC_TYPE_OPENSSL); ssl->heap, DYNAMIC_TYPE_OPENSSL);

66
src/ssl.c
View File

@ -3451,13 +3451,13 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
#if defined(WOLFSSL_SIGNER_DER_CERT) #if defined(WOLFSSL_SIGNER_DER_CERT)
/****************************************************************************** /******************************************************************************
* wolfSSL_CertManager_GetCerts - retrieve stack of X509 certificates in a * wolfSSL_CertManagerGetCerts - retrieve stack of X509 certificates in a
* certificate manager (CM), also knows as cert store in OpenSSL. * certificate manager (CM), also knows as cert store in OpenSSL.
* *
* RETURNS: * RETURNS:
* returns stack of X509 certs on success, otherwise returns a NULL. * returns stack of X509 certs on success, otherwise returns a NULL.
*/ */
WOLFSSL_STACK* wolfSSL_CertManager_GetCerts(WOLFSSL_CERT_MANAGER* cm) WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm)
{ {
WOLFSSL_STACK* sk = NULL; WOLFSSL_STACK* sk = NULL;
Signer* signers = NULL; Signer* signers = NULL;
@ -3475,8 +3475,6 @@ WOLFSSL_STACK* wolfSSL_CertManager_GetCerts(WOLFSSL_CERT_MANAGER* cm)
return NULL; return NULL;
} }
XMEMSET(sk, 0, sizeof(WOLFSSL_STACK));
if (wc_LockMutex(&cm->caLock) != 0) { if (wc_LockMutex(&cm->caLock) != 0) {
goto error_init; goto error_init;
} }
@ -3561,35 +3559,7 @@ error_init:
* wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate store ctx * wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate store ctx
* *
* This API can be used in SSL verify callback function to view cert chain * This API can be used in SSL verify callback function to view cert chain
* Here's an example to display certs to stdout. * See examples/client/client.c and myVerify() function in test.h
static int verify_callback(int ok, X509_STORE_CTX *ctx)
{
WOLFSSL_BIO* bio = NULL;
WOLFSSL_STACK* sk = NULL;
X509* x509 = NULL;
int i = 0;
sk = wolfSSL_X509_STORE_GetCerts(ctx->store->cm);
for (i = 0; i < sk_X509_num(sk); i++) {
x509 = sk_X509_value(sk, i);
bio = BIO_new(wolfSSL_BIO_s_file());
if (bio != NULL) {
BIO_set_fp(bio, stdout, BIO_NOCLOSE);
X509_print(bio, x509);
BIO_free(bio);
}
}
sk_X509_free(sk);
return ok;
}
* You can register your call back function in your app as follows:
*
* ctx = SSL_CTX_new(SSLv23_method());
* SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
* verify_callback);
* *
* RETURNS: * RETURNS:
* returns stack of X509 certs on success, otherwise returns a NULL. * returns stack of X509 certs on success, otherwise returns a NULL.
@ -3613,10 +3583,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s)
return NULL; return NULL;
} }
XMEMSET(sk, 0, sizeof(WOLFSSL_STACK)); for (certIdx = s->totalCerts - 1; certIdx >= 0; certIdx--) {
certIdx = s->totalCerts;
while (certIdx-- > 0) {
/* get certificate buffer */ /* get certificate buffer */
cert = &s->certs[certIdx]; cert = &s->certs[certIdx];
@ -3681,7 +3648,7 @@ error:
return NULL; return NULL;
} }
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) */ #endif /* OPENSSL_EXTRA && !NO_FILESYSTEM */
/* Unload the CA signer list */ /* Unload the CA signer list */
int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm) int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm)
@ -38374,15 +38341,6 @@ int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
return ret; return ret;
} }
int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s)
{
WOLFSSL_ENTER("wolfSSL_sk_X509_num");
if (s == NULL)
return -1;
return (int)s->num;
}
#if defined(OPENSSL_ALL) #if defined(OPENSSL_ALL)
WOLFSSL_X509_INFO* wolfSSL_X509_INFO_new(void) WOLFSSL_X509_INFO* wolfSSL_X509_INFO_new(void)
{ {
@ -39110,6 +39068,16 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(WOLFSSL_X509_STORE_CT
#if defined(OPENSSL_EXTRA) #if defined(OPENSSL_EXTRA)
int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s)
{
WOLFSSL_ENTER("wolfSSL_sk_X509_num");
if (s == NULL)
return -1;
return (int)s->num;
}
unsigned long wolfSSL_ERR_peek_last_error(void) unsigned long wolfSSL_ERR_peek_last_error(void)
{ {
WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error"); WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error");
@ -43780,9 +43748,9 @@ error:
} }
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
#endif /* defined(OPENSSL_ALL) && defined(HAVE_PKCS7) */ #endif /* OPENSSL_ALL && HAVE_PKCS7 */
#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) #if defined(OPENSSL_EXTRA)
WOLFSSL_STACK* wolfSSL_sk_X509_new(void) WOLFSSL_STACK* wolfSSL_sk_X509_new(void)
{ {
WOLFSSL_STACK* s = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, WOLFSSL_STACK* s = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,

10
tests/api.c
View File

@ -1093,7 +1093,7 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void)
return ret; return ret;
} }
static void test_wolfSSL_CertManager_GetCerts(void) static void test_wolfSSL_CertManagerGetCerts(void)
{ {
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
@ -1109,18 +1109,18 @@ static void test_wolfSSL_CertManager_GetCerts(void)
#endif #endif
int i = 0; int i = 0;
printf(testingFmt, "wolfSSL_CertManager_GetCerts()"); printf(testingFmt, "wolfSSL_CertManagerGetCerts()");
AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb")); AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb"));
AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
fclose(file1); fclose(file1);
AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
AssertNull(sk = wolfSSL_CertManager_GetCerts(cm)); AssertNull(sk = wolfSSL_CertManagerGetCerts(cm));
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
"./certs/ca-cert.pem", NULL)); "./certs/ca-cert.pem", NULL));
AssertNotNull(sk = wolfSSL_CertManager_GetCerts(cm)); AssertNotNull(sk = wolfSSL_CertManagerGetCerts(cm));
for (i = 0; i < sk_X509_num(sk); i++) { for (i = 0; i < sk_X509_num(sk); i++) {
x509 = sk_X509_value(sk, i); x509 = sk_X509_value(sk, i);
@ -28317,7 +28317,7 @@ void ApiTest(void)
test_wolfSSL_CTX_use_PrivateKey_file(); test_wolfSSL_CTX_use_PrivateKey_file();
test_wolfSSL_CTX_load_verify_locations(); test_wolfSSL_CTX_load_verify_locations();
test_wolfSSL_CertManagerLoadCABuffer(); test_wolfSSL_CertManagerLoadCABuffer();
test_wolfSSL_CertManager_GetCerts(); test_wolfSSL_CertManagerGetCerts();
test_wolfSSL_CertManagerCRL(); test_wolfSSL_CertManagerCRL();
test_wolfSSL_CTX_load_verify_locations_ex(); test_wolfSSL_CTX_load_verify_locations_ex();
test_wolfSSL_CTX_load_verify_buffer_ex(); test_wolfSSL_CTX_load_verify_buffer_ex();

4
wolfssl/ssl.h
View File

@ -570,7 +570,7 @@ typedef struct WOLFSSL_X509_STORE_CTX {
#if defined(HAVE_EX_DATA) || defined(FORTRESS) #if defined(HAVE_EX_DATA) || defined(FORTRESS)
void* ex_data[MAX_EX_DATA]; /* external data */ void* ex_data[MAX_EX_DATA]; /* external data */
#endif #endif
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_EXTRA)
int depth; /* used in X509_STORE_CTX_*_depth */ int depth; /* used in X509_STORE_CTX_*_depth */
#endif #endif
void* userCtx; /* user ctx */ void* userCtx; /* user ctx */
@ -2575,7 +2575,7 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl);
WOLFSSL_API int wolfSSL_CertManagerDisableOCSPStapling( WOLFSSL_API int wolfSSL_CertManagerDisableOCSPStapling(
WOLFSSL_CERT_MANAGER* cm); WOLFSSL_CERT_MANAGER* cm);
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)
WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManager_GetCerts(WOLFSSL_CERT_MANAGER* cm); WOLFSSL_API WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm);
#endif #endif
WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options); WOLFSSL_API int wolfSSL_EnableCRL(WOLFSSL* ssl, int options);
WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_DisableCRL(WOLFSSL* ssl);

24
wolfssl/test.h
View File

@ -1650,6 +1650,12 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
char buffer[WOLFSSL_MAX_ERROR_SZ]; char buffer[WOLFSSL_MAX_ERROR_SZ];
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_X509* peer; WOLFSSL_X509* peer;
#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM)
WOLFSSL_BIO* bio = NULL;
WOLFSSL_STACK* sk = NULL;
X509* x509 = NULL;
int i = 0;
#endif
#endif #endif
(void)preverify; (void)preverify;
@ -1681,6 +1687,24 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
subject); subject);
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM)
/* avoid printing same certs since myVerify is called for every cert in the chain */
if (store->depth == 1) {
/* retrieve x509 certs and display them on stdout */
sk = wolfSSL_X509_STORE_GetCerts(store);
for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) {
x509 = wolfSSL_sk_X509_value(sk, i);
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
if (bio != NULL) {
wolfSSL_BIO_set_fp(bio, stdout, BIO_NOCLOSE);
wolfSSL_X509_print(bio, x509);
wolfSSL_BIO_free(bio);
}
}
wolfSSL_sk_X509_free(sk);
}
#endif
} }
else else
printf("\tPeer has no cert!\n"); printf("\tPeer has no cert!\n");