feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Add support for TLS v1.3 compatibility API SSL_verify_client_post_handshake for the server-side to support rehandshake. Required for Apache v2.4.39 with TLS v1.3.

Browse Source
This commit is contained in:
David Garske
2020-09-25 14:26:30 -07:00
parent f75dc4727d
commit 6dbc1cb75d
3 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/ssl.c
View File

@ -10357,6 +10357,30 @@ void wolfSSL_set_verify_result(WOLFSSL *ssl, long v)
#endif
}
/* For TLS v1.3 perform rehandshake. Returns 1=WOLFSSL_SUCCESS or 0=WOLFSSL_FAILURE */
int wolfSSL_verify_client_post_handshake(WOLFSSL* ssl)
{
int ret = NOT_COMPILED_IN;
#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \
(!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_SERVER_END) {
ret = wolfSSL_request_certificate(ssl);
}
#endif
#ifndef NO_WOLFSSL_CLIENT
if (ssl->options.side == WOLFSSL_CLIENT_END) {
ret = wolfSSL_allow_post_handshake_auth(ssl);
}
#endif
#else
(void)ssl;
#endif
ret = (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
return ret;
}
/* store user ctx for verify callback */
void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx)
{

1
wolfssl/openssl/ssl.h
View File

@ -279,6 +279,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_CTX_set_cert_verify_callback wolfSSL_CTX_set_cert_verify_callback
#define SSL_set_verify wolfSSL_set_verify
#define SSL_set_verify_result wolfSSL_set_verify_result
#define SSL_verify_client_post_handshake wolfSSL_verify_client_post_handshake
#define SSL_pending wolfSSL_pending
#define SSL_load_error_strings wolfSSL_load_error_strings
#define SSL_library_init wolfSSL_library_init

2
wolfssl/ssl.h
View File

@ -974,6 +974,8 @@ WOLFSSL_API void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx,
WOLFSSL_API void wolfSSL_set_verify(WOLFSSL*, int, VerifyCallback verify_callback);
WOLFSSL_API void wolfSSL_set_verify_result(WOLFSSL*, long);
WOLFSSL_API int wolfSSL_verify_client_post_handshake(WOLFSSL*);
WOLFSSL_API void wolfSSL_SetCertCbCtx(WOLFSSL*, void*);
WOLFSSL_ABI WOLFSSL_API int wolfSSL_pending(WOLFSSL*);