diff --git a/examples/client/client.c b/examples/client/client.c index c87429b77..486508629 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -593,7 +593,6 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, printf("SSL_write bench error %d!\n", err); if (!exitWithRet) err_sys("SSL_write failed"); - ret = err; goto doExit; } tx_time += current_time(0) - start; diff --git a/examples/server/server.c b/examples/server/server.c index 5394c1681..44bc31348 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -381,8 +381,10 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, err_sys_ex(runWithErrors, "SSL_read failed"); break; } - if (err == WOLFSSL_ERROR_ZERO_RETURN) + if (err == WOLFSSL_ERROR_ZERO_RETURN) { + free(buffer); return WOLFSSL_ERROR_ZERO_RETURN; + } } else { rx_pos += ret; @@ -1813,7 +1815,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | (usePskPlus ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK : WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), - myVerifyAction == VERIFY_OVERRIDE_DATE_ERR ? myVerify : NULL); + (myVerifyAction == VERIFY_OVERRIDE_DATE_ERR || + myVerifyAction == VERIFY_FORCE_FAIL) ? myVerify : NULL); #ifdef TEST_BEFORE_DATE verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY; diff --git a/src/internal.c b/src/internal.c index 39af97f69..29d9a5748 100644 --- a/src/internal.c +++ b/src/internal.c @@ -10007,6 +10007,8 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, /* Determine if verify was okay */ if (ret == 0) { verify_ok = 1; + use_cb = 1; /* use verify callback on success, in case callback + * could force fail a cert */ } /* Determine if verify callback should be used */ diff --git a/tests/test-fails.conf b/tests/test-fails.conf index 40afb54e0..d1dd44417 100644 --- a/tests/test-fails.conf +++ b/tests/test-fails.conf @@ -114,7 +114,6 @@ # server -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --H verifyFail # client verify should fail -v 3 @@ -129,12 +128,10 @@ # client -v 3 -l ECDHE-RSA-AES128-GCM-SHA256 --H verifyFail # server -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 --H verifyFail # client verify should fail -v 3 @@ -149,7 +146,6 @@ # client -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 --H verifyFail # error going into callback, return error # server @@ -157,7 +153,6 @@ -l ECDHE-RSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-rsa-badsig.pem -k ./certs/server-key.pem --H verifyFail # client verify should fail -v 3 @@ -169,7 +164,6 @@ -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/test/server-cert-ecc-badsig.pem -k ./certs/ecc-key.pem --H verifyFail # client verify should fail -v 3 @@ -179,12 +173,10 @@ # server send alert on no mutual authentication -v 3 -F --H verifyFail # client send alert on no mutual authentication -v 3 -x --H verifyFail # server TLSv1.3 fail on no client certificate # server always sets WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT unless using -d @@ -195,3 +187,4 @@ -v 4 -l TLS13-AES128-GCM-SHA256 -x + diff --git a/wolfssl/test.h b/wolfssl/test.h index 385a3be21..aff5c4d65 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1684,7 +1684,7 @@ enum { VERIFY_USE_PREVERFIY, VERIFY_OVERRIDE_DATE_ERR, }; -static int myVerifyAction = VERIFY_OVERRIDE_ERROR; +static THREAD_LS_T int myVerifyAction = VERIFY_OVERRIDE_ERROR; /* The verify callback is called for every certificate only when * --enable-opensslextra is defined because it sets WOLFSSL_ALWAYS_VERIFY_CB and