feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

option to keepCert for ssl lifetime, refactor of ourCert process

Browse Source
This commit is contained in:
Jacob Barthelmeh
2016-05-02 17:19:25 -06:00
parent d1ab51e10f
commit b2325aad6d
4 changed files with 32 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/internal.c
View File

@ -2592,6 +2592,7 @@ void SSL_ResourceFree(WOLFSSL* ssl)
} }
#endif #endif
#ifndef NO_CERTS #ifndef NO_CERTS
ssl->keepCert = 0; /* make sure certificate is free'd */
wolfSSL_UnloadCertsKeys(ssl); wolfSSL_UnloadCertsKeys(ssl);
#endif #endif
#ifndef NO_RSA #ifndef NO_RSA

25
src/ssl.c
View File

@ -81,7 +81,6 @@
#include <wolfssl/wolfcrypt/idea.h> #include <wolfssl/wolfcrypt/idea.h>
#include <wolfssl/wolfcrypt/curve25519.h> #include <wolfssl/wolfcrypt/curve25519.h>
#include <wolfssl/wolfcrypt/ed25519.h> #include <wolfssl/wolfcrypt/ed25519.h>
#include <wolfssl/openssl/asn1.h>
#ifdef HAVE_STUNNEL #ifdef HAVE_STUNNEL
#include <wolfssl/openssl/ocsp.h> #include <wolfssl/openssl/ocsp.h>
#endif /* WITH_STUNNEL */ #endif /* WITH_STUNNEL */
@ -3473,14 +3472,13 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
FreeX509(ssl->ourCert); FreeX509(ssl->ourCert);
if (ssl->ourCert) { if (ssl->ourCert) {
XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509); XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
ssl->ourCert = NULL;
} }
#endif #endif
} }
XMEMCPY(&ssl->buffers.certificate, &der, sizeof(der)); XMEMCPY(&ssl->buffers.certificate, &der, sizeof(der));
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
ssl->ourCert = wolfSSL_X509_d2i(NULL, ssl->keepCert = 1; /* hold cert for ssl lifetime */
ssl->buffers.certificate->buffer,
ssl->buffers.certificate->length);
#endif #endif
ssl->buffers.weOwnCert = 1; ssl->buffers.weOwnCert = 1;
} }
@ -3490,14 +3488,10 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
FreeX509(ctx->ourCert); FreeX509(ctx->ourCert);
if (ctx->ourCert) { if (ctx->ourCert) {
XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509); XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
ctx->ourCert = NULL;
} }
#endif #endif
XMEMCPY(&ctx->certificate, &der, sizeof(der)); XMEMCPY(&ctx->certificate, &der, sizeof(der));
#ifdef OPENSSL_EXTRA
ctx->ourCert = wolfSSL_X509_d2i(NULL,
ctx->certificate->buffer,
ctx->certificate->length);
#endif
} }
} }
else if (type == PRIVATEKEY_TYPE) { else if (type == PRIVATEKEY_TYPE) {
@ -8040,13 +8034,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
if (ssl->buffers.weOwnCert) { if (ssl->buffers.weOwnCert && !ssl->keepCert) {
WOLFSSL_MSG("Unloading cert"); WOLFSSL_MSG("Unloading cert");
FreeDer(&ssl->buffers.certificate); FreeDer(&ssl->buffers.certificate);
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
FreeX509(ssl->ourCert); FreeX509(ssl->ourCert);
if (ssl->ourCert) { if (ssl->ourCert) {
XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509); XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
ssl->ourCert = NULL;
} }
#endif #endif
ssl->buffers.weOwnCert = 0; ssl->buffers.weOwnCert = 0;
@ -10769,10 +10764,20 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
} }
if (ssl->buffers.weOwnCert) { if (ssl->buffers.weOwnCert) {
if (ssl->ourCert == NULL) {
ssl->ourCert = wolfSSL_X509_d2i(NULL,
ssl->buffers.certificate->buffer,
ssl->buffers.certificate->length);
}
return ssl->ourCert; return ssl->ourCert;
} }
else { /* if cert not owned get parent ctx cert or return null */ else { /* if cert not owned get parent ctx cert or return null */
if (ssl->ctx) { if (ssl->ctx) {
if (ssl->ctx->ourCert == NULL) {
ssl->ctx->ourCert = wolfSSL_X509_d2i(NULL,
ssl->ctx->certificate->buffer,
ssl->ctx->certificate->length);
}
return ssl->ctx->ourCert; return ssl->ctx->ourCert;
} }
else { else {

1
wolfssl/internal.h
View File

@ -2731,6 +2731,7 @@ struct WOLFSSL {
points to ctx if not owned (owned points to ctx if not owned (owned
flag found in buffers.weOwnCert) */ flag found in buffers.weOwnCert) */
#endif #endif
byte keepCert; /* keep certificate after handshake */
#if defined(FORTRESS) || defined(HAVE_STUNNEL) #if defined(FORTRESS) || defined(HAVE_STUNNEL)
void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */ void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
#endif #endif

19
wolfssl/test.h
View File

@ -441,14 +441,22 @@ static INLINE int PasswordCallBack(char* passwd, int sz, int rw, void* userdata)
static INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr) static INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr)
{ {
char* altName; char* altName;
char* issuer = wolfSSL_X509_NAME_oneline( char* issuer;
wolfSSL_X509_get_issuer_name(x509), 0, 0); char* subject;
char* subject = wolfSSL_X509_NAME_oneline(
wolfSSL_X509_get_subject_name(x509), 0, 0);
byte serial[32]; byte serial[32];
int ret; int ret;
int sz = sizeof(serial); int sz = sizeof(serial);
if (x509 == NULL) {
printf("%s No Cert\n", hdr);
return;
}
issuer = wolfSSL_X509_NAME_oneline(
wolfSSL_X509_get_issuer_name(x509), 0, 0);
subject = wolfSSL_X509_NAME_oneline(
wolfSSL_X509_get_subject_name(x509), 0, 0);
printf("%s\n issuer : %s\n subject: %s\n", hdr, issuer, subject); printf("%s\n issuer : %s\n subject: %s\n", hdr, issuer, subject);
while ( (altName = wolfSSL_X509_get_next_altname(x509)) != NULL) while ( (altName = wolfSSL_X509_get_next_altname(x509)) != NULL)
@ -487,6 +495,9 @@ static INLINE void showPeer(WOLFSSL* ssl)
printf("peer has no cert!\n"); printf("peer has no cert!\n");
wolfSSL_FreeX509(peer); wolfSSL_FreeX509(peer);
#endif #endif
#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA)
ShowX509(wolfSSL_get_certificate(ssl), "our cert info:");
#endif /* SHOW_CERTS */
printf("SSL version is %s\n", wolfSSL_get_version(ssl)); printf("SSL version is %s\n", wolfSSL_get_version(ssl));
cipher = wolfSSL_get_current_cipher(ssl); cipher = wolfSSL_get_current_cipher(ssl);