feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #6559 from dgarske/sni_defaults

Browse Source 
Turn on SNI by default on hosts with resources
This commit is contained in:
Sean Parkinson
2023-07-03 08:07:45 +10:00
committed by GitHub
parent a4c058649b 6052e01879
commit da4424cd0c
6 changed files with 129 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
CMakeLists.txt
View File

@ -1299,7 +1299,6 @@ endif()
# - CRL monitor # - CRL monitor
# - User crypto # - User crypto
# - Whitewood netRandom client library # - Whitewood netRandom client library
# - SNI
# - Max fragment length # - Max fragment length
# - ALPN # - ALPN
# - Trusted CA indication # - Trusted CA indication
@ -1315,8 +1314,14 @@ add_option(WOLFSSL_CRL
"Enable CRL (Use =io for inline CRL HTTP GET) (default: disabled)" "Enable CRL (Use =io for inline CRL HTTP GET) (default: disabled)"
"no" "yes;no;io") "no" "yes;no;io")
set(SNI_DEFAULT "no")
if(("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "x86_64|x86|AMD64|arm64") OR
("${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "aarch64"))
set(SNI_DEFAULT "yes")
endif()
set(WOLFSSL_SNI_HELP_STRING "Enable SNI (default: disabled)") set(WOLFSSL_SNI_HELP_STRING "Enable SNI (default: disabled)")
add_option(WOLFSSL_SNI ${WOLFSSL_SNI_HELP_STRING} "no" "yes;no") add_option(WOLFSSL_SNI ${WOLFSSL_SNI_HELP_STRING} ${SNI_DEFAULT} "yes;no")
set(WOLFSSL_TLSX_HELP_STRING "Enable all TLS Extensions (default: disabled)") set(WOLFSSL_TLSX_HELP_STRING "Enable all TLS Extensions (default: disabled)")
add_option(WOLFSSL_TLSX ${WOLFSSL_TLSX_HELP_STRING} "no" "yes;no") add_option(WOLFSSL_TLSX ${WOLFSSL_TLSX_HELP_STRING} "no" "yes;no")

17
configure.ac
View File

@ -4971,21 +4971,22 @@ AC_ARG_WITH([wnr],
# SNI # SNI
# enable SNI automatically for x86_64/x86/aarch64/amd64
SNI_DEFAULT=no
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "x86" || test "$host_cpu" = "aarch64" || test "$host_cpu" = "amd64"
then
SNI_DEFAULT=yes
fi
AC_ARG_ENABLE([sni], AC_ARG_ENABLE([sni],
[AS_HELP_STRING([--enable-sni],[Enable SNI (default: disabled)])], [AS_HELP_STRING([--enable-sni],[Enable SNI (default: enabled on x86_64/x86/aarch64/amd64)])],
[ ENABLED_SNI=$enableval ], [ ENABLED_SNI=$enableval ],
[ ENABLED_SNI=no ] [ ENABLED_SNI=$SNI_DEFAULT ]
) )
if test "x$ENABLED_QT" = "xyes" if test "x$ENABLED_QT" = "xyes" || test "$ENABLED_QUIC" = "yes"
then then
ENABLED_SNI="yes" ENABLED_SNI="yes"
fi fi
if test "$ENABLED_QUIC" = "yes"
then
ENABLED_SNI=yes
fi
if test "x$ENABLED_SNI" = "xyes" if test "x$ENABLED_SNI" = "xyes"
then then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI" AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_SNI"

180
tests/api.c
View File

@ -47,6 +47,20 @@
#endif #endif
#if defined(WOLFSSL_STATIC_MEMORY) #if defined(WOLFSSL_STATIC_MEMORY)
#include <wolfssl/wolfcrypt/memory.h> #include <wolfssl/wolfcrypt/memory.h>
#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY)
#if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \
defined(SESSION_CERTS)
#ifdef OPENSSL_EXTRA
#define TEST_TLS_STATIC_MEMSZ (400000)
#else
#define TEST_TLS_STATIC_MEMSZ (320000)
#endif
#else
#define TEST_TLS_STATIC_MEMSZ (80000)
#endif
#endif
#endif /* WOLFSSL_STATIC_MEMORY */ #endif /* WOLFSSL_STATIC_MEMORY */
#ifndef HEAP_HINT #ifndef HEAP_HINT
#define HEAP_HINT NULL #define HEAP_HINT NULL
@ -6800,11 +6814,11 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
} }
#else #else
ctx = wolfSSL_CTX_new(callbacks->method()); ctx = wolfSSL_CTX_new(callbacks->method());
#endif
if (ctx == NULL) { if (ctx == NULL) {
fprintf(stderr, "CTX new failed\n"); fprintf(stderr, "CTX new failed\n");
goto cleanup; goto cleanup;
} }
#endif
/* set defaults */ /* set defaults */
if (callbacks->caPemFile == NULL) if (callbacks->caPemFile == NULL)
@ -7053,14 +7067,12 @@ static void run_wolfssl_client(void* args)
} }
} }
#else #else
if (ctx == NULL) { ctx = wolfSSL_CTX_new(callbacks->method());
ctx = wolfSSL_CTX_new(callbacks->method()); #endif
}
if (ctx == NULL) { if (ctx == NULL) {
fprintf(stderr, "CTX new failed\n"); fprintf(stderr, "CTX new failed\n");
goto cleanup; goto cleanup;
} }
#endif
#ifdef WOLFSSL_TIRTOS #ifdef WOLFSSL_TIRTOS
fdOpenSession(Task_self()); fdOpenSession(Task_self());
@ -9353,90 +9365,117 @@ static int test_wolfSSL_UseSNI_connection(void)
callback_functions client_cb; callback_functions client_cb;
callback_functions server_cb; callback_functions server_cb;
size_t i; size_t i;
#ifdef WOLFSSL_STATIC_MEMORY
byte cliMem[TEST_TLS_STATIC_MEMSZ];
byte svrMem[TEST_TLS_STATIC_MEMSZ];
#endif
struct { struct {
method_provider client_meth; method_provider client_meth;
method_provider server_meth; method_provider server_meth;
#ifdef WOLFSSL_STATIC_MEMORY
wolfSSL_method_func client_meth_ex;
wolfSSL_method_func server_meth_ex;
#endif
} methods[] = { } methods[] = {
#if defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_TLS13) #if defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_TLS13)
{wolfSSLv23_client_method, wolfSSLv23_server_method}, {wolfSSLv23_client_method, wolfSSLv23_server_method
#ifdef WOLFSSL_STATIC_MEMORY
,wolfSSLv23_client_method_ex, wolfSSLv23_server_method_ex
#endif
},
#endif #endif
#ifndef WOLFSSL_NO_TLS12 #ifndef WOLFSSL_NO_TLS12
{wolfTLSv1_2_client_method, wolfTLSv1_2_server_method}, {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method
#ifdef WOLFSSL_STATIC_MEMORY
,wolfTLSv1_2_client_method_ex, wolfTLSv1_2_server_method_ex
#endif
},
#endif #endif
#ifdef WOLFSSL_TLS13 #ifdef WOLFSSL_TLS13
{wolfTLSv1_3_client_method, wolfTLSv1_3_server_method}, {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method
#ifdef WOLFSSL_STATIC_MEMORY
,wolfTLSv1_3_client_method_ex, wolfTLSv1_3_server_method_ex
#endif
},
#endif #endif
}; };
size_t methodsSz = sizeof(methods) / sizeof(*methods); size_t methodsSz = sizeof(methods) / sizeof(*methods);
for (i = 0; i < methodsSz; i++) { for (i = 0; i < methodsSz; i++) {
XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&client_cb, 0, sizeof(callback_functions));
XMEMSET(&server_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions));
client_cb.method = methods[i].client_meth; client_cb.method = methods[i].client_meth;
server_cb.method = methods[i].server_meth; server_cb.method = methods[i].server_meth;
client_cb.devId = testDevId; client_cb.devId = testDevId;
server_cb.devId = testDevId; server_cb.devId = testDevId;
#ifdef WOLFSSL_STATIC_MEMORY
client_cb.method_ex = methods[i].client_meth_ex;
server_cb.method_ex = methods[i].server_meth_ex;
client_cb.mem = cliMem;
client_cb.memSz = (word32)sizeof(cliMem);
server_cb.mem = svrMem;
server_cb.memSz = (word32)sizeof(svrMem);;
#endif
/* success case at ctx */ /* success case at ctx */
printf("success case at ctx\n"); printf("\n\tsuccess case at ctx\n");
client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
server_cb.ctx_ready = use_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching; server_cb.ctx_ready = use_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching;
test_wolfSSL_client_server(&client_cb, &server_cb); test_wolfSSL_client_server(&client_cb, &server_cb);
/* success case at ssl */ /* success case at ssl */
printf("success case at ssl\n"); printf("\tsuccess case at ssl\n");
client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_SNI_at_ssl; client_cb.on_result = verify_SNI_real_matching; client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_SNI_at_ssl; client_cb.on_result = verify_SNI_real_matching;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_real_matching; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_real_matching;
test_wolfSSL_client_server(&client_cb, &server_cb); test_wolfSSL_client_server(&client_cb, &server_cb);
/* default mismatch behavior */ /* default mismatch behavior */
printf("default mismatch behavior\n"); printf("\tdefault mismatch behavior\n");
client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = verify_FATAL_ERROR_on_client; client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = verify_FATAL_ERROR_on_client;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_UNKNOWN_SNI_on_server; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_UNKNOWN_SNI_on_server;
test_wolfSSL_client_server(&client_cb, &server_cb); test_wolfSSL_client_server(&client_cb, &server_cb);
/* continue on mismatch */ /* continue on mismatch */
printf("continue on mismatch\n"); printf("\tcontinue on mismatch\n");
client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl; server_cb.on_result = verify_SNI_no_matching; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl; server_cb.on_result = verify_SNI_no_matching;
test_wolfSSL_client_server(&client_cb, &server_cb); test_wolfSSL_client_server(&client_cb, &server_cb);
/* fake answer on mismatch */ /* fake answer on mismatch */
printf("fake answer on mismatch\n"); printf("\tfake answer on mismatch\n");
client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl; server_cb.on_result = verify_SNI_fake_matching; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl; server_cb.on_result = verify_SNI_fake_matching;
test_wolfSSL_client_server(&client_cb, &server_cb); test_wolfSSL_client_server(&client_cb, &server_cb);
/* sni abort - success */ /* sni abort - success */
printf("sni abort - success\n"); printf("\tsni abort - success\n");
client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching; server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching;
test_wolfSSL_client_server(&client_cb, &server_cb); test_wolfSSL_client_server(&client_cb, &server_cb);
/* sni abort - abort when absent (ctx) */ /* sni abort - abort when absent (ctx) */
printf("sni abort - abort when absent (ctx)\n"); printf("\tsni abort - abort when absent (ctx)\n");
client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client; client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client;
server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_ABSENT_on_server; server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_ABSENT_on_server;
test_wolfSSL_client_server(&client_cb, &server_cb); test_wolfSSL_client_server(&client_cb, &server_cb);
/* sni abort - abort when absent (ssl) */ /* sni abort - abort when absent (ssl) */
printf("sni abort - abort when absent (ssl)\n"); printf("\tsni abort - abort when absent (ssl)\n");
client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client; client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client;
server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_MANDATORY_SNI_at_ssl; server_cb.on_result = verify_SNI_ABSENT_on_server; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_MANDATORY_SNI_at_ssl; server_cb.on_result = verify_SNI_ABSENT_on_server;
test_wolfSSL_client_server(&client_cb, &server_cb); test_wolfSSL_client_server(&client_cb, &server_cb);
/* sni abort - success when overwritten */ /* sni abort - success when overwritten */
printf("sni abort - success when overwritten\n"); printf("\tsni abort - success when overwritten\n");
client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL;
server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_no_matching; server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_no_matching;
test_wolfSSL_client_server(&client_cb, &server_cb); test_wolfSSL_client_server(&client_cb, &server_cb);
/* sni abort - success when allowing mismatches */ /* sni abort - success when allowing mismatches */
printf("sni abort - success when allowing mismatches\n"); printf("\tsni abort - success when allowing mismatches\n");
client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL;
server_cb.ctx_ready = use_PSEUDO_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_fake_matching; server_cb.ctx_ready = use_PSEUDO_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_fake_matching;
test_wolfSSL_client_server(&client_cb, &server_cb); test_wolfSSL_client_server(&client_cb, &server_cb);
} }
res = TEST_RES_CHECK(1); res = TEST_RES_CHECK(1);
@ -57657,17 +57696,6 @@ static int test_wolfSSL_CTX_StaticMemory_TLS(int tlsVer,
#endif /* WOLFSSL_STATIC_MEMORY && HAVE_IO_TESTS_DEPENDENCIES */ #endif /* WOLFSSL_STATIC_MEMORY && HAVE_IO_TESTS_DEPENDENCIES */
#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) #if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY)
#if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \
defined(SESSION_CERTS)
#ifdef OPENSSL_EXTRA
#define TEST_TLS_STATIC_MEMSZ (400000)
#else
#define TEST_TLS_STATIC_MEMSZ (320000)
#endif
#else
#define TEST_TLS_STATIC_MEMSZ (80000)
#endif
static int test_wolfSSL_CTX_StaticMemory_SSL(WOLFSSL_CTX* ctx) static int test_wolfSSL_CTX_StaticMemory_SSL(WOLFSSL_CTX* ctx)
{ {
EXPECT_DECLS; EXPECT_DECLS;

2
wolfcrypt/src/wc_port.c
View File

@ -385,7 +385,7 @@ int wolfCrypt_Init(void)
return ret; return ret;
} }
#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE #if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY)
long wolfCrypt_heap_peakAllocs_checkpoint(void) { long wolfCrypt_heap_peakAllocs_checkpoint(void) {
long ret = ourMemStats.peakAllocsTripOdometer; long ret = ourMemStats.peakAllocsTripOdometer;
ourMemStats.peakAllocsTripOdometer = ourMemStats.totalAllocs - ourMemStats.peakAllocsTripOdometer = ourMemStats.totalAllocs -

8
wolfcrypt/test/test.c
View File

@ -55,7 +55,7 @@
#endif #endif
#endif #endif
#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE #if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY)
#ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS #ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS
static ssize_t max_relative_heap_allocs = WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS; static ssize_t max_relative_heap_allocs = WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS;
#else #else
@ -84,7 +84,7 @@
} }
#else #else
#define PRINT_HEAP_CHECKPOINT() #define PRINT_HEAP_CHECKPOINT()
#endif #endif /* WOLFSSL_TRACK_MEMORY_VERBOSE && !WOLFSSL_STATIC_MEMORY */
#ifdef USE_FLAT_TEST_H #ifdef USE_FLAT_TEST_H
#ifdef HAVE_CONFIG_H #ifdef HAVE_CONFIG_H
@ -832,7 +832,7 @@ wc_test_ret_t wolfcrypt_test(void* args)
#endif #endif
{ {
wc_test_ret_t ret; wc_test_ret_t ret;
#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE #if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY)
long heap_baselineAllocs, heap_baselineBytes; long heap_baselineAllocs, heap_baselineBytes;
#endif #endif
#ifdef TEST_ALWAYS_RUN_TO_END #ifdef TEST_ALWAYS_RUN_TO_END
@ -840,7 +840,7 @@ wc_test_ret_t wolfcrypt_test(void* args)
#endif #endif
STACK_SIZE_INIT(); STACK_SIZE_INIT();
#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE #if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY)
(void)wolfCrypt_heap_peakAllocs_checkpoint(); (void)wolfCrypt_heap_peakAllocs_checkpoint();
heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint(); heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint();
(void)wolfCrypt_heap_peakBytes_checkpoint(); (void)wolfCrypt_heap_peakBytes_checkpoint();

6
wolfssl/test.h
View File

@ -2903,7 +2903,8 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
char buffer[WOLFSSL_MAX_ERROR_SZ]; char buffer[WOLFSSL_MAX_ERROR_SZ];
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_X509* peer; WOLFSSL_X509* peer;
#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) #if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) && \
!defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_BIO* bio = NULL; WOLFSSL_BIO* bio = NULL;
WOLFSSL_STACK* sk = NULL; WOLFSSL_STACK* sk = NULL;
X509* x509 = NULL; X509* x509 = NULL;
@ -2948,7 +2949,8 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) #if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) && \
!defined(OPENSSL_EXTRA_X509_SMALL)
/* avoid printing duplicate certs */ /* avoid printing duplicate certs */
if (store->depth == 1) { if (store->depth == 1) {
int i; int i;