diff --git a/src/ssl.c b/src/ssl.c index 284dad50b..d8b5bd21c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -25743,6 +25743,68 @@ char* wolfSSL_CONF_get1_default_config_file(void) return NULL; } #endif + + +WOLFSSL_X509_VERIFY_PARAM* wolfSSL_X509_VERIFY_PARAM_new(void) +{ + WOLFSSL_X509_VERIFY_PARAM *param = NULL; + param = XMALLOC(sizeof(WOLFSSL_X509_VERIFY_PARAM), NULL, + DYNAMIC_TYPE_OPENSSL); + if (param != NULL) + XMEMSET(param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM )); + + return(param); +} + + +void wolfSSL_X509_VERIFY_PARAM_free(WOLFSSL_X509_VERIFY_PARAM *param) +{ + if (param != NULL) + XFREE(param, NULL, DYNAMIC_TYPE_OPENSSL); +} + + +/* Sets flags by OR'ing with existing value. */ +int wolfSSL_X509_VERIFY_PARAM_set_flags(WOLFSSL_X509_VERIFY_PARAM *param, + unsigned long flags) +{ + int ret = WOLFSSL_FAILURE; + + if (param != NULL) { + param->flags |= flags; + ret = WOLFSSL_SUCCESS; + } + + return ret; +} + + +int wolfSSL_X509_VERIFY_PARAM_get_flags(WOLFSSL_X509_VERIFY_PARAM *param) +{ + int ret = 0; + + if (param != NULL) { + ret = param->flags; + } + + return ret; +} + + +int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param, + unsigned long flags) +{ + int ret = WOLFSSL_FAILURE; + + if (param != NULL) { + param->flags &= ~flags; + ret = WOLFSSL_SUCCESS; + } + + return ret; +} + + /****************************************************************************** * wolfSSL_X509_VERIFY_PARAM_set1_host - sets the DNS hostname to name * hostnames is cleared if name is NULL or empty. diff --git a/tests/api.c b/tests/api.c index e51b7434d..81a4a221b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -29793,11 +29793,7 @@ static void test_wolfSSL_X509_VERIFY_PARAM(void) printf(testingFmt, "wolfSSL_X509()"); - /* Initializer function is not ported */ - /* param = wolfSSL_X509_VERIFY_PARAM_new(); */ - - param = (WOLFSSL_X509_VERIFY_PARAM *)XMALLOC( - sizeof(WOLFSSL_X509_VERIFY_PARAM), NULL, DYNAMIC_TYPE_OPENSSL); + param = wolfSSL_X509_VERIFY_PARAM_new(); AssertNotNull(param); XMEMSET(param, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM )); @@ -29821,7 +29817,19 @@ static void test_wolfSSL_X509_VERIFY_PARAM(void) AssertIntEQ(1, ret); AssertIntEQ(0, XSTRNCMP(param->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); - XFREE(param, NULL, DYNAMIC_TYPE_OPENSSL); + ret = wolfSSL_X509_VERIFY_PARAM_set_flags(param, WOLFSSL_CRL_CHECKALL); + AssertIntEQ(1, ret); + + ret = wolfSSL_X509_VERIFY_PARAM_get_flags(param); + AssertIntEQ(WOLFSSL_CRL_CHECKALL, ret); + + ret = wolfSSL_X509_VERIFY_PARAM_clear_flags(param, WOLFSSL_CRL_CHECKALL); + AssertIntEQ(1, ret); + + ret = wolfSSL_X509_VERIFY_PARAM_get_flags(param); + AssertIntEQ(0, ret); + + wolfSSL_X509_VERIFY_PARAM_free(param); printf(resultFmt, passed); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 95c0fdb57..eeea765a4 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -586,6 +586,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject #define X509_STORE_CTX_get1_issuer wolfSSL_X509_STORE_CTX_get1_issuer #define X509_STORE_CTX_set_time wolfSSL_X509_STORE_CTX_set_time +#define X509_VERIFY_PARAM_new wolfSSL_X509_VERIFY_PARAM_new +#define X509_VERIFY_PARAM_free wolfSSL_X509_VERIFY_PARAM_free +#define X509_VERIFY_PARAM_set_flags wolfSSL_X509_VERIFY_PARAM_set_flags +#define X509_VERIFY_PARAM_get_flags wolfSSL_X509_VERIFY_PARAM_get_flags +#define X509_VERIFY_PARAM_clear_flags wolfSSL_X509_VERIFY_PARAM_clear_flags #define X509_VERIFY_PARAM_set_hostflags wolfSSL_X509_VERIFY_PARAM_set_hostflags #define X509_VERIFY_PARAM_set1_host wolfSSL_X509_VERIFY_PARAM_set1_host #define X509_VERIFY_PARAM_set1_ip_asc wolfSSL_X509_VERIFY_PARAM_set1_ip_asc diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index b32aaf7d9..723a8f61a 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1505,6 +1505,13 @@ WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*); WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX*, unsigned long flags, time_t t); +WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM* wolfSSL_X509_VERIFY_PARAM_new(void); +WOLFSSL_API void wolfSSL_X509_VERIFY_PARAM_free(WOLFSSL_X509_VERIFY_PARAM *param); +WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set_flags(WOLFSSL_X509_VERIFY_PARAM *param, + unsigned long flags); +WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_get_flags(WOLFSSL_X509_VERIFY_PARAM *param); +WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param, + unsigned long flags); WOLFSSL_API void wolfSSL_X509_VERIFY_PARAM_set_hostflags( WOLFSSL_X509_VERIFY_PARAM* param, unsigned int flags); WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,