feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity
18,494 Commits 28 Branches 172 Tags
1ce5951f0de4aceb51a587d54c888c0d90747427
Commit Graph

2125 Commits

Author SHA1 Message Date
JacobBarthelmeh
8225d3642b save next status with OCSP response verify 2022-11-03 22:39:47 -07:00
JacobBarthelmeh
7366a9edbd Merge pull request #5744 from SparkiDev/regression_fixes_4 
Regresssion testing fixes
 2022-10-27 11:49:52 -06:00
Sean Parkinson
fd7544ca19 Regresssion testing fixes 
Ed25519 and Ed448 need to enable certs.

If no system CA certs can't be parsed,
wolfSSL_CTX_load_system_CA_certs() will fail. Don't try test if RSA and
ECC are not enabled.

Fix benchmark.c so that e is defined when WOLFSSL_BENCHMARK_ALL defined.

MAX_LENGTH_SZ is 4 and supports lengths up to 2^24 - one byte for length
and 3 bytes of length.
(new gcc compiler fix)
 2022-10-27 17:47:48 +10:00
Hayden Roche
294a26ba0c Merge pull request #5708 from JacobBarthelmeh/OCSP 2022-10-26 15:43:15 -07:00
Jacob Barthelmeh
8d6ee0b26a minor warning fixes 2022-10-26 10:48:51 -06:00
JacobBarthelmeh
a26b89f66b fix leak with multiple entries 2022-10-26 09:29:06 -07:00
Daniel Pouzzner
baa19c1092 tests/api.c: fix 3 clang-analyzer-deadcode.DeadStores. 2022-10-25 18:17:22 -05:00
JacobBarthelmeh
29a5c04c2e add test case 2022-10-25 15:35:37 -07:00
Hayden Roche
e7a121325b Merge pull request #5720 from julek-wolfssl/nid-defines 2022-10-25 10:34:59 -07:00
Hayden Roche
2b72a50688 Merge pull request #5662 from Uriah-wolfSSL/haproxy-update-2.6.0 2022-10-25 07:47:54 -07:00
Juliusz Sosinowicz
55091c6464 Add small test 2022-10-25 13:13:14 +02:00
Uriah Pollock
19e30b081f Resolved sanitizer issue. 2022-10-24 16:27:18 -05:00
Hayden Roche
a60a15d544 Merge pull request #5721 from philljj/zd15011 2022-10-21 12:32:03 -07:00
Uriah Pollock
6aff27c5c8 Resolved valgrind issue. Updated ASN1_TIME usage per feedback. 
Refactored wolfSSL_d2i_OCSP_CERTID per feedback.
 2022-10-21 13:16:32 -05:00
Hayden Roche
fdffdd241f Merge pull request #5711 from philljj/add_SSL_set1_host 2022-10-20 15:02:24 -07:00
jordan
bfe8b9b76c correct DIST_POINT_NAME type value 2022-10-20 15:10:36 -05:00
jordan
90eefc2824 fix unit test when RSA disabled 2022-10-18 21:03:41 -05:00
Hayden Roche
b7c4ddba72 Merge pull request #5663 from lealem47/scan_build 2022-10-18 08:10:33 -07:00
Stefan Eissing
9726d1f6eb Allowing use of SSL/CTX_set_max_early_data() for client side. 
- updating english doc and test cases
 2022-10-18 10:40:18 +02:00
Lealem Amedie
327b66d3ed Miscellaneous fixes from scan-build and KDF refactor & small build fixes 2022-10-17 14:34:08 -07:00
jordan
7e35919cc0 Add SSL_set1_host 2022-10-17 16:23:38 -05:00
JacobBarthelmeh
bc1c087701 free PKCS7 in test case 2022-10-17 08:24:38 -07:00
JacobBarthelmeh
6f1db6c03a Merge pull request #5697 from cconlon/pkcs7SignedCertSet 
PKCS#7: Fix SignedData verification when signer cert is not first in SET
 2022-10-14 16:05:40 -06:00
David Garske
e2566bab21 Various build fixes: 
* Fix api.c build error with `NO_FILESYSTEM` and `WOLFSSL_CERT_EXT`.
* Fix for building tests/suites.c with static memory (missing `LARGEST_MEM_BUCKET`).
* Always expose `wc_ecc_set_rng` for compatibility.
 2022-10-13 12:49:06 -07:00
Chris Conlon
1b0171fe3e fix PKCS7 SignedData verification when signer cert is not first in SET 2022-10-13 11:03:13 -06:00
Uriah Pollock
5cbb099dc9 Updated per PR comments. 2022-10-12 14:06:57 -05:00
Uriah Pollock
9117f8b51b Added more APIs for HaProxy integration. 2022-10-12 14:06:57 -05:00
David Garske
3b33c962c4 Merge pull request #5660 from haydenroche5/load_system_root_certs 
Add support for wolfSSL_CTX_load_system_CA_certs on Windows and Mac.
 2022-10-11 08:38:57 -07:00
Daniel Pouzzner
6456b244d3 tests/api.c: refactor struct initializer using XMEMCPY() to mollify -Werror=missing-field-initializers in C++ builds. 2022-10-10 16:18:33 -05:00
Juliusz Sosinowicz
b1f97c6bc0 Merge pull request #5652 from rizlik/send_alert_on_version_mismatch 2022-10-10 11:16:11 +02:00
Hayden Roche
47ccd924c2 Merge pull request #5657 from julek-wolfssl/dtls-1.2-stateless 2022-10-09 09:31:07 -07:00
Hayden Roche
98ac4a6f9c Add ability to toggle system CA certs support. 2022-10-07 12:34:00 -07:00
Hayden Roche
5c85c8e128 Merge pull request #5658 from philljj/fix_wolfSSL_sk_X509_new 2022-10-06 17:18:03 -07:00
Hayden Roche
b50a786cb2 Add support for wolfSSL_CTX_load_system_CA_certs on Windows and Mac. 
Additionally, fix CMake build to add WOLFSSL_X86_64_BUILD when building for
x86_64.
 2022-10-06 17:12:21 -07:00
Juliusz Sosinowicz
7f42792616 DTLS 1.2: Test stateless server connection 2022-10-06 18:53:13 +02:00
Marco Oliverio
ebb378096a test: DTLSv1.2: send alert when version negotiation fails 2022-10-05 20:29:23 +02:00
Marco Oliverio
84748757b0 tests: refactor ticket-nonce-test callbacks to re-use code 2022-10-05 20:29:23 +02:00
Hayden Roche
79d9bc376f Merge pull request #5631 from dgarske/smallstack 2022-10-04 14:39:17 -07:00
jordan
984649eeac Correct wolfSSL_sk_X509_new in OpenSSL compatible API 2022-10-04 15:20:32 -05:00
David Garske
f9506dc05a Add small stack to DoClientHello Suites (360 bytes). Add small stack for DRBG health test. Refactor of the small stack into its own header, to allow easier use in other files. Minor build fixes. 2022-09-30 14:06:31 -07:00
jordan
eccba1401f fix valgrind leak in new unit test 2022-09-30 11:24:54 -05:00
jordan
0f66c90b54 implement sk_X509_shift for zd 14898 2022-09-29 23:04:31 -05:00
David Garske
ab44c89ab4 Merge pull request #5626 from haydenroche5/load_system_root_certs 
Add a function to load system CA certs into a WOLFSSL_CTX.
 2022-09-29 11:03:26 -07:00
David Garske
a5a9ab96e6 Merge pull request #5524 from rizlik/protocol_version_alerts 
Dtls13: improvements
 2022-09-29 10:59:06 -07:00
Sean Parkinson
754d274d8c Merge pull request #5593 from rizlik/ticket_nonce_size 
tls13: support ticketNonce with size bigger than MAX_TICKET_NONCE_SZ
 2022-09-29 08:11:22 +10:00
Marco Oliverio
ae4228f928 tests: add WOLFSSL_TICKE_NONCE_MALLOC tests 2022-09-28 19:54:14 +02:00
Marco Oliverio
3c60926bfa tests: silently dropping bad records after handshake in DTLS 2022-09-28 18:42:38 +02:00
Marco Oliverio
b3ecdd2ecb dtls13: support stateless cookie exchange on blocking socket 2022-09-28 18:42:38 +02:00
Marco Oliverio
400671dc7c dtls: drop non-handshake messages before cookie exchange 2022-09-28 18:42:38 +02:00
Hayden Roche
8cae05348c Add a function to load system CA certs into a WOLFSSL_CTX. 
This new function, wolfSSL_CTX_load_system_CA_certs, currently only supports
Linux-based OS's. It searches through conventional CA directories and once it
finds one, attempts to load CA certs from it. After the first directory is
found, we don't check the others.

This commit also adds a function wolfSSL_get_system_CA_dirs, which returns a
pointer to an array of directories where wolfSSL_CTX_load_system_CA_certs will
look for CA certs. This is used in a unit test, where we only want to expect
success if one of these directories actually exists on the test system.

Finally, this commit adds support for SSL_CTX_set_default_verify_paths to the
compatibility layer. It doesn't model the exact behavior of its OpenSSL
counterpart; it's mostly a wrapper around wolfSSL_CTX_load_system_CA_certs,
manipulating the return value of that function to conform to OpenSSL's
conventions.
 2022-09-28 08:50:46 -07:00