From 03e5d109c7d5386bb7a6388e30a6d310e0941bbe Mon Sep 17 00:00:00 2001 From: Tesfa Mael Date: Fri, 16 Jun 2023 12:12:06 -0700 Subject: [PATCH] Add test_wolfSSL_dup_CA_list --- src/internal.c | 14 ++++++++++++-- src/ssl.c | 3 ++- src/x509_str.c | 6 ++++-- tests/api.c | 38 +++++++++++++++++++++++++++++++++++++- 4 files changed, 55 insertions(+), 6 deletions(-) diff --git a/src/internal.c b/src/internal.c index 8ef419095..7792d68de 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6238,8 +6238,18 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) /* Don't change version on a SSL object that has already started a * handshake */ #if defined(WOLFSSL_HAPROXY) - ssl->initial_ctx = ctx; /* Save access to session key materials */ - wolfSSL_CTX_up_ref(ctx); + ret = wolfSSL_CTX_up_ref(ctx); + if (ret == WOLFSSL_SUCCESS) { + ssl->initial_ctx = ctx; /* Save access to session key materials */ + } + else { + #ifdef WOLFSSL_REFCNT_ERROR_RETURN + return ret; + #else + (void)ret; + #endif + } + #endif if (!ssl->msgsReceived.got_client_hello && !ssl->msgsReceived.got_server_hello) diff --git a/src/ssl.c b/src/ssl.c index bc21e2dbe..4c4aede93 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4511,8 +4511,9 @@ int wolfSSL_get_error(WOLFSSL* ssl, int ret) return WOLFSSL_ERROR_ZERO_RETURN; /* convert to OpenSSL type */ #if defined(WOLFSSL_HAPROXY) return GetX509Error(ssl->error); -#endif +#else return (ssl->error); +#endif } diff --git a/src/x509_str.c b/src/x509_str.c index 4e91af864..1ac305328 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -979,10 +979,12 @@ int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag) if (store == NULL) return WOLFSSL_FAILURE; - if ((flag & WOLFSSL_CRL_CHECKALL) || (flag & WOLFSSL_CRL_CHECK) || - flag == 0 ) { + if ((flag & WOLFSSL_CRL_CHECKALL) || (flag & WOLFSSL_CRL_CHECK)) { ret = wolfSSL_CertManagerEnableCRL(store->cm, (int)flag); } + else if (flag == 0) { + ret = wolfSSL_CertManagerDisableCRL(store->cm); + } return ret; } diff --git a/tests/api.c b/tests/api.c index af30fb1fe..06f7f625a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -50277,7 +50277,43 @@ static int test_wolfSSL_X509_STORE_get1_certs(void) #endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */ return EXPECT_RESULT(); } +static int test_wolfSSL_dup_CA_list(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_ALL) + EXPECT_DECLS; + STACK_OF(X509_NAME) *originalStack = NULL; + STACK_OF(X509_NAME) *copyStack = NULL; + int originalCount = 0; + int copyCount = 0; + X509_NAME *name = NULL; + int i; + originalStack = sk_X509_NAME_new_null(); + ExpectNotNull(originalStack); + + for (i = 0; i < 3; i++) { + name = X509_NAME_new(); + ExpectNotNull(name); + AssertIntEQ(sk_X509_NAME_push(originalStack, name), WOLFSSL_SUCCESS); + } + + copyStack = SSL_dup_CA_list(originalStack); + ExpectNotNull(copyStack); + originalCount = sk_X509_NAME_num(originalStack); + copyCount = sk_X509_NAME_num(copyStack); + + AssertIntEQ(originalCount, copyCount); + sk_X509_NAME_pop_free(originalStack, X509_NAME_free); + sk_X509_NAME_pop_free(copyStack, X509_NAME_free); + + originalStack = NULL; + copyStack = NULL; + + res = EXPECT_RESULT(); +#endif /* OPENSSL_ALL */ + return res; +} /* include misc.c here regardless of NO_INLINE, because misc.c implementations * have default (hidden) visibility, and in the absence of visibility, it's * benign to mask out the library implementation. @@ -60385,7 +60421,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_GENERAL_NAME_set0_othername), TEST_DECL(test_othername_and_SID_ext), - + TEST_DECL(test_wolfSSL_dup_CA_list), /* OpenSSL sk_X509 API test */ TEST_DECL(test_sk_X509), /* OpenSSL sk_X509_CRL API test */