mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-03 20:54:41 +02:00
define KEEP_OUR_CERT to set keeping ssl certificate
This commit is contained in:
Jacob Barthelmeh
@@ -643,7 +643,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
|
|||||||
#ifndef NO_CERTS
|
#ifndef NO_CERTS
|
||||||
FreeDer(&ctx->privateKey);
|
FreeDer(&ctx->privateKey);
|
||||||
FreeDer(&ctx->certificate);
|
FreeDer(&ctx->certificate);
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef KEEP_OUR_CERT
|
||||||
FreeX509(ctx->ourCert);
|
FreeX509(ctx->ourCert);
|
||||||
if (ctx->ourCert) {
|
if (ctx->ourCert) {
|
||||||
XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
|
XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
|
||||||
|
|||||||
18
src/ssl.c
18
src/ssl.c
@@ -3468,7 +3468,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
|||||||
/* Make sure previous is free'd */
|
/* Make sure previous is free'd */
|
||||||
if (ssl->buffers.weOwnCert) {
|
if (ssl->buffers.weOwnCert) {
|
||||||
FreeDer(&ssl->buffers.certificate);
|
FreeDer(&ssl->buffers.certificate);
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef KEEP_OUR_CERT
|
||||||
FreeX509(ssl->ourCert);
|
FreeX509(ssl->ourCert);
|
||||||
if (ssl->ourCert) {
|
if (ssl->ourCert) {
|
||||||
XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
|
XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
|
||||||
@@ -3477,14 +3477,14 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
XMEMCPY(&ssl->buffers.certificate, &der, sizeof(der));
|
XMEMCPY(&ssl->buffers.certificate, &der, sizeof(der));
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef KEEP_OUR_CERT
|
||||||
ssl->keepCert = 1; /* hold cert for ssl lifetime */
|
ssl->keepCert = 1; /* hold cert for ssl lifetime */
|
||||||
#endif
|
#endif
|
||||||
ssl->buffers.weOwnCert = 1;
|
ssl->buffers.weOwnCert = 1;
|
||||||
}
|
}
|
||||||
else if (ctx) {
|
else if (ctx) {
|
||||||
FreeDer(&ctx->certificate); /* Make sure previous is free'd */
|
FreeDer(&ctx->certificate); /* Make sure previous is free'd */
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef KEEP_OUR_CERT
|
||||||
FreeX509(ctx->ourCert);
|
FreeX509(ctx->ourCert);
|
||||||
if (ctx->ourCert) {
|
if (ctx->ourCert) {
|
||||||
XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
|
XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
|
||||||
@@ -8037,7 +8037,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||||||
if (ssl->buffers.weOwnCert && !ssl->keepCert) {
|
if (ssl->buffers.weOwnCert && !ssl->keepCert) {
|
||||||
WOLFSSL_MSG("Unloading cert");
|
WOLFSSL_MSG("Unloading cert");
|
||||||
FreeDer(&ssl->buffers.certificate);
|
FreeDer(&ssl->buffers.certificate);
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef KEEP_OUR_CERT
|
||||||
FreeX509(ssl->ourCert);
|
FreeX509(ssl->ourCert);
|
||||||
if (ssl->ourCert) {
|
if (ssl->ourCert) {
|
||||||
XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
|
XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
|
||||||
@@ -10756,7 +10756,9 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
|
|||||||
|
|
||||||
#endif /* KEEP_PEER_CERT || SESSION_CERTS */
|
#endif /* KEEP_PEER_CERT || SESSION_CERTS */
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA /* needed for wolfSSL_X509_d21 function */
|
/* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function
|
||||||
|
KEEP_OUR_CERT is to insure ability for returning ssl certificate */
|
||||||
|
#if defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
|
||||||
WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
|
WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
|
||||||
{
|
{
|
||||||
if (ssl == NULL) {
|
if (ssl == NULL) {
|
||||||
@@ -10785,7 +10787,7 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA && KEEP_OUR_CERT */
|
||||||
#endif /* NO_CERTS */
|
#endif /* NO_CERTS */
|
||||||
|
|
||||||
|
|
||||||
@@ -11192,6 +11194,10 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher)
|
|||||||
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
|
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
|
||||||
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
|
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
|
||||||
return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
|
return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
|
||||||
|
#ifndef NO_DES3
|
||||||
|
case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
|
||||||
|
return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
#ifndef NO_HC128
|
#ifndef NO_HC128
|
||||||
#ifndef NO_MD5
|
#ifndef NO_MD5
|
||||||
|
|||||||
@@ -1903,7 +1903,7 @@ struct WOLFSSL_CTX {
|
|||||||
DerBuffer* privateKey;
|
DerBuffer* privateKey;
|
||||||
WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
|
WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
|
||||||
#endif
|
#endif
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef KEEP_OUR_CERT
|
||||||
WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */
|
WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */
|
||||||
#endif
|
#endif
|
||||||
Suites* suites; /* make dynamic, user may not need/set */
|
Suites* suites; /* make dynamic, user may not need/set */
|
||||||
@@ -2726,7 +2726,7 @@ struct WOLFSSL {
|
|||||||
#ifdef KEEP_PEER_CERT
|
#ifdef KEEP_PEER_CERT
|
||||||
WOLFSSL_X509 peerCert; /* X509 peer cert */
|
WOLFSSL_X509 peerCert; /* X509 peer cert */
|
||||||
#endif
|
#endif
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef KEEP_OUR_CERT
|
||||||
WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert.
|
WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert.
|
||||||
points to ctx if not owned (owned
|
points to ctx if not owned (owned
|
||||||
flag found in buffers.weOwnCert) */
|
flag found in buffers.weOwnCert) */
|
||||||
|
|||||||
@@ -1012,7 +1012,7 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
|
|||||||
const unsigned char*, long);
|
const unsigned char*, long);
|
||||||
WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*);
|
WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*);
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#if defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
|
||||||
WOLFSSL_API WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl);
|
WOLFSSL_API WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl);
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -495,7 +495,7 @@ static INLINE void showPeer(WOLFSSL* ssl)
|
|||||||
printf("peer has no cert!\n");
|
printf("peer has no cert!\n");
|
||||||
wolfSSL_FreeX509(peer);
|
wolfSSL_FreeX509(peer);
|
||||||
#endif
|
#endif
|
||||||
#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA)
|
#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
|
||||||
ShowX509(wolfSSL_get_certificate(ssl), "our cert info:");
|
ShowX509(wolfSSL_get_certificate(ssl), "our cert info:");
|
||||||
#endif /* SHOW_CERTS */
|
#endif /* SHOW_CERTS */
|
||||||
printf("SSL version is %s\n", wolfSSL_get_version(ssl));
|
printf("SSL version is %s\n", wolfSSL_get_version(ssl));
|
||||||
|
|||||||
Reference in New Issue
Block a user