wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-04-29 15:53:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

HaProxy 2.4-dev18 support

Browse Source 
*This patch is dependent on https://github.com/wolfSSL/wolfssl/pull/3871 because proto version selection logic is refactored in that pull request.*
This patch contains the following changes:
- Enable more options with `--enable-haproxy`
- Compatibility layer additions
    - `STACK_TYPE_X509_OBJ`
    - `OCSP_id_cmp`
    - `X509_STORE_get0_objects`
    - `X509V3_EXT_nconf_nid`
    - `X509V3_EXT_nconf`
    - `X509_chain_up_ref`
    - `X509_NAME_hash`
    - `sk_X509_NAME_new_null`
    - `X509_OBJECT_get0_X509`
    - `X509_OBJECT_get0_X509_CRL`
    - `ASN1_OCTET_STRING_free`
    - `X509_LOOKUP_TYPE`
    - `OSSL_HANDSHAKE_STATE`
- New `OPENSSL_COMPATIBLE_DEFAULTS` define will set default behaviour that is compatible with OpenSSL
    - WOLFSSL_CTX
        - Enable all compiled in protocols
        - Allow anonymous ciphers
        - Set message grouping
        - Set verify to SSL_VERIFY_NONE
- In `SetSSL_CTX`, don't change `send` and `recv` callback if currently using `BIO`
- `ssl->peerVerifyRet`
    - Return first that occured
    - Set correct value on date error
    - Set revoked error on OCSP or CRL error
    - Save value in session and restore on resumption
    - Add to session serialization
- With `OPENSSL_EXTRA`, send an alert on invalid downgrade attempt
- Handle sni callback `SSL_TLSEXT_ERR_NOACK`
- Add `WOLFSSL_VERIFY_DEFAULT` option for `wolfSSL_CTX_set_verify` and `wolfSSL_set_verify` to allow resetting to default behaviour
This commit is contained in:
Juliusz Sosinowicz
2021-04-20 16:15:42 +02:00
parent 197b959916
commit 1b6b16c2c3
19 changed files with 1107 additions and 204 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/wolfio.c
+14 -1
View File
@@ -180,6 +180,12 @@ int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx)
return recvd;
}
/* If retry and read flags are set, return WANT_READ */
if ((ssl->biord->flags & WOLFSSL_BIO_FLAG_READ) &&
(ssl->biord->flags & WOLFSSL_BIO_FLAG_RETRY)) {
return WOLFSSL_CBIO_ERR_WANT_READ;
}
WOLFSSL_MSG("BIO general error");
return WOLFSSL_CBIO_ERR_GENERAL;
}
@@ -211,13 +217,20 @@ int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx)
}
sent = wolfSSL_BIO_write(ssl->biowr, buf, sz);
if (sent < 0) {
if (sent <= 0) {
if (ssl->biowr->type == WOLFSSL_BIO_SOCKET) {
#ifdef USE_WOLFSSL_IO
sent = TranslateIoError(sent);
#endif
return sent;
}
/* If retry and write flags are set, return WANT_WRITE */
if ((ssl->biord->flags & WOLFSSL_BIO_FLAG_WRITE) &&
(ssl->biord->flags & WOLFSSL_BIO_FLAG_RETRY)) {
return WOLFSSL_CBIO_ERR_WANT_WRITE;
}
return WOLFSSL_CBIO_ERR_GENERAL;
}
(void)ctx;