From 2e4b651b878d6c64dff874139fcfcc23b42fb7b3 Mon Sep 17 00:00:00 2001 From: John Bland Date: Fri, 21 Jul 2023 16:24:59 -0400 Subject: [PATCH] update tls13 to handle an OCSP_WANT_READ, update async client test to retry connect on OCSP_WANT_READ instead of timing out --- .github/workflows/async.yml | 3 ++- examples/client/client.c | 3 +++ src/tls13.c | 8 ++++---- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/async.yml b/.github/workflows/async.yml index 8ded76950..71b35a400 100644 --- a/.github/workflows/async.yml +++ b/.github/workflows/async.yml @@ -10,7 +10,8 @@ jobs: config: [ # Add new configs here '--enable-asynccrypt --enable-all --enable-dtls13', - '--enable-asynccrypt-sw', + '--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2', + '--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS"', ] name: make check runs-on: ubuntu-latest diff --git a/examples/client/client.c b/examples/client/client.c index 80fb64a8c..cd2f800b8 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -223,6 +223,9 @@ static int NonBlockingSSL_Connect(WOLFSSL* ssl) #ifdef WOLFSSL_ASYNC_CRYPT || error == WC_PENDING_E #endif + #ifdef WOLFSSL_NONBLOCK_OCSP + || error == OCSP_WANT_READ + #endif ) { #ifndef WOLFSSL_CALLBACKS ret = wolfSSL_connect(ssl); diff --git a/src/tls13.c b/src/tls13.c index 0262062a1..ff11ab626 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -11479,12 +11479,12 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, * == 0) */ *inOutIdx -= HANDSHAKE_HEADER_SZ; } -#endif - /* reset error */ - if (ret == 0 && ssl->error == WC_PENDING_E) + /* make sure async error is cleared */ + if (ret == 0 && (ssl->error == WC_PENDING_E || ssl->error == OCSP_WANT_READ)) { ssl->error = 0; - + } +#endif if (ret == 0 && type != client_hello && type != session_ticket && type != key_update) { ret = HashInput(ssl, input + inIdx, size);