add LOAD flag to be compliant with OpenSSL

2025-07-29 18:27:29 +02:00 · 2021-05-29 10:56:26 +09:00
parent af917cc55e
commit 3386069490
2 changed files with 21 additions and 2 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -6896,15 +6896,30 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
        if (fileRet != WC_READDIR_NOFILE) {
            ret = fileRet;
    #if defined(WOLFSSL_QT)
-            /* qssl socket wants to know errors. */
-            WOLFSSL_ERROR(ret);
+            if (ret == BAD_PATH_ERROR && 
+                flags & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR) {
+           /* QSslSocket always loads certs in system folder 
+            * when it is initialized.
+            * Compliant with OpenSSL when flag sets.*/
+                ret = WOLFSSL_SUCCESS;
+            }
+            else
+                /* qssl socket wants to know errors. */
+                WOLFSSL_ERROR(ret);
    #endif
        }
        /* report failure if no files were loaded or there were failures */
        else if (successCount == 0 || failCount > 0) {
            /* use existing error code if exists */
+    #if defined(WOLFSSL_QT)
+            /* compliant with OpenSSL when flag sets*/
+            if (!(flags & WOLFSSL_LOAD_FLAG_IGNORE_ZEROFILE)) {
+    #endif
            if (ret == WOLFSSL_SUCCESS)
                ret = WOLFSSL_FAILURE;
+    #if defined(WOLFSSL_QT)
+            }
+    #endif
        }
        else {
            ret = WOLFSSL_SUCCESS;
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -876,6 +876,10 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*,
 #define WOLFSSL_LOAD_FLAG_IGNORE_ERR    0x00000001
 #define WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY 0x00000002
 #define WOLFSSL_LOAD_FLAG_PEM_CA_ONLY   0x00000004
+#if defined(WOLFSSL_QT)
+#define WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR 0x00000008
+#define WOLFSSL_LOAD_FLAG_IGNORE_ZEROFILE     0x00000010
+#endif

 #ifndef WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS
 #define WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS WOLFSSL_LOAD_FLAG_NONE