From 3386069490b332f72fec703e8cf040a54d0a545b Mon Sep 17 00:00:00 2001 From: Hideki Miyazaki Date: Sat, 29 May 2021 10:56:26 +0900 Subject: [PATCH] add LOAD flag to be compliant with OpenSSL --- src/ssl.c | 19 +++++++++++++++++-- wolfssl/ssl.h | 4 ++++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index d64ee1d80..ebb7a9bd0 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6896,15 +6896,30 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, if (fileRet != WC_READDIR_NOFILE) { ret = fileRet; #if defined(WOLFSSL_QT) - /* qssl socket wants to know errors. */ - WOLFSSL_ERROR(ret); + if (ret == BAD_PATH_ERROR && + flags & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR) { + /* QSslSocket always loads certs in system folder + * when it is initialized. + * Compliant with OpenSSL when flag sets.*/ + ret = WOLFSSL_SUCCESS; + } + else + /* qssl socket wants to know errors. */ + WOLFSSL_ERROR(ret); #endif } /* report failure if no files were loaded or there were failures */ else if (successCount == 0 || failCount > 0) { /* use existing error code if exists */ + #if defined(WOLFSSL_QT) + /* compliant with OpenSSL when flag sets*/ + if (!(flags & WOLFSSL_LOAD_FLAG_IGNORE_ZEROFILE)) { + #endif if (ret == WOLFSSL_SUCCESS) ret = WOLFSSL_FAILURE; + #if defined(WOLFSSL_QT) + } + #endif } else { ret = WOLFSSL_SUCCESS; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index a131c6842..0e165000e 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -876,6 +876,10 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, #define WOLFSSL_LOAD_FLAG_IGNORE_ERR 0x00000001 #define WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY 0x00000002 #define WOLFSSL_LOAD_FLAG_PEM_CA_ONLY 0x00000004 +#if defined(WOLFSSL_QT) +#define WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR 0x00000008 +#define WOLFSSL_LOAD_FLAG_IGNORE_ZEROFILE 0x00000010 +#endif #ifndef WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS #define WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS WOLFSSL_LOAD_FLAG_NONE