wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

addressed review comments

Browse Source
This commit is contained in:
Hideki Miyazaki
2024-09-21 16:03:17 +09:00
parent b84a4e1c8d
commit 5105082a1f
2 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/tls13.c
View File

@ -8421,7 +8421,7 @@ static word32 NextCert(byte* data, word32 length, word32* idx)
return len; return len;
} }
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_WOLFSSL_SERVER)
/* Write certificate status request into certificate to buffer. /* Write certificate status request into certificate to buffer.
* *
* ssl SSL/TLS object. * ssl SSL/TLS object.
@ -8546,7 +8546,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
{ {
int ret = 0; int ret = 0;
word32 certSz, certChainSz, headerSz, listSz, payloadSz; word32 certSz, certChainSz, headerSz, listSz, payloadSz;
word16 extSz[1 + MAX_CERT_EXTENSIONS]; word16 extSz[MAX_CERT_EXTENSIONS];
word16 extIdx = 0; word16 extIdx = 0;
word32 maxFragment; word32 maxFragment;
word32 totalextSz = 0; word32 totalextSz = 0;
@ -8614,7 +8614,7 @@ static int SendTls13Certificate(WOLFSSL* ssl)
for (extIdx = 0; extIdx < (word16)XELEM_CNT(extSz); extIdx++) for (extIdx = 0; extIdx < (word16)XELEM_CNT(extSz); extIdx++)
extSz[extIdx] = OPAQUE16_LEN; extSz[extIdx] = OPAQUE16_LEN;
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_WOLFSSL_SERVER)
/* We only send CSR on the server side. On client side, the CSR data /* We only send CSR on the server side. On client side, the CSR data
* is populated with the server response. We would be sending the server * is populated with the server response. We would be sending the server
* its own stapling data. */ * its own stapling data. */
@ -8747,14 +8747,14 @@ static int SendTls13Certificate(WOLFSSL* ssl)
if (certSz > 0 && ssl->fragOffset < certSz + extSz[0]) { if (certSz > 0 && ssl->fragOffset < certSz + extSz[0]) {
/* Put in the leaf certificate with extensions. */ /* Put in the leaf certificate with extensions. */
word32 copySz = AddCertExt(ssl, ssl->buffers.certificate->buffer, word32 copySz = AddCertExt(ssl, ssl->buffers.certificate->buffer,
certSz, extSz[extIdx], ssl->fragOffset, fragSz, certSz, extSz[0], ssl->fragOffset, fragSz,
output + i, extIdx); output + i, 0);
i += copySz; i += copySz;
ssl->fragOffset += copySz; ssl->fragOffset += copySz;
length -= copySz; length -= copySz;
fragSz -= copySz; fragSz -= copySz;
if (ssl->fragOffset == certSz + extSz[extIdx]) if (ssl->fragOffset == certSz + extSz[0])
FreeDer(&ssl->buffers.certExts[extIdx]); FreeDer(&ssl->buffers.certExts[0]);
} }
} }
if (certChainSz > 0 && fragSz > 0) { if (certChainSz > 0 && fragSz > 0) {
@ -8771,8 +8771,11 @@ static int SendTls13Certificate(WOLFSSL* ssl)
ssl->buffers.certChain->length, &idx); ssl->buffers.certChain->length, &idx);
if (len == 0) if (len == 0)
break; break;
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
!defined(NO_WOLFSSL_SERVER)
if (MAX_CERT_EXTENSIONS > extIdx) if (MAX_CERT_EXTENSIONS > extIdx)
extIdx++; extIdx++;
#endif
} }
/* Write out certificate and extension. */ /* Write out certificate and extension. */
l = AddCertExt(ssl, p, len, extSz[extIdx], offset, fragSz, l = AddCertExt(ssl, p, len, extSz[extIdx], offset, fragSz,

7
wolfssl/internal.h
View File

@ -2024,6 +2024,13 @@ enum Misc {
#define MAX_CHAIN_DEPTH 9 #define MAX_CHAIN_DEPTH 9
#endif #endif
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
#if !defined(HAVE_OCSP)
#error OCSP Stapling and Stapling V2 needs OCSP. Please define HAVE_OCSP.
#endif
#endif
/* Max certificate extensions in TLS1.3 */ /* Max certificate extensions in TLS1.3 */
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) #if defined(HAVE_CERTIFICATE_STATUS_REQUEST)
/* Number of extensions to set each OCSP response */ /* Number of extensions to set each OCSP response */