wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Implement wolfSSL_set_client_CA_list and add 'HIGH' cipher suite

Browse Source
This commit is contained in:
Juliusz Sosinowicz
2021-07-23 20:46:40 +02:00
parent b2380069f0
commit 647e007eea
6 changed files with 59 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/internal.c
View File

@@ -7075,6 +7075,14 @@ void SSL_ResourceFree(WOLFSSL* ssl)
wolfSSL_sk_X509_free(ssl->peerCertChain); wolfSSL_sk_X509_free(ssl->peerCertChain);
wolfSSL_sk_X509_free(ssl->ourCertChain); wolfSSL_sk_X509_free(ssl->ourCertChain);
#endif #endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY)
while (ssl->ca_names != NULL) {
WOLFSSL_STACK *next = ssl->ca_names->next;
wolfSSL_X509_NAME_free(ssl->ca_names->data.name);
XFREE(ssl->ca_names, NULL, DYNAMIC_TYPE_OPENSSL);
ssl->ca_names = next;
}
#endif
} }
/* Free any handshake resources no longer needed */ /* Free any handshake resources no longer needed */
@@ -18688,7 +18696,7 @@ int SendCertificateRequest(WOLFSSL* ssl)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)
/* Certificate Authorities */ /* Certificate Authorities */
names = ssl->ctx->ca_names; names = SSL_CA_NAMES(ssl);
while (names != NULL) { while (names != NULL) {
byte seq[MAX_SEQ_SZ]; byte seq[MAX_SEQ_SZ];
WOLFSSL_X509_NAME* name = names->data.name; WOLFSSL_X509_NAME* name = names->data.name;
@@ -18759,7 +18767,7 @@ int SendCertificateRequest(WOLFSSL* ssl)
c16toa((word16)dnLen, &output[i]); /* auth's */ c16toa((word16)dnLen, &output[i]); /* auth's */
i += REQ_HEADER_SZ; i += REQ_HEADER_SZ;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)
names = ssl->ctx->ca_names; names = SSL_CA_NAMES(ssl);
while (names != NULL) { while (names != NULL) {
byte seq[MAX_SEQ_SZ]; byte seq[MAX_SEQ_SZ];
WOLFSSL_X509_NAME* name = names->data.name; WOLFSSL_X509_NAME* name = names->data.name;
@@ -21105,7 +21113,7 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
} }
if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0 || if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0 ||
XSTRNCMP(next, "DEFAULT", 7) == 0) XSTRNCMP(next, "DEFAULT", 7) == 0 || XSTRNCMP(next, "HIGH", 4) == 0)
return 1; /* wolfSSL default */ return 1; /* wolfSSL default */
do { do {

22
src/ssl.c
View File

@@ -16045,6 +16045,19 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#endif #endif
} }
void wolfSSL_set_client_CA_list(WOLFSSL* ssl,
WOLF_STACK_OF(WOLFSSL_X509_NAME)* names)
{
WOLFSSL_ENTER("wolfSSL_set_client_CA_list");
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
if (ssl != NULL)
ssl->ca_names = names;
#else
(void)ssl;
(void)names;
#endif
}
/* returns the CA's set on server side or the CA's sent from server when /* returns the CA's set on server side or the CA's sent from server when
* on client side */ * on client side */
@@ -16089,8 +16102,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return NULL; return NULL;
} }
else { else {
/* currently only can be set in the CTX */ return SSL_CA_NAMES(ssl);
return ssl->ctx->ca_names;
} }
} }
#endif /* SESSION_CERTS */ #endif /* SESSION_CERTS */
@@ -16154,14 +16166,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list( WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list(
const WOLFSSL_CTX *s) const WOLFSSL_CTX *ctx)
{ {
WOLFSSL_ENTER("wolfSSL_CTX_get_client_CA_list"); WOLFSSL_ENTER("wolfSSL_CTX_get_client_CA_list");
if (s == NULL) if (ctx == NULL)
return NULL; return NULL;
return s->ca_names; return ctx->ca_names;
} }
#endif #endif

22
tests/api.c
View File

@@ -30772,16 +30772,17 @@ static void test_wolfSSL_CTX_set_client_CA_list(void)
#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \ #if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_BIO) !defined(NO_WOLFSSL_CLIENT) && !defined(NO_BIO)
WOLFSSL_CTX* ctx; WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
X509_NAME* name = NULL; X509_NAME* name = NULL;
STACK_OF(X509_NAME)* names = NULL; STACK_OF(X509_NAME)* names = NULL;
STACK_OF(X509_NAME)* ca_list = NULL; STACK_OF(X509_NAME)* ca_list = NULL;
int i, names_len; int i, names_len;
printf(testingFmt, "wolfSSL_CTX_set_client_CA_list()"); printf(testingFmt, "wolfSSL_CTX_set_client_CA_list()");
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
names = SSL_load_client_CA_file(cliCertFile); names = SSL_load_client_CA_file(cliCertFile);
AssertNotNull(names); AssertNotNull(names);
SSL_CTX_set_client_CA_list(ctx,names); SSL_CTX_set_client_CA_list(ctx, names);
AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx)); AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
AssertIntGT((names_len = sk_X509_NAME_num(names)), 0); AssertIntGT((names_len = sk_X509_NAME_num(names)), 0);
@@ -30790,6 +30791,23 @@ static void test_wolfSSL_CTX_set_client_CA_list(void)
AssertIntEQ(sk_X509_NAME_find(names, name), i); AssertIntEQ(sk_X509_NAME_find(names, name), i);
} }
/* Needed to be able to create ssl object */
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
AssertNotNull(ssl = wolfSSL_new(ctx));
/* laod again as old names are responsibility of ctx to free */
names = SSL_load_client_CA_file(cliCertFile);
AssertNotNull(names);
SSL_set_client_CA_list(ssl, names);
AssertNotNull(ca_list = SSL_get_client_CA_list(ssl));
AssertIntGT((names_len = sk_X509_NAME_num(names)), 0);
for (i=0; i<names_len; i++) {
AssertNotNull(name = sk_X509_NAME_value(names, i));
AssertIntEQ(sk_X509_NAME_find(names, name), i);
}
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx);
printf(resultFmt, passed); printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT && !NO_BIO */ #endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT && !NO_BIO */

6
wolfssl/internal.h
View File

@@ -4508,6 +4508,9 @@ struct WOLFSSL {
byte clientFinished[TLS_FINISHED_SZ]; byte clientFinished[TLS_FINISHED_SZ];
byte serverFinished[TLS_FINISHED_SZ]; byte serverFinished[TLS_FINISHED_SZ];
#endif #endif
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY)
WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names;
#endif
}; };
/* /*
@@ -4524,6 +4527,9 @@ struct WOLFSSL {
#define SSL_CM(ssl) ssl->ctx->cm #define SSL_CM(ssl) ssl->ctx->cm
#endif #endif
#define SSL_CA_NAMES(ssl) (ssl->ca_names != NULL ? ssl->ca_names : \
ssl->ctx->ca_names)
WOLFSSL_LOCAL int SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr); WOLFSSL_LOCAL int SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr);
WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int); WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int);
WOLFSSL_LOCAL int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int); WOLFSSL_LOCAL int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int);

1
wolfssl/openssl/ssl.h
View File

@@ -835,6 +835,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL_set1_verify_cert_store wolfSSL_set1_verify_cert_store #define SSL_set1_verify_cert_store wolfSSL_set1_verify_cert_store
#define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((WOLFSSL_CTX*) (x)) #define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((WOLFSSL_CTX*) (x))
#define SSL_get_client_CA_list wolfSSL_get_client_CA_list #define SSL_get_client_CA_list wolfSSL_get_client_CA_list
#define SSL_set_client_CA_list wolfSSL_set_client_CA_list
#define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx #define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx
#define SSL_get_ex_data wolfSSL_get_ex_data #define SSL_get_ex_data wolfSSL_get_ex_data

6
wolfssl/ssl.h
View File

@@ -1807,11 +1807,13 @@ WOLFSSL_API void wolfSSL_ASN1_TIME_free(WOLFSSL_ASN1_TIME* t);
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*);
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list( WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list(
const WOLFSSL_CTX *s); const WOLFSSL_CTX *ctx);
/* deprecated function name */ /* deprecated function name */
#define wolfSSL_SSL_CTX_get_client_CA_list wolfSSL_CTX_get_client_CA_list #define wolfSSL_SSL_CTX_get_client_CA_list wolfSSL_CTX_get_client_CA_list
WOLFSSL_API void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*, WOLFSSL_API void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX*,
WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
WOLFSSL_API void wolfSSL_set_client_CA_list(WOLFSSL*,
WOLF_STACK_OF(WOLFSSL_X509_NAME)*); WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list( WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list(
const WOLFSSL* ssl); const WOLFSSL* ssl);