diff --git a/src/internal.c b/src/internal.c index 831a213bd..f29dc5103 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2195,8 +2195,11 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) ctx->x509_store.objs = NULL; } #endif - #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY) + #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ + defined(WOLFSSL_WPAS_SMALL) wolfSSL_X509_STORE_free(ctx->x509_store_pt); + #endif + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY) wolfSSL_sk_X509_NAME_pop_free(ctx->ca_names, NULL); ctx->ca_names = NULL; #endif @@ -10297,7 +10300,7 @@ static void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nam XSTRNCPY(name->name, dCert->subject, ASN_NAME_MAX); name->name[ASN_NAME_MAX - 1] = '\0'; name->sz = (int)XSTRLEN(name->name) + 1; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) name->rawLen = min(dCert->subjectRawLen, ASN_NAME_MAX); XMEMCPY(name->raw, dCert->subjectRaw, name->rawLen); #endif @@ -10306,7 +10309,8 @@ static void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nam XSTRNCPY(name->name, dCert->issuer, ASN_NAME_MAX); name->name[ASN_NAME_MAX - 1] = '\0'; name->sz = (int)XSTRLEN(name->name) + 1; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)) && defined(WOLFSSL_CERT_EXT) +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) \ + && (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)) name->rawLen = min(dCert->issuerRawLen, ASN_NAME_MAX); if (name->rawLen) { XMEMCPY(name->raw, dCert->issuerRaw, name->rawLen); @@ -23055,6 +23059,7 @@ exit_dpk: if (wolfSSL_sk_X509_NAME_push(ssl->ca_names, name) == WOLFSSL_FAILURE) { FreeDecodedCert(&cert); + wolfSSL_X509_NAME_free(name); return MEMORY_ERROR; } diff --git a/src/ssl.c b/src/ssl.c index 007ab92dc..09f32b26d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16203,7 +16203,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return SSL_CA_NAMES(ssl); } - #if !defined(NO_RSA) && !defined(NO_CERTS) + #if !defined(NO_CERTS) int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) { WOLFSSL_X509_NAME *nameCopy = NULL; @@ -16326,7 +16326,7 @@ cleanup: } #endif #endif /* !NO_BIO */ -#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA || HAVE_WEBSERVER */ +#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA */ #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ @@ -19156,10 +19156,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) if ((ssl == NULL) || (ssl->session.chain.count == 0)) return NULL; - if (ssl->peerCertChain == NULL) - sk = wolfSSL_sk_X509_new(); - else /* Try to re-use old chain if available */ - sk = ssl->peerCertChain; + sk = wolfSSL_sk_X509_new(); i = ssl->session.chain.count-1; for (; i >= 0; i--) { x509 = wolfSSL_X509_new(); @@ -19199,6 +19196,8 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) wolfSSL_sk_X509_shift(sk); } #endif + if (ssl->peerCertChain != NULL) + wolfSSL_sk_X509_free(ssl->peerCertChain); /* This is Free'd when ssl is Free'd */ ssl->peerCertChain = sk; return sk; @@ -58242,7 +58241,8 @@ int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer, * START OF X509_STORE APIs ******************************************************************************/ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ + defined(WOLFSSL_WPAS_SMALL) WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) { WOLFSSL_X509_STORE* store = NULL; @@ -58435,7 +58435,7 @@ int wolfSSL_X509_STORE_set_ex_data_with_cleanup( #endif /* HAVE_EX_DATA_CLEANUP_HOOKS */ -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ +#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER || WOLFSSL_WPAS_SMALL */ #ifdef OPENSSL_EXTRA diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 9331b0c35..447575c26 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -6543,7 +6543,8 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx) #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ !defined(WOLFCRYPT_ONLY) if (nameType == ISSUER) { -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)) && defined(WOLFSSL_CERT_EXT) +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \ + (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)) dName->rawLen = min(cert->issuerRawLen, ASN_NAME_MAX); XMEMCPY(dName->raw, cert->issuerRaw, dName->rawLen); #endif diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 9146df804..412fbba27 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -561,7 +561,8 @@ struct WOLFSSL_X509_STORE { int cache; /* stunnel dereference */ WOLFSSL_CERT_MANAGER* cm; WOLFSSL_X509_LOOKUP lookup; -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL) +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ + defined(WOLFSSL_WPAS_SMALL) int isDynamic; WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */ #endif @@ -574,7 +575,8 @@ struct WOLFSSL_X509_STORE { #ifdef HAVE_EX_DATA WOLFSSL_CRYPTO_EX_DATA ex_data; #endif -#ifdef HAVE_CRL +#if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ + defined(WOLFSSL_WPAS_SMALL)) && defined(HAVE_CRL) WOLFSSL_X509_CRL *crl; /* points to cm->crl */ #endif #ifndef SINGLE_THREADED