Address review comments, rename WOLFSSL_INTER_CA, use up_ref for get issuer

src/ssl.c

@@ -5536,13 +5536,13 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
     }
 
     if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA &&
-        type != WOLFSSL_INTER_CA) {
+        type != WOLFSSL_TEMP_CA) {
         WOLFSSL_MSG("\tCan't add as CA if not actually one");
         ret = NOT_CA_ERROR;
     }
 #ifndef ALLOW_INVALID_CERTSIGN
     else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA &&
-        type != WOLFSSL_INTER_CA && !cert->selfSigned &&
+        type != WOLFSSL_TEMP_CA && !cert->selfSigned &&
         (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
         /* Intermediate CA certs are required to have the keyCertSign
         * extension set. User loaded root certs are not. */

src/ssl_certman.c

@@ -487,7 +487,7 @@ static int wolfSSL_CertManagerUnloadTempIntermediateCerts(
     WOLFSSL_CERT_MANAGER* cm)
 {
     WOLFSSL_ENTER("wolfSSL_CertManagerUnloadTempIntermediateCerts");
-    return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_INTER_CA);
+    return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_TEMP_CA);
 }
 #endif
 

src/x509_str.c

@@ -72,7 +72,7 @@ WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap)
         if (ctx != NULL &&
             wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL) !=
                 WOLFSSL_SUCCESS) {
-            XFREE(ctx, heap, DYNAMIC_TYPE_X509_CTX);
+            wolfSSL_X509_STORE_CTX_free(ctx);
             ctx = NULL;
         }
 #endif
@@ -105,7 +105,6 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
 
         if (ctx->current_issuer != NULL) {
             wolfSSL_X509_free(ctx->current_issuer);
-            ctx->current_issuer = NULL;
         }
 #endif
 
@@ -395,7 +394,7 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
             /* We found our issuer in the non-trusted cert list, add it
              * to the CM and verify the current cert against it */
             ret = X509StoreAddCa(ctx->store, issuer,
-                                            WOLFSSL_INTER_CA);
+                                            WOLFSSL_TEMP_CA);
             if (ret != WOLFSSL_SUCCESS) {
                 goto exit;
             }
@@ -920,8 +919,7 @@ int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
 
     ret = X509StoreGetIssuerEx(issuer, ctx->store->certs, x);
     if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) {
-        *issuer = wolfSSL_X509_dup(*issuer);
+        return wolfSSL_X509_up_ref(*issuer);
-        return (*issuer != NULL) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
     }
 
 #ifdef WOLFSSL_SIGNER_DER_CERT
@@ -929,8 +927,7 @@ int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
 #else
     ret = X509StoreGetIssuerEx(issuer, ctx->store->trusted, x);
     if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) {
-        *issuer = wolfSSL_X509_dup(*issuer);
+        return wolfSSL_X509_up_ref(*issuer);
-        return (*issuer != NULL) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
     }
 #endif
 
@@ -1065,7 +1062,7 @@ static void X509StoreFreeObjList(WOLFSSL_X509_STORE* store,
         obj = wolfSSL_sk_X509_OBJECT_value(objs, i);
         if (obj != NULL) {
             obj->type = 0;
-            obj->data.x509 = NULL;
+            obj->data.ptr = NULL;
         }
         cnt--;
         i--;

wolfssl/ssl.h

@@ -3325,7 +3325,7 @@ enum {
 
     WOLFSSL_USER_CA  = 1,          /* user added as trusted */
     WOLFSSL_CHAIN_CA = 2,          /* added to cache from trusted chain */
-    WOLFSSL_INTER_CA = 3           /* Intermediate CA, only for use by
+    WOLFSSL_TEMP_CA = 3            /* Temp intermediate CA, only for use by
                                     * X509_STORE */
 };