wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rebase for mosquitto

Browse Source
This commit is contained in:
Eric Blankenhorn
2023-01-23 08:19:26 -06:00
parent e002b6efd3
commit 7aad09fc87
6 changed files with 167 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
.github/workflows/mosquitto.yml vendored Normal file
View File

@@ -0,0 +1,107 @@
name: mosquitto Tests
on:
workflow_call:
jobs:
build_wolfssl:
name: Build wolfSSL
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-mosquitto
install: true
- name: Upload built lib
uses: actions/upload-artifact@v3
with:
name: wolf-install-mosquitto
path: build-dir
retention-days: 1
mosquitto_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
include:
- ref: v2.0.15
ignore-tests: >-
./01-connect-zero-length-id.py 06-bridge-reconnect-local-out.py
./08-ssl-connect-cert-auth-crl.py
./08-ssl-connect-cert-auth-revoked.py
./08-ssl-connect-cert-auth.py
./08-ssl-connect-identity.py
./08-ssl-connect-no-auth.py
./08-ssl-connect-no-identity.py
./08-ssl-hup-disconnect.py
./14-dynsec-acl.py
./14-dynsec-anon-group.py
./14-dynsec-auth.py
./14-dynsec-client-invalid.py
./14-dynsec-client.py
./14-dynsec-default-access.py
./14-dynsec-disable-client.py
./14-dynsec-group-invalid.py
./14-dynsec-group.py
./14-dynsec-modify-client.py
./14-dynsec-modify-group.py
./14-dynsec-modify-role.py
./14-dynsec-plugin-invalid.py
./14-dynsec-role-invalid.py
./14-dynsec-role.py
name: ${{ matrix.ref }}
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 4
needs: build_wolfssl
steps:
- name: Download lib
uses: actions/download-artifact@v3
with:
name: wolf-install-mosquitto
path: build-dir
- name: Checkout OSP
uses: actions/checkout@v3
with:
repository: wolfssl/osp
path: osp
- name: Install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y build-essential libev-dev libssl-dev automake python3-docutils libcunit1 libcunit1-doc libcunit1-dev pkg-config make
- name: Checkout mosquitto
uses: actions/checkout@v3
with:
repository: eclipse/mosquitto
ref: v2.0.15
path: mosquitto
# Do this before configuring so that it only detects the updated list of
# tests
- if: ${{ matrix.ignore-tests }}
name: Remove tests that we want to ignore
working-directory: ./mosquitto/test/broker
run: |
rm ${{ matrix.ignore-tests }}
- name: Configure and build mosquitto
run: |
cd $GITHUB_WORKSPACE/mosquitto/
patch -p1 < $GITHUB_WORKSPACE/osp/mosquitto/2.0.15.patch
make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no
- name: Run mosquitto tests, skipping ignored tests
working-directory: ./mosquitto
run: |
make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no ptest

43
configure.ac
View File

@@ -1817,6 +1817,7 @@ AC_ARG_ENABLE([mcast],
# OpenLDAP (--enable-openldap) # OpenLDAP (--enable-openldap)
# hitch (--enable-hitch) # hitch (--enable-hitch)
# memcached (--enable-memcached) # memcached (--enable-memcached)
# Mosquitto (--enable-mosquitto) HAVE_MOSQUITTO
# Bind DNS compatibility Build # Bind DNS compatibility Build
AC_ARG_ENABLE([bind], AC_ARG_ENABLE([bind],
@@ -1880,12 +1881,25 @@ AC_ARG_ENABLE([openldap],
[ ENABLED_OPENLDAP=no ] [ ENABLED_OPENLDAP=no ]
) )
# Mosquitto support
AC_ARG_ENABLE([mosquitto],
[AS_HELP_STRING([--enable-mosquitto],[Enable Mosquitto support (default: disabled)])],
[ ENABLED_MOSQUITTO=$enableval ],
[ ENABLED_MOSQUITTO=no ]
)
if test "x$ENABLED_MOSQUITTO" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_MOSQUITTO"
fi
# lighty Support # lighty Support
AC_ARG_ENABLE([lighty], AC_ARG_ENABLE([lighty],
[AS_HELP_STRING([--enable-lighty],[Enable lighttpd/lighty (default: disabled)])], [AS_HELP_STRING([--enable-lighty],[Enable lighttpd/lighty (default: disabled)])],
[ ENABLED_LIGHTY=$enableval ], [ ENABLED_LIGHTY=$enableval ],
[ ENABLED_LIGHTY=no ] [ ENABLED_LIGHTY=no ]
) )
# rsyslog Support # rsyslog Support
AC_ARG_ENABLE([rsyslog], AC_ARG_ENABLE([rsyslog],
[AS_HELP_STRING([--enable-rsyslog],[Enable rsyslog (default: disabled)])], [AS_HELP_STRING([--enable-rsyslog],[Enable rsyslog (default: disabled)])],
@@ -2145,7 +2159,7 @@ if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \
test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes" || \ test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes" || \
test "$ENABLED_KRB" = "yes" || test "$ENABLED_CHRONY" = "yes" || \ test "$ENABLED_KRB" = "yes" || test "$ENABLED_CHRONY" = "yes" || \
test "$ENABLED_FFMPEG" = "yes" || test "$ENABLED_STRONGSWAN" = "yes" || \ test "$ENABLED_FFMPEG" = "yes" || test "$ENABLED_STRONGSWAN" = "yes" || \
test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes" test "$ENABLED_OPENLDAP" = "yes" || test "x$ENABLED_MOSQUITTO" = "xyes" || test "$ENABLED_HITCH" = "yes"
then then
ENABLED_OPENSSLALL="yes" ENABLED_OPENSSLALL="yes"
fi fi
@@ -3742,7 +3756,7 @@ AC_ARG_ENABLE([sessioncerts],
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \ if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \
test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \ test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \
test "x$ENABLED_STRONGSWAN" = "xyes" || test "x$ENABLED_HITCH" = "xyes" test "x$ENABLED_STRONGSWAN" = "xyes" || test "x$ENABLED_HITCH" = "xyes" || test "x$ENABLED_MOSQUITTO" = "xyes"
then then
ENABLED_SESSIONCERTS=yes ENABLED_SESSIONCERTS=yes
fi fi
@@ -4226,6 +4240,11 @@ AC_ARG_ENABLE([psk],
[ ENABLED_PSK=no ] [ ENABLED_PSK=no ]
) )
if test "x$ENABLED_MOSQUITTO" = "xyes"
then
ENABLED_PSK=yes
fi
# Single PSK identity # Single PSK identity
AC_ARG_ENABLE([psk-one-id], AC_ARG_ENABLE([psk-one-id],
[AS_HELP_STRING([--enable-psk-one-id],[Enable PSK (default: disabled)])], [AS_HELP_STRING([--enable-psk-one-id],[Enable PSK (default: disabled)])],
@@ -5851,7 +5870,8 @@ fi
# OCSP # OCSP
if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" if test "x$ENABLED_OPENSSLALL" = "xyes" || test "x$ENABLED_NGINX" = "xyes" || \
test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_MOSQUITTO" = "xyes"
then then
test "$enable_ocsp" = "" && enable_ocsp=yes test "$enable_ocsp" = "" && enable_ocsp=yes
fi fi
@@ -5883,7 +5903,9 @@ AC_ARG_ENABLE([ocspstapling],
[ ENABLED_CERTIFICATE_STATUS_REQUEST=no ] [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
) )
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_WPAS" = "xyes" || \
test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_LIGHTY" = "xyes" || \
test "x$ENABLED_MOSQUITTO" = "xyes"
then then
ENABLED_CERTIFICATE_STATUS_REQUEST="yes" ENABLED_CERTIFICATE_STATUS_REQUEST="yes"
fi fi
@@ -5931,9 +5953,11 @@ AC_ARG_ENABLE([crl],
[ ENABLED_CRL=no ] [ ENABLED_CRL=no ]
) )
if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || test "x$ENABLED_OPENVPN" = "xyes" || \ if test "x$ENABLED_NGINX" = "xyes" || test "x$ENABLED_HAPROXY" = "xyes" || \
test "x$ENABLED_WPAS" != "xno" || test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \ test "x$ENABLED_OPENVPN" = "xyes" || test "x$ENABLED_WPAS" != "xno" || \
test "x$ENABLED_KRB" = "xyes" || test "x$ENABLED_STRONGSWAN" = "xyes" test "x$ENABLED_LIGHTY" = "xyes" || test "x$ENABLED_NETSNMP" = "xyes" || \
test "x$ENABLED_KRB" = "xyes" || test "x$ENABLED_STRONGSWAN" = "xyes" || \
test "x$ENABLED_MOSQUITTO" = "xyes"
then then
ENABLED_CRL=yes ENABLED_CRL=yes
fi fi
@@ -8947,7 +8971,7 @@ if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || \
test "$ENABLED_LIBWEBSOCKETS" = "yes" || \ test "$ENABLED_LIBWEBSOCKETS" = "yes" || \
test "x$ENABLED_LIGHTY" = "xyes" || test "$ENABLED_LIBSSH2" = "yes" || \ test "x$ENABLED_LIGHTY" = "xyes" || test "$ENABLED_LIBSSH2" = "yes" || \
test "x$ENABLED_NTP" = "xyes" || test "$ENABLED_RSYSLOG" = "yes" || \ test "x$ENABLED_NTP" = "xyes" || test "$ENABLED_RSYSLOG" = "yes" || \
test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes" test "$ENABLED_OPENLDAP" = "yes" || test "$ENABLED_HITCH" = "yes" || test "x$ENABLED_MOSQUITTO" = "xyes"
then then
ENABLED_OPENSSLEXTRA="yes" ENABLED_OPENSSLEXTRA="yes"
fi fi
@@ -9139,6 +9163,8 @@ AS_IF([test "x$ENABLED_STRONGSWAN" = "xyes"],
AS_IF([test "x$ENABLED_OPENLDAP" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT"]) AS_IF([test "x$ENABLED_OPENLDAP" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT"])
AS_IF([test "x$ENABLED_MOSQUITTO" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"])
if test "$ENABLED_ED25519_STREAM" != "no" && test "$ENABLED_SE050" != "yes" if test "$ENABLED_ED25519_STREAM" != "no" && test "$ENABLED_SE050" != "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED25519_STREAMING_VERIFY" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ED25519_STREAMING_VERIFY"
@@ -10181,6 +10207,7 @@ echo " * strongSwan: $ENABLED_STRONGSWAN"
echo " * OpenLDAP: $ENABLED_OPENLDAP" echo " * OpenLDAP: $ENABLED_OPENLDAP"
echo " * hitch: $ENABLED_HITCH" echo " * hitch: $ENABLED_HITCH"
echo " * memcached: $ENABLED_MEMCACHED" echo " * memcached: $ENABLED_MEMCACHED"
echo " * Mosquitto $ENABLED_MOSQUITTO"
echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS" echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS"
echo " * DTLS: $ENABLED_DTLS" echo " * DTLS: $ENABLED_DTLS"
echo " * DTLS v1.3: $ENABLED_DTLS13" echo " * DTLS v1.3: $ENABLED_DTLS13"

12
src/ssl.c
View File

@@ -23240,6 +23240,18 @@ int wolfSSL_CTX_set_ecdh_auto(WOLFSSL_CTX* ctx, int onoff)
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
/* wolfSSL_CTX_set_dh_auto is provided as compatible API with
* SSL_CTX_set_dh_auto to enable auto dh selection functionality.
* Since this functionality is enabled by default in wolfSSL,
* this API exists as a stub.
*/
int wolfSSL_CTX_set_dh_auto(WOLFSSL_CTX* ctx, int onoff)
{
(void)ctx;
(void)onoff;
return WOLFSSL_SUCCESS;
}
/** /**
* set security level (wolfSSL doesn't support security level) * set security level (wolfSSL doesn't support security level)
* @param ctx a pointer to WOLFSSL_EVP_PKEY_CTX structure * @param ctx a pointer to WOLFSSL_EVP_PKEY_CTX structure

20
wolfssl/openssl/opensslv.h
View File

@@ -35,24 +35,26 @@
defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10100000L) ||\ defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10100000L) ||\
defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L) defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L)
/* valid version */ /* valid version */
#elif defined(HAVE_MOSQUITTO)
#define OPENSSL_VERSION_NUMBER 0x10100000L
#elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || \ #elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || \
defined(WOLFSSL_BIND) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_BIND) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_RSYSLOG) || defined(WOLFSSL_KRB) || defined(HAVE_STUNNEL) || \ defined(WOLFSSL_RSYSLOG) || defined(WOLFSSL_KRB) || defined(HAVE_STUNNEL) || \
defined(WOLFSSL_OPENSSH) defined(WOLFSSL_OPENSSH)
/* For Apache httpd, Use 1.1.0 compatibility */ /* For Apache httpd, Use 1.1.0 compatibility */
#define OPENSSL_VERSION_NUMBER 0x10100003L #define OPENSSL_VERSION_NUMBER 0x10100003L
#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON) || defined(WOLFSSL_KRB) #elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON)
/* For Qt and Python 3.8.5 compatibility */ /* For Qt and Python 3.8.5 compatibility */
#define OPENSSL_VERSION_NUMBER 0x10101000L #define OPENSSL_VERSION_NUMBER 0x10101000L
#elif defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_FFMPEG) #elif defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_FFMPEG)
#define OPENSSL_VERSION_NUMBER 0x1010000fL #define OPENSSL_VERSION_NUMBER 0x1010000fL
#elif defined(OPENSSL_ALL) || defined(HAVE_LIGHTY) || \ #elif defined(OPENSSL_ALL) || defined(HAVE_LIGHTY) || \
defined(WOLFSSL_NGINX) || defined(WOLFSSL_OPENVPN) defined(WOLFSSL_NGINX) || defined(WOLFSSL_OPENSSH) || defined(WOLFSSL_OPENVPN)
/* version number can be increased for Lighty after compatibility for ECDH /* version number can be increased for Lighty after compatibility for ECDH
is added */ is added */
#define OPENSSL_VERSION_NUMBER 0x10001040L #define OPENSSL_VERSION_NUMBER 0x10001040L
#else #else
#define OPENSSL_VERSION_NUMBER 0x0090810fL #define OPENSSL_VERSION_NUMBER 0x0090810fL
#endif #endif
#define OPENSSL_VERSION_TEXT "wolfSSL " LIBWOLFSSL_VERSION_STRING #define OPENSSL_VERSION_TEXT "wolfSSL " LIBWOLFSSL_VERSION_STRING

2
wolfssl/openssl/ssl.h
View File

@@ -1209,7 +1209,6 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE;
#define SSL_R_SHORT_READ 10 #define SSL_R_SHORT_READ 10
#define ERR_R_PEM_LIB 9 #define ERR_R_PEM_LIB 9
#define SSL_CTRL_MODE 33 #define SSL_CTRL_MODE 33
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
#define SSL_CTX_clear_chain_certs(ctx) SSL_CTX_set0_chain(ctx,NULL) #define SSL_CTX_clear_chain_certs(ctx) SSL_CTX_set0_chain(ctx,NULL)
@@ -1229,6 +1228,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE;
(char *)(arg)) (char *)(arg))
#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY */ #endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY */
#define SSL_CTX_set_dh_auto(ctx, arg) wolfSSL_CTX_set_dh_auto;
#define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh
#define TLSEXT_STATUSTYPE_ocsp 1 #define TLSEXT_STATUSTYPE_ocsp 1

1
wolfssl/ssl.h
View File

@@ -1143,6 +1143,7 @@ WOLFSSL_API int wolfSSL_CTX_up_ref(WOLFSSL_CTX* ctx);
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
WOLFSSL_API int wolfSSL_set_ecdh_auto(WOLFSSL* ssl, int onoff); WOLFSSL_API int wolfSSL_set_ecdh_auto(WOLFSSL* ssl, int onoff);
WOLFSSL_API int wolfSSL_CTX_set_ecdh_auto(WOLFSSL_CTX* ctx, int onoff); WOLFSSL_API int wolfSSL_CTX_set_ecdh_auto(WOLFSSL_CTX* ctx, int onoff);
WOLFSSL_API int wolfSSL_CTX_set_dh_auto(WOLFSSL_CTX* ctx, int onoff);
WOLFSSL_API int wolfSSL_get_signature_nid(WOLFSSL* ssl, int* nid); WOLFSSL_API int wolfSSL_get_signature_nid(WOLFSSL* ssl, int* nid);
WOLFSSL_API int wolfSSL_get_signature_type_nid(const WOLFSSL* ssl, int* nid); WOLFSSL_API int wolfSSL_get_signature_type_nid(const WOLFSSL* ssl, int* nid);
WOLFSSL_API int wolfSSL_get_peer_signature_nid(WOLFSSL* ssl, int* nid); WOLFSSL_API int wolfSSL_get_peer_signature_nid(WOLFSSL* ssl, int* nid);