diff --git a/src/ssl.c b/src/ssl.c index 6841badb3..a6a0276ee 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -14512,9 +14512,15 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) sk = CreatePeerCertChain(ssl, 0); if (sk != NULL) { + if (ssl->options.side == WOLFSSL_SERVER_END) { + if (ssl->session->peer) + wolfSSL_X509_free(ssl->session->peer); + + ssl->session->peer = wolfSSL_sk_X509_pop(sk); + ssl->session->peerVerifyRet = ssl->peerVerifyRet; + } if (ssl->peerCertChain != NULL) wolfSSL_sk_X509_pop_free(ssl->peerCertChain, NULL); - /* This is Free'd when ssl is Free'd */ ssl->peerCertChain = sk; } diff --git a/tests/api.c b/tests/api.c index 9f12e87a4..77e3db2be 100644 --- a/tests/api.c +++ b/tests/api.c @@ -7871,8 +7871,9 @@ void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx) } } -int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb, - test_ssl_cbf* server_cb, cbType client_on_handshake) +static int test_wolfSSL_client_server_nofail_memio_ex(test_ssl_cbf* client_cb, + test_ssl_cbf* server_cb, cbType client_on_handshake, + cbType server_on_handshake) { /* We use EXPECT_DECLS_NO_MSGS() here because this helper routine is used * for numerous but varied expected-to-fail scenarios that should not emit @@ -7903,6 +7904,10 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb, ExpectIntEQ(client_on_handshake(test_ctx.c_ctx, test_ctx.c_ssl), TEST_SUCCESS); } + if (server_on_handshake != NULL) { + ExpectIntEQ(server_on_handshake(test_ctx.s_ctx, test_ctx.s_ssl), + TEST_SUCCESS); + } if (client_cb->on_handshake != NULL) { ExpectIntEQ(client_cb->on_handshake(&test_ctx.c_ctx, &test_ctx.c_ssl), TEST_SUCCESS); @@ -7933,6 +7938,13 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb, return EXPECT_RESULT(); } + +int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb, + test_ssl_cbf* server_cb, cbType client_on_handshake) +{ + return (test_wolfSSL_client_server_nofail_memio_ex(client_cb, server_cb, + client_on_handshake, NULL)); +} #endif #ifdef HAVE_IO_TESTS_DEPENDENCIES @@ -29715,6 +29727,56 @@ static void msg_cb(int write_p, int version, int content_type, #if defined(SESSION_CERTS) #include "wolfssl/internal.h" #endif +static int msgSrvCb(SSL_CTX *ctx, SSL *ssl) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(SESSION_CERTS) && !defined(NO_BIO) + STACK_OF(X509)* sk = NULL; + X509* x509 = NULL; + int i, num; + BIO* bio = NULL; +#endif + + ExpectNotNull(ctx); + ExpectNotNull(ssl); + + fprintf(stderr, "\n===== msgSrvCb called ====\n"); +#if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN) + ExpectTrue(SSL_get_peer_cert_chain(ssl) != NULL); + ExpectIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 2); + ExpectNotNull(SSL_get0_verified_chain(ssl)); +#endif + +#if defined(OPENSSL_ALL) && defined(SESSION_CERTS) && !defined(NO_BIO) + WOLFSSL_X509* peer = NULL; + + ExpectNotNull(peer= wolfSSL_get_peer_certificate(ssl)); + ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE)); + + fprintf(stderr, "Peer Certificate = :\n"); + X509_print(bio,peer); + X509_free(peer); + + ExpectNotNull(sk = SSL_get_peer_cert_chain(ssl)); + if (sk == NULL) { + BIO_free(bio); + return TEST_FAIL; + } + num = sk_X509_num(sk); + ExpectTrue(num > 0); + for (i = 0; i < num; i++) { + ExpectNotNull(x509 = sk_X509_value(sk,i)); + if (x509 == NULL) + break; + fprintf(stderr, "Certificate at index [%d] = :\n",i); + X509_print(bio,x509); + fprintf(stderr, "\n\n"); + } + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + static int msgCb(SSL_CTX *ctx, SSL *ssl) { EXPECT_DECLS; @@ -29775,9 +29837,11 @@ static int test_wolfSSL_msgCb(void) client_cb.method = wolfTLSv1_3_client_method; server_cb.method = wolfTLSv1_3_server_method; #endif + server_cb.caPemFile = caCertFile; + client_cb.certPemFile = "./certs/intermediate/client-chain.pem"; - ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cb, - &server_cb, msgCb), TEST_SUCCESS); + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio_ex(&client_cb, + &server_cb, msgCb, msgSrvCb), TEST_SUCCESS); #endif return EXPECT_RESULT(); }