wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 04:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3105 from embhorn/zd10457_a

Browse Source 
Adding wolfSSL_X509_check_ip_asc
This commit is contained in:
toddouska
2020-07-16 10:53:27 -07:00
committed by GitHub
parent fbe0c8cba7 f2b279e834
commit 9137794cb4
7 changed files with 135 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/crl.c
View File

@@ -1176,7 +1176,7 @@ static int StartMonitorCRL(WOLFSSL_CRL* crl)
#else /* HAVE_CRL_MONITOR */ #else /* HAVE_CRL_MONITOR */
#ifndef NO_FILESYSTEM #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
static int StartMonitorCRL(WOLFSSL_CRL* crl) static int StartMonitorCRL(WOLFSSL_CRL* crl)
{ {
@@ -1188,7 +1188,7 @@ static int StartMonitorCRL(WOLFSSL_CRL* crl)
return NOT_COMPILED_IN; return NOT_COMPILED_IN;
} }
#endif /* NO_FILESYSTEM */ #endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */
#endif /* HAVE_CRL_MONITOR */ #endif /* HAVE_CRL_MONITOR */

20
src/internal.c
View File

@@ -9397,7 +9397,6 @@ int CheckAltNames(DecodedCert* dCert, char* domain)
return match; return match;
} }
#ifdef OPENSSL_EXTRA
/* Check that alternative names, if they exists, match the domain. /* Check that alternative names, if they exists, match the domain.
* Fail if there are wild patterns and they didn't match. * Fail if there are wild patterns and they didn't match.
* Check the common name if no alternative names matched. * Check the common name if no alternative names matched.
@@ -9405,9 +9404,11 @@ int CheckAltNames(DecodedCert* dCert, char* domain)
* dCert Decoded cert to get the alternative names from. * dCert Decoded cert to get the alternative names from.
* domain Domain name to compare against. * domain Domain name to compare against.
* checkCN Whether to check the common name. * checkCN Whether to check the common name.
* returns whether there was a problem in matching. * returns 1 : match was found.
* 0 : no match found.
* -1 : No matches and wild pattern match failed.
*/ */
static int CheckForAltNames(DecodedCert* dCert, char* domain, int* checkCN) static int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN)
{ {
int match; int match;
DNS_entry* altName = NULL; DNS_entry* altName = NULL;
@@ -9425,20 +9426,23 @@ static int CheckForAltNames(DecodedCert* dCert, char* domain, int* checkCN)
if (MatchDomainName(altName->name, altName->len, domain)) { if (MatchDomainName(altName->name, altName->len, domain)) {
match = 1; match = 1;
*checkCN = 0; *checkCN = 0;
WOLFSSL_MSG("\tmatch found");
break; break;
} }
/* No matches and wild pattern match failed. */ /* No matches and wild pattern match failed. */
else if (altName->name && altName->len >=1 && else if (altName->name && altName->len >=1 &&
altName->name[0] == '*' && match == 0) { altName->name[0] == '*' && match == 0) {
match = -1; match = -1;
WOLFSSL_MSG("\twildcard match failed");
} }
altName = altName->next; altName = altName->next;
} }
return match != -1; return match;
} }
/* Check the domain name matches the subject alternative name or the subject /* Check the domain name matches the subject alternative name or the subject
* name. * name.
* *
@@ -9447,14 +9451,14 @@ static int CheckForAltNames(DecodedCert* dCert, char* domain, int* checkCN)
* domainNameLen The length of the domain name. * domainNameLen The length of the domain name.
* returns DOMAIN_NAME_MISMATCH when no match found and 0 on success. * returns DOMAIN_NAME_MISMATCH when no match found and 0 on success.
*/ */
int CheckHostName(DecodedCert* dCert, char *domainName, size_t domainNameLen) int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameLen)
{ {
int checkCN; int checkCN;
/* Assume name is NUL terminated. */ /* Assume name is NUL terminated. */
(void)domainNameLen; (void)domainNameLen;
if (CheckForAltNames(dCert, domainName, &checkCN) == 0) { if (CheckForAltNames(dCert, domainName, &checkCN) != 1) {
WOLFSSL_MSG("DomainName match on alt names failed too"); WOLFSSL_MSG("DomainName match on alt names failed too");
return DOMAIN_NAME_MISMATCH; return DOMAIN_NAME_MISMATCH;
} }
@@ -9469,13 +9473,13 @@ int CheckHostName(DecodedCert* dCert, char *domainName, size_t domainNameLen)
return 0; return 0;
} }
int CheckIPAddr(DecodedCert* dCert, char* ipasc) int CheckIPAddr(DecodedCert* dCert, const char* ipasc)
{ {
WOLFSSL_MSG("Checking IPAddr"); WOLFSSL_MSG("Checking IPAddr");
return CheckHostName(dCert, ipasc, (size_t)XSTRLEN(ipasc)); return CheckHostName(dCert, ipasc, (size_t)XSTRLEN(ipasc));
} }
#endif
#ifdef SESSION_CERTS #ifdef SESSION_CERTS
static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain, static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain,

119
src/ssl.c
View File

@@ -14657,8 +14657,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#endif #endif
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
static long wolf_set_options(long old_op, long op); static long wolf_set_options(long old_op, long op);
long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt) long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt)
{ {
@@ -14672,8 +14670,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return ctx->mask; return ctx->mask;
} }
#endif
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt) long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt)
@@ -24731,7 +24727,6 @@ int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key)
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
static long wolf_set_options(long old_op, long op) static long wolf_set_options(long old_op, long op)
{ {
/* if SSL_OP_ALL then turn all bug workarounds on */ /* if SSL_OP_ALL then turn all bug workarounds on */
@@ -24754,19 +24749,19 @@ static long wolf_set_options(long old_op, long op)
} }
#endif #endif
if ((op & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { if ((op & WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2) {
WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_2"); WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_2");
} }
if ((op & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { if ((op & WOLFSSL_OP_NO_TLSv1_1) == WOLFSSL_OP_NO_TLSv1_1) {
WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_1"); WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_1");
} }
if ((op & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { if ((op & WOLFSSL_OP_NO_TLSv1) == WOLFSSL_OP_NO_TLSv1) {
WOLFSSL_MSG("\tSSL_OP_NO_TLSv1"); WOLFSSL_MSG("\tSSL_OP_NO_TLSv1");
} }
if ((op & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) { if ((op & WOLFSSL_OP_NO_SSLv3) == WOLFSSL_OP_NO_SSLv3) {
WOLFSSL_MSG("\tSSL_OP_NO_SSLv3"); WOLFSSL_MSG("\tSSL_OP_NO_SSLv3");
} }
@@ -24784,7 +24779,6 @@ static long wolf_set_options(long old_op, long op)
return old_op | op; return old_op | op;
} }
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER || WOLFSSL_WPAS_SMALL */
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
long wolfSSL_set_options(WOLFSSL* ssl, long op) long wolfSSL_set_options(WOLFSSL* ssl, long op)
@@ -42915,6 +42909,80 @@ int wolfSSL_X509_set_ex_data(X509 *x509, int idx, void *data)
} }
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifndef NO_ASN
int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen,
unsigned int flags, char **peername)
{
int ret;
DecodedCert dCert;
WOLFSSL_ENTER("wolfSSL_X509_check_host");
/* flags and peername not needed for Nginx. */
(void)flags;
(void)peername;
if (flags == WOLFSSL_NO_WILDCARDS) {
WOLFSSL_MSG("X509_CHECK_FLAG_NO_WILDCARDS not yet implemented");
return WOLFSSL_FAILURE;
}
InitDecodedCert(&dCert, x->derCert->buffer, x->derCert->length, NULL);
ret = ParseCertRelative(&dCert, CERT_TYPE, 0, NULL);
if (ret != 0) {
FreeDecodedCert(&dCert);
return WOLFSSL_FAILURE;
}
ret = CheckHostName(&dCert, (char *)chk, chklen);
FreeDecodedCert(&dCert);
if (ret != 0)
return WOLFSSL_FAILURE;
return WOLFSSL_SUCCESS;
}
int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
unsigned int flags)
{
int ret = WOLFSSL_FAILURE;
DecodedCert dCert;
WOLFSSL_ENTER("wolfSSL_X509_check_ip_asc");
/* flags not yet implemented */
(void)flags;
if ((x == NULL) || (x->derCert == NULL) || (ipasc == NULL)) {
WOLFSSL_MSG("Invalid parameter");
}
else {
ret = WOLFSSL_SUCCESS;
}
if (ret == WOLFSSL_SUCCESS) {
InitDecodedCert(&dCert, x->derCert->buffer, x->derCert->length, NULL);
ret = ParseCertRelative(&dCert, CERT_TYPE, 0, NULL);
if (ret != 0) {
ret = WOLFSSL_FAILURE;
}
else {
ret = CheckIPAddr(&dCert, ipasc);
if (ret != 0) {
ret = WOLFSSL_FAILURE;
}
else {
ret = WOLFSSL_SUCCESS;
}
}
FreeDecodedCert(&dCert);
}
return ret;
}
#endif
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
|| defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
@@ -43095,37 +43163,6 @@ WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *ssl)
#endif /* NO_SESSION_CACHE */ #endif /* NO_SESSION_CACHE */
int wolfSSL_X509_check_host(X509 *x, const char *chk, size_t chklen,
unsigned int flags, char **peername)
{
int ret;
DecodedCert dCert;
WOLFSSL_ENTER("wolfSSL_X509_check_host");
/* flags and peername not needed for Nginx. */
(void)flags;
(void)peername;
if (flags == WOLFSSL_NO_WILDCARDS) {
WOLFSSL_MSG("X509_CHECK_FLAG_NO_WILDCARDS not yet implemented");
return WOLFSSL_FAILURE;
}
InitDecodedCert(&dCert, x->derCert->buffer, x->derCert->length, NULL);
ret = ParseCertRelative(&dCert, CERT_TYPE, 0, NULL);
if (ret != 0) {
FreeDecodedCert(&dCert);
return WOLFSSL_FAILURE;
}
ret = CheckHostName(&dCert, (char *)chk, chklen);
FreeDecodedCert(&dCert);
if (ret != 0)
return WOLFSSL_FAILURE;
return WOLFSSL_SUCCESS;
}
int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a) int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a)
{ {
static char num[16] = { '0', '1', '2', '3', '4', '5', '6', '7', static char num[16] = { '0', '1', '2', '3', '4', '5', '6', '7',

42
tests/api.c
View File

@@ -4290,8 +4290,8 @@ static void test_wolfSSL_UseMaxFragment(void)
#if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) #if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
#else #else
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
#endif #endif
@@ -4332,8 +4332,8 @@ static void test_wolfSSL_UseTruncatedHMAC(void)
#if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) #if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
#ifndef NO_WOLFSSL_SERVER #ifndef NO_WOLFSSL_SERVER
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
#else #else
WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
#endif #endif
@@ -10767,7 +10767,7 @@ static int test_wc_InitCmac (void)
if (ret == BAD_FUNC_ARG) { if (ret == BAD_FUNC_ARG) {
ret = 0; ret = 0;
} else { } else {
ret = SSL_FATAL_ERROR; ret = WOLFSSL_FATAL_ERROR;
} }
} }
@@ -10828,7 +10828,7 @@ static int test_wc_CmacUpdate (void)
if (ret == BAD_FUNC_ARG) { if (ret == BAD_FUNC_ARG) {
ret = 0; ret = 0;
} else if (ret == 0) { } else if (ret == 0) {
ret = SSL_FATAL_ERROR; ret = WOLFSSL_FATAL_ERROR;
} }
} }
@@ -10891,7 +10891,7 @@ static int test_wc_CmacFinal (void)
if (ret == 0) { if (ret == 0) {
ret = wc_CmacFinal(&cmac, mac, &macSz); ret = wc_CmacFinal(&cmac, mac, &macSz);
if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) { if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) {
ret = SSL_FATAL_ERROR; ret = WOLFSSL_FATAL_ERROR;
} }
/* Pass in bad args. */ /* Pass in bad args. */
if (ret == 0) { if (ret == 0) {
@@ -10905,7 +10905,7 @@ static int test_wc_CmacFinal (void)
ret = 0; ret = 0;
} }
} else if (ret == 0) { } else if (ret == 0) {
ret = SSL_FATAL_ERROR; ret = WOLFSSL_FATAL_ERROR;
} }
} }
} }
@@ -10957,7 +10957,7 @@ static int test_wc_AesCmacGenerate (void)
ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz); ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz);
if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) { if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) {
ret = SSL_FATAL_ERROR; ret = WOLFSSL_FATAL_ERROR;
} }
/* Pass in bad args. */ /* Pass in bad args. */
if (ret == 0) { if (ret == 0) {
@@ -10974,7 +10974,7 @@ static int test_wc_AesCmacGenerate (void)
if (ret == BAD_FUNC_ARG) { if (ret == BAD_FUNC_ARG) {
ret = 0; ret = 0;
} else if (ret == 0) { } else if (ret == 0) {
ret = SSL_FATAL_ERROR; ret = WOLFSSL_FATAL_ERROR;
} }
} }
printf(resultFmt, ret == 0 ? passed : failed); printf(resultFmt, ret == 0 ? passed : failed);
@@ -11001,7 +11001,7 @@ static int test_wc_AesCmacGenerate (void)
if (ret == BAD_FUNC_ARG) { if (ret == BAD_FUNC_ARG) {
ret = 0; ret = 0;
} else if (ret == 0) { } else if (ret == 0) {
ret = SSL_FATAL_ERROR; ret = WOLFSSL_FATAL_ERROR;
} }
} }
@@ -29524,6 +29524,25 @@ static void test_wolfSSL_X509_check_ca(void){
#endif #endif
} }
static void test_wolfSSL_X509_check_ip_asc(void){
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
WOLFSSL_X509 *x509;
printf(testingFmt, "wolfSSL_X509_check_ip_asc()");
x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
#if 0
/* TODO: add cert gen for testing positive case */
AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1);
#endif
AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0);
AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0);
wolfSSL_X509_free(x509);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_DC_cert(void) static void test_wolfSSL_DC_cert(void)
{ {
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \ #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
@@ -34943,6 +34962,7 @@ void ApiTest(void)
test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(); test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS();
test_wolfSSL_i2c_ASN1_INTEGER(); test_wolfSSL_i2c_ASN1_INTEGER();
test_wolfSSL_X509_check_ca(); test_wolfSSL_X509_check_ca();
test_wolfSSL_X509_check_ip_asc();
test_wolfSSL_DC_cert(); test_wolfSSL_DC_cert();
test_wolfSSL_DES_ncbc(); test_wolfSSL_DES_ncbc();
test_wolfSSL_AES_cbc_encrypt(); test_wolfSSL_AES_cbc_encrypt();

10
wolfssl/internal.h
View File

@@ -1689,9 +1689,7 @@ WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str); WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str);
#ifndef NO_CERTS #ifndef NO_CERTS
WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain); WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain);
#ifdef OPENSSL_EXTRA WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, const char* ipasc);
WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, char* ipasc);
#endif
#endif #endif
WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl); WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl);
WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz); WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz);
@@ -2705,9 +2703,7 @@ struct WOLFSSL_CTX {
#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
short minEccKeySz; /* minimum ECC key size */ short minEccKeySz; /* minimum ECC key size */
#endif #endif
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)
unsigned long mask; /* store SSL_OP_ flags */ unsigned long mask; /* store SSL_OP_ flags */
#endif
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
byte sessionCtx[ID_LEN]; /* app session context ID */ byte sessionCtx[ID_LEN]; /* app session context ID */
word32 disabledCurves; /* curves disabled by user */ word32 disabledCurves; /* curves disabled by user */
@@ -4243,10 +4239,8 @@ WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */
int type, WOLFSSL* ssl, int userChain, int type, WOLFSSL* ssl, int userChain,
WOLFSSL_CRL* crl, int verify); WOLFSSL_CRL* crl, int verify);
#ifdef OPENSSL_EXTRA WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, const char *domainName,
WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName,
size_t domainNameLen); size_t domainNameLen);
#endif
#endif #endif

1
wolfssl/openssl/ssl.h
View File

@@ -411,6 +411,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_check_private_key wolfSSL_X509_check_private_key #define X509_check_private_key wolfSSL_X509_check_private_key
#define X509_check_ca wolfSSL_X509_check_ca #define X509_check_ca wolfSSL_X509_check_ca
#define X509_check_host wolfSSL_X509_check_host #define X509_check_host wolfSSL_X509_check_host
#define X509_check_ip_asc wolfSSL_X509_check_ip_asc
#define X509_email_free wolfSSL_X509_email_free #define X509_email_free wolfSSL_X509_email_free
#define X509_check_issued wolfSSL_X509_check_issued #define X509_check_issued wolfSSL_X509_check_issued
#define X509_dup wolfSSL_X509_dup #define X509_dup wolfSSL_X509_dup

14
wolfssl/ssl.h
View File

@@ -521,10 +521,10 @@ struct WOLFSSL_X509_STORE {
#endif #endif
}; };
#define WOLFSSL_NO_WILDCARDS 0x4
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
#define WOLFSSL_USE_CHECK_TIME 0x2 #define WOLFSSL_USE_CHECK_TIME 0x2
#define WOLFSSL_NO_CHECK_TIME 0x200000 #define WOLFSSL_NO_CHECK_TIME 0x200000
#define WOLFSSL_NO_WILDCARDS 0x4
#define WOLFSSL_HOST_NAME_MAX 256 #define WOLFSSL_HOST_NAME_MAX 256
#define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */ #define WOLFSSL_MAX_IPSTR 46 /* max ip size IPv4 mapped IPv6 */
struct WOLFSSL_X509_VERIFY_PARAM { struct WOLFSSL_X509_VERIFY_PARAM {
@@ -1603,8 +1603,6 @@ enum {
WOLFSSL_CRL_CHECK = 2, WOLFSSL_CRL_CHECK = 2,
}; };
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
defined(HAVE_WEBSERVER)
/* Separated out from other enums because of size */ /* Separated out from other enums because of size */
enum { enum {
SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001, SSL_OP_MICROSOFT_SESS_ID_BUG = 0x00000001,
@@ -1651,6 +1649,8 @@ enum {
| SSL_OP_TLS_ROLLBACK_BUG), | SSL_OP_TLS_ROLLBACK_BUG),
}; };
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
defined(HAVE_WEBSERVER)
/* for compatibility these must be macros */ /* for compatibility these must be macros */
#define SSL_OP_NO_SSLv2 WOLFSSL_OP_NO_SSLv2 #define SSL_OP_NO_SSLv2 WOLFSSL_OP_NO_SSLv2
#define SSL_OP_NO_SSLv3 WOLFSSL_OP_NO_SSLv3 #define SSL_OP_NO_SSLv3 WOLFSSL_OP_NO_SSLv3
@@ -3763,8 +3763,6 @@ WOLFSSL_API int wolfSSL_SSL_in_connect_init(WOLFSSL*);
#ifndef NO_SESSION_CACHE #ifndef NO_SESSION_CACHE
WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *s); WOLFSSL_API WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *s);
#endif #endif
WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk,
size_t chklen, unsigned int flags, char **peername);
WOLFSSL_API int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp, WOLFSSL_API int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp,
const WOLFSSL_ASN1_INTEGER *a); const WOLFSSL_ASN1_INTEGER *a);
@@ -3830,6 +3828,12 @@ WOLFSSL_API void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s,
WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data, WOLFSSL_API void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data,
unsigned *len); unsigned *len);
#ifndef NO_ASN
WOLFSSL_API int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk,
size_t chklen, unsigned int flags, char **peername);
WOLFSSL_API int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc,
unsigned int flags);
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)