diff --git a/examples/client/client.c b/examples/client/client.c index f958d6ab8..d8e5c9266 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1729,7 +1729,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) } #ifdef HAVE_CRL - if (disableCRL == 0) { + if (disableCRL == 0 && !useVerifyCb) { #ifdef HAVE_IO_TIMEOUT wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC); #endif diff --git a/scripts/openssl.test b/scripts/openssl.test index 83c2ad084..03800ef74 100755 --- a/scripts/openssl.test +++ b/scripts/openssl.test @@ -216,7 +216,7 @@ do fi # check for psk suite and turn on client psk if so - psk = "" + psk="" case $wolfSuite in *PSK*) psk="-s " ;; diff --git a/src/crl.c b/src/crl.c index 24a5d8a1d..198b0cf91 100755 --- a/src/crl.c +++ b/src/crl.c @@ -318,7 +318,8 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, DecodedCert* cert, int *pFoundEntr RevokedCert* rc = crle->certs; while (rc) { - if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) { + if (rc->serialSz == cert->serialSz && + XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) { WOLFSSL_MSG("Cert revoked"); ret = CRL_CERT_REVOKED; break; diff --git a/src/internal.c b/src/internal.c index ac4136494..bbc818ec4 100755 --- a/src/internal.c +++ b/src/internal.c @@ -13022,7 +13022,7 @@ int SendCertificateStatus(WOLFSSL* ssl) #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap, - DYNAMIC_TYPE_TMP_DCERT); + DYNAMIC_TYPE_DCERT); if (cert == NULL) return MEMORY_E; #endif diff --git a/src/ssl.c b/src/ssl.c index bcbbbf5a2..8e297c4eb 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -5621,6 +5621,7 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, const char* path) { int ret = SSL_SUCCESS; + int fileRet; WOLFSSL_ENTER("wolfSSL_CTX_load_verify_locations"); @@ -5644,16 +5645,21 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, #endif /* try to load each regular file in path */ - ret = wc_ReadDirFirst(readCtx, path, &name); - while (ret == 0 && name) { + fileRet = wc_ReadDirFirst(readCtx, path, &name); + while (fileRet == 0 && name) { ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL); if (ret != SSL_SUCCESS) break; - ret = wc_ReadDirNext(readCtx, path, &name); + fileRet = wc_ReadDirNext(readCtx, path, &name); } wc_ReadDirClose(readCtx); + /* pass directory read failure to response code */ + if (ret == SSL_SUCCESS && fileRet != -1) { + ret = fileRet; + } + #ifdef WOLFSSL_SMALL_STACK XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_DIRCTX); #endif diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 2104ace74..3345e0f55 100755 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -197,9 +197,10 @@ int wolfCrypt_Cleanup(void) #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) /* File Handling Helpers */ +/* returns 0 if file found, -1 if no files or negative error */ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name) { - int ret = 0; + int ret = -1; /* default to no files found */ if (name) *name = NULL; @@ -258,9 +259,10 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name) return ret; } +/* returns 0 if file found, -1 if no more files */ int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name) { - int ret = -1; + int ret = -1; /* default to no file found */ if (name) *name = NULL;