Merge pull request #4059 from miyazakh/qt_unit_test

fix qt unit test

src/internal.c

@@ -1873,6 +1873,14 @@ int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
     ctx->noPskDheKe = 1;
 #endif
 
+#if defined(WOLFSSL_QT) && !defined(NO_PSK)
+    /* Qt retrieves supported cipher list at initialization 
+     * from get_cipher_compat().
+     * Qt doesn't allow to use a cipher if it is not in the supported list.
+     * Therefore, we need to enable PSK cipher at the beginning.
+     */
+    ctx->havePSK = 1;
+#endif
     ctx->heap = heap; /* wolfSSL_CTX_load_static_memory sets */
 
 #ifdef HAVE_WOLF_EVENT
@@ -19092,6 +19100,12 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
 #else
 
     int error = (int)e;
+#ifdef OPENSSL_EXTRA
+    /* OpenSSL uses positive error codes */
+    if (error > 0) {
+        error = -error;
+    }
+#endif
 
     /* pass to wolfCrypt */
     if (error < MAX_CODE_E && error > MIN_CODE_E) {

src/ssl.c

@@ -6919,12 +6919,33 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
         /* pass directory read failure to response code */
         if (fileRet != WC_READDIR_NOFILE) {
             ret = fileRet;
+    #if defined(WOLFSSL_QT)
+            if (ret == BAD_PATH_ERROR && 
+                flags & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR) {
+               /* QSslSocket always loads certs in system folder 
+                * when it is initialized.
+                * Compliant with OpenSSL when flag sets.
+                */
+                ret = WOLFSSL_SUCCESS;
+            }
+            else {
+                /* qssl socket wants to know errors. */
+                WOLFSSL_ERROR(ret);
+            }
+    #endif
         }
         /* report failure if no files were loaded or there were failures */
         else if (successCount == 0 || failCount > 0) {
             /* use existing error code if exists */
+    #if defined(WOLFSSL_QT)
+            /* compliant with OpenSSL when flag sets*/
+            if (!(flags & WOLFSSL_LOAD_FLAG_IGNORE_ZEROFILE)) {
+    #endif
             if (ret == WOLFSSL_SUCCESS)
                 ret = WOLFSSL_FAILURE;
+    #if defined(WOLFSSL_QT)
+            }
+    #endif
         }
         else {
             ret = WOLFSSL_SUCCESS;
@@ -18828,6 +18849,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
         }
         ret = DecodeToX509(x509, ssl->session.chain.certs[i].buffer,
                              ssl->session.chain.certs[i].length);
+#if !defined(WOLFSSL_QT)
         if (ret == 0 && i == ssl->session.chain.count-1) {
             /* On the last element in the chain try to add the CA chain
              * first if we have one for this cert */
@@ -18836,6 +18858,9 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
                 ret = WOLFSSL_FATAL_ERROR;
             }
         }
+#else
+        (void)pushCAx509Chain;
+#endif
 
         if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
             WOLFSSL_MSG("Error decoding cert");
@@ -18848,6 +18873,13 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
     if (sk == NULL) {
         WOLFSSL_MSG("Null session chain");
     }
+#if defined(OPENSSL_ALL)
+    else if (ssl->options.side == WOLFSSL_SERVER_END) {
+        /* to be compliant with openssl 
+           first element is kept as peer cert on server side.*/
+        wolfSSL_sk_X509_shift(sk);
+    }
+#endif
     /* This is Free'd when ssl is Free'd */
     ssl->peerCertChain = sk;
     return sk;

tests/api.c

@@ -968,7 +968,9 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
      WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE));
 
 
-#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
+#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \
+  (defined(WOLFSSL_QT) && \
+  !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR))
     /* invalid path */
     AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile),
      WS_RETURN_CODE(BAD_PATH_ERROR,WOLFSSL_FAILURE));
@@ -1313,8 +1315,10 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void)
     #ifdef NO_RSA
     AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
     #else
+    #if !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY)
     AssertIntEQ(ret, ASN_AFTER_DATE_E);
     #endif
+    #endif
 #endif
 
     return ret;
@@ -1991,7 +1995,7 @@ static void test_server_wolfSSL_new(void)
 
     /* invalid context */
     AssertNull(ssl = wolfSSL_new(NULL));
-#ifndef WOLFSSL_SESSION_EXPORT
+#if !defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_QT)
     AssertNull(ssl = wolfSSL_new(ctx_nocert));
 #endif
 

wolfssl/ssl.h

@@ -876,6 +876,10 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*,
 #define WOLFSSL_LOAD_FLAG_IGNORE_ERR    0x00000001
 #define WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY 0x00000002
 #define WOLFSSL_LOAD_FLAG_PEM_CA_ONLY   0x00000004
+#if defined(WOLFSSL_QT)
+#define WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR 0x00000008
+#define WOLFSSL_LOAD_FLAG_IGNORE_ZEROFILE     0x00000010
+#endif
 
 #ifndef WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS
 #define WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS WOLFSSL_LOAD_FLAG_NONE