mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-29 18:27:29 +02:00
Merge pull request #8903 from dgarske/cadate_calist
Expose API to access "store" error code and depth for cert failure callback
This commit is contained in:
Daniel Pouzzner
GitHub
9
.github/workflows/os-check.yml
vendored
9
.github/workflows/os-check.yml
vendored
@ -41,16 +41,21 @@ jobs:
|
|||||||
'--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
|
'--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
|
||||||
--enable-dtls-mtu',
|
--enable-dtls-mtu',
|
||||||
'--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
|
'--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
|
||||||
--enable-psk --enable-aesccm --enable-nullcipher CPPFLAGS=-DWOLFSSL_STATIC_RSA',
|
--enable-psk --enable-aesccm --enable-nullcipher
|
||||||
|
CPPFLAGS=-DWOLFSSL_STATIC_RSA',
|
||||||
'--enable-ascon --enable-experimental',
|
'--enable-ascon --enable-experimental',
|
||||||
'--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL --enable-experimental',
|
'--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL --enable-experimental',
|
||||||
'--enable-all CPPFLAGS=''-DNO_AES_192 -DNO_AES_256'' ',
|
'--enable-all CPPFLAGS=''-DNO_AES_192 -DNO_AES_256'' ',
|
||||||
'--enable-sniffer --enable-curve25519 --enable-curve448 --enable-enckeys CFLAGS=-DWOLFSSL_DH_EXTRA',
|
'--enable-sniffer --enable-curve25519 --enable-curve448 --enable-enckeys
|
||||||
|
CPPFLAGS=-DWOLFSSL_DH_EXTRA',
|
||||||
'--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
|
'--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
|
||||||
--enable-dtls-mtu CPPFLAGS=-DWOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS',
|
--enable-dtls-mtu CPPFLAGS=-DWOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS',
|
||||||
'--enable-opensslall --enable-opensslextra CPPFLAGS=-DWC_RNG_SEED_CB',
|
'--enable-opensslall --enable-opensslextra CPPFLAGS=-DWC_RNG_SEED_CB',
|
||||||
'--enable-opensslall --enable-opensslextra
|
'--enable-opensslall --enable-opensslextra
|
||||||
CPPFLAGS=''-DWC_RNG_SEED_CB -DWOLFSSL_NO_GETPID'' ',
|
CPPFLAGS=''-DWC_RNG_SEED_CB -DWOLFSSL_NO_GETPID'' ',
|
||||||
|
'--enable-opensslextra CPPFLAGS=''-DWOLFSSL_NO_CA_NAMES'' ',
|
||||||
|
'--enable-opensslextra=x509small',
|
||||||
|
'CPPFLAGS=''-DWOLFSSL_EXTRA'' '
|
||||||
]
|
]
|
||||||
name: make check
|
name: make check
|
||||||
if: github.repository_owner == 'wolfssl'
|
if: github.repository_owner == 'wolfssl'
|
||||||
|
|||||||
@ -2905,7 +2905,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
|
|||||||
defined(WOLFSSL_WPAS_SMALL)
|
defined(WOLFSSL_WPAS_SMALL)
|
||||||
wolfSSL_X509_STORE_free(ctx->x509_store_pt);
|
wolfSSL_X509_STORE_free(ctx->x509_store_pt);
|
||||||
#endif
|
#endif
|
||||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY)
|
#ifndef WOLFSSL_NO_CA_NAMES
|
||||||
wolfSSL_sk_X509_NAME_pop_free(ctx->client_ca_names, NULL);
|
wolfSSL_sk_X509_NAME_pop_free(ctx->client_ca_names, NULL);
|
||||||
ctx->client_ca_names = NULL;
|
ctx->client_ca_names = NULL;
|
||||||
#endif
|
#endif
|
||||||
@ -8784,7 +8784,7 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl)
|
|||||||
wolfSSL_sk_X509_pop_free(ssl->ourCertChain, NULL);
|
wolfSSL_sk_X509_pop_free(ssl->ourCertChain, NULL);
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY)
|
#ifndef WOLFSSL_NO_CA_NAMES
|
||||||
wolfSSL_sk_X509_NAME_pop_free(ssl->client_ca_names, NULL);
|
wolfSSL_sk_X509_NAME_pop_free(ssl->client_ca_names, NULL);
|
||||||
ssl->client_ca_names = NULL;
|
ssl->client_ca_names = NULL;
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@ -12163,7 +12163,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||||||
#endif /* !NO_BIO */
|
#endif /* !NO_BIO */
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
|
|
||||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
|
#ifndef WOLFSSL_NO_CA_NAMES
|
||||||
void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx,
|
void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx,
|
||||||
WOLF_STACK_OF(WOLFSSL_X509_NAME)* names)
|
WOLF_STACK_OF(WOLFSSL_X509_NAME)* names)
|
||||||
{
|
{
|
||||||
@ -12184,8 +12184,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||||||
ssl->client_ca_names = names;
|
ssl->client_ca_names = names;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
/* registers client cert callback, called during handshake if server
|
/* registers client cert callback, called during handshake if server
|
||||||
requests client auth but user has not loaded client cert/key */
|
requests client auth but user has not loaded client cert/key */
|
||||||
void wolfSSL_CTX_set_client_cert_cb(WOLFSSL_CTX *ctx, client_cert_cb cb)
|
void wolfSSL_CTX_set_client_cert_cb(WOLFSSL_CTX *ctx, client_cert_cb cb)
|
||||||
@ -12397,9 +12398,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
|
|
||||||
#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA || HAVE_WEBSERVER */
|
|
||||||
|
|
||||||
#ifndef WOLFSSL_NO_CA_NAMES
|
#ifndef WOLFSSL_NO_CA_NAMES
|
||||||
WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list(
|
WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list(
|
||||||
|
|||||||
@ -577,33 +577,15 @@ exit:
|
|||||||
|
|
||||||
#endif /* OPENSSL_EXTRA */
|
#endif /* OPENSSL_EXTRA */
|
||||||
|
|
||||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
|
WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
|
||||||
WOLFSSL_X509_STORE_CTX* ctx)
|
WOLFSSL_X509_STORE_CTX* ctx)
|
||||||
{
|
{
|
||||||
WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_current_cert");
|
WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_current_cert");
|
||||||
if (ctx)
|
if (ctx)
|
||||||
return ctx->current_cert;
|
return ctx->current_cert;
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX* ctx)
|
|
||||||
{
|
|
||||||
WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error");
|
|
||||||
if (ctx != NULL)
|
|
||||||
return ctx->error;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* ctx)
|
|
||||||
{
|
|
||||||
WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error_depth");
|
|
||||||
if(ctx)
|
|
||||||
return ctx->error_depth;
|
|
||||||
return WOLFSSL_FATAL_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* get X509_STORE_CTX ex_data, max idx is MAX_EX_DATA */
|
/* get X509_STORE_CTX ex_data, max idx is MAX_EX_DATA */
|
||||||
void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
|
void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
|
||||||
@ -619,7 +601,27 @@ void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
|
|||||||
#endif
|
#endif
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
||||||
|
|
||||||
|
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
|
||||||
|
defined(WOLFSSL_EXTRA)
|
||||||
|
int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX* ctx)
|
||||||
|
{
|
||||||
|
WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error");
|
||||||
|
if (ctx != NULL)
|
||||||
|
return ctx->error;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* ctx)
|
||||||
|
{
|
||||||
|
WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error_depth");
|
||||||
|
if (ctx)
|
||||||
|
return ctx->error_depth;
|
||||||
|
return WOLFSSL_FATAL_ERROR;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef OPENSSL_EXTRA
|
#ifdef OPENSSL_EXTRA
|
||||||
void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx,
|
void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx,
|
||||||
|
|||||||
@ -28110,7 +28110,8 @@ static int test_wolfSSL_CTX_set_client_CA_list(void)
|
|||||||
static int test_wolfSSL_CTX_add_client_CA(void)
|
static int test_wolfSSL_CTX_add_client_CA(void)
|
||||||
{
|
{
|
||||||
EXPECT_DECLS;
|
EXPECT_DECLS;
|
||||||
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
|
#if !defined(WOLFSSL_NO_CA_NAMES) && defined(OPENSSL_EXTRA) && \
|
||||||
|
!defined(NO_RSA) && !defined(NO_CERTS) && \
|
||||||
!defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT)
|
!defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT)
|
||||||
WOLFSSL_CTX* ctx = NULL;
|
WOLFSSL_CTX* ctx = NULL;
|
||||||
WOLFSSL_X509* x509 = NULL;
|
WOLFSSL_X509* x509 = NULL;
|
||||||
@ -38569,7 +38570,7 @@ static int test_wolfSSL_cert_cb_dyn_ciphers(void)
|
|||||||
static int test_wolfSSL_ciphersuite_auth(void)
|
static int test_wolfSSL_ciphersuite_auth(void)
|
||||||
{
|
{
|
||||||
EXPECT_DECLS;
|
EXPECT_DECLS;
|
||||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
|
#if defined(OPENSSL_EXTRA)
|
||||||
WOLFSSL_CIPHERSUITE_INFO info;
|
WOLFSSL_CIPHERSUITE_INFO info;
|
||||||
|
|
||||||
(void)info;
|
(void)info;
|
||||||
@ -38659,7 +38660,7 @@ static int test_wolfSSL_ciphersuite_auth(void)
|
|||||||
static int test_wolfSSL_sigalg_info(void)
|
static int test_wolfSSL_sigalg_info(void)
|
||||||
{
|
{
|
||||||
EXPECT_DECLS;
|
EXPECT_DECLS;
|
||||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
|
#if defined(OPENSSL_EXTRA)
|
||||||
byte hashSigAlgo[WOLFSSL_MAX_SIGALGO];
|
byte hashSigAlgo[WOLFSSL_MAX_SIGALGO];
|
||||||
word16 len = 0;
|
word16 len = 0;
|
||||||
word16 idx = 0;
|
word16 idx = 0;
|
||||||
|
|||||||
@ -1086,13 +1086,17 @@
|
|||||||
|
|
||||||
#undef WSSL_HARDEN_TLS
|
#undef WSSL_HARDEN_TLS
|
||||||
|
|
||||||
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_LIGHTY)
|
/* Client CA Names feature */
|
||||||
#define SSL_CA_NAMES(ssl) ((ssl)->client_ca_names != NULL ? (ssl)->client_ca_names : \
|
#if !defined(WOLFSSL_NO_CA_NAMES) && defined(OPENSSL_EXTRA)
|
||||||
|
#define SSL_CA_NAMES(ssl) ((ssl)->client_ca_names != NULL ? \
|
||||||
|
(ssl)->client_ca_names : \
|
||||||
(ssl)->ctx->client_ca_names)
|
(ssl)->ctx->client_ca_names)
|
||||||
#else
|
#else
|
||||||
#define WOLFSSL_NO_CA_NAMES
|
#undef WOLFSSL_NO_CA_NAMES
|
||||||
|
#define WOLFSSL_NO_CA_NAMES
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
||||||
/* actual cipher values, 2nd byte */
|
/* actual cipher values, 2nd byte */
|
||||||
enum {
|
enum {
|
||||||
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16,
|
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16,
|
||||||
|
|||||||
@ -1841,6 +1841,12 @@ WOLFSSL_API const char* wolfSSL_ERR_func_error_string(unsigned long e);
|
|||||||
WOLFSSL_API const char* wolfSSL_ERR_lib_error_string(unsigned long e);
|
WOLFSSL_API const char* wolfSSL_ERR_lib_error_string(unsigned long e);
|
||||||
|
|
||||||
/* -------- EXTRAS BEGIN -------- */
|
/* -------- EXTRAS BEGIN -------- */
|
||||||
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
|
||||||
|
defined(WOLFSSL_EXTRA)
|
||||||
|
WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX* ctx);
|
||||||
|
WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* ctx);
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio);
|
WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio);
|
||||||
|
|
||||||
@ -2144,9 +2150,6 @@ WOLFSSL_API int wolfSSL_num_locks(void);
|
|||||||
|
|
||||||
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
|
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
|
||||||
WOLFSSL_X509_STORE_CTX* ctx);
|
WOLFSSL_X509_STORE_CTX* ctx);
|
||||||
WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX* ctx);
|
|
||||||
WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* ctx);
|
|
||||||
|
|
||||||
WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx,
|
WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx,
|
||||||
WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
|
WOLFSSL_X509_STORE_CTX_verify_cb verify_cb);
|
||||||
WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st,
|
WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st,
|
||||||
@ -2407,6 +2410,8 @@ WOLFSSL_API void wolfSSL_ASN1_TIME_free(WOLFSSL_ASN1_TIME* t);
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname);
|
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname);
|
||||||
|
|
||||||
|
#ifndef WOLFSSL_NO_CA_NAMES
|
||||||
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list(
|
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list(
|
||||||
const WOLFSSL_CTX *ctx);
|
const WOLFSSL_CTX *ctx);
|
||||||
/* deprecated function name */
|
/* deprecated function name */
|
||||||
@ -2418,6 +2423,7 @@ WOLFSSL_API void wolfSSL_set_client_CA_list(WOLFSSL* ssl,
|
|||||||
WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
|
WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
|
||||||
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list(
|
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list(
|
||||||
const WOLFSSL* ssl);
|
const WOLFSSL* ssl);
|
||||||
|
#endif /* !WOLFSSL_NO_CA_NAMES */
|
||||||
|
|
||||||
typedef int (*client_cert_cb)(WOLFSSL *ssl, WOLFSSL_X509 **x509,
|
typedef int (*client_cert_cb)(WOLFSSL *ssl, WOLFSSL_X509 **x509,
|
||||||
WOLFSSL_EVP_PKEY **pkey);
|
WOLFSSL_EVP_PKEY **pkey);
|
||||||
|
|||||||
@ -2467,14 +2467,14 @@ static THREAD_LS_T int myVerifyAction = VERIFY_OVERRIDE_ERROR;
|
|||||||
static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
|
static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
|
||||||
{
|
{
|
||||||
char err_buffer[WOLFSSL_MAX_ERROR_SZ];
|
char err_buffer[WOLFSSL_MAX_ERROR_SZ];
|
||||||
|
int err;
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
WOLFSSL_X509* peer;
|
WOLFSSL_X509* peer;
|
||||||
#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) && \
|
#endif
|
||||||
!defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS) && !defined(NO_FILESYSTEM)
|
||||||
WOLFSSL_BIO* bio = NULL;
|
WOLFSSL_BIO* bio = NULL;
|
||||||
WOLFSSL_STACK* sk = NULL;
|
WOLFSSL_STACK* sk = NULL;
|
||||||
X509* x509 = NULL;
|
X509* x509 = NULL;
|
||||||
#endif
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Verify Callback Arguments:
|
/* Verify Callback Arguments:
|
||||||
@ -2492,10 +2492,17 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
|
|||||||
will be discarded (only with SESSION_CERTS)
|
will be discarded (only with SESSION_CERTS)
|
||||||
*/
|
*/
|
||||||
|
|
||||||
fprintf(stderr, "In verification callback, error = %d, %s\n", store->error,
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
|
||||||
wolfSSL_ERR_error_string((unsigned long) store->error, err_buffer));
|
defined(WOLFSSL_EXTRA)
|
||||||
|
err = wolfSSL_X509_STORE_CTX_get_error(store);
|
||||||
|
#else
|
||||||
|
err = store->error;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
fprintf(stderr, "In verification callback, error = %d, %s\n", err,
|
||||||
|
wolfSSL_ERR_error_string((unsigned long) err, err_buffer));
|
||||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||||
peer = store->current_cert;
|
peer = wolfSSL_X509_STORE_CTX_get_current_cert(store);
|
||||||
if (peer) {
|
if (peer) {
|
||||||
char* issuer = wolfSSL_X509_NAME_oneline(
|
char* issuer = wolfSSL_X509_NAME_oneline(
|
||||||
wolfSSL_X509_get_issuer_name(peer), 0, 0);
|
wolfSSL_X509_get_issuer_name(peer), 0, 0);
|
||||||
@ -2515,8 +2522,7 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store)
|
|||||||
|
|
||||||
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
|
XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
|
||||||
XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
|
XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL);
|
||||||
#if defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) && \
|
#if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS) && !defined(NO_FILESYSTEM)
|
||||||
!defined(OPENSSL_EXTRA_X509_SMALL)
|
|
||||||
/* avoid printing duplicate certs */
|
/* avoid printing duplicate certs */
|
||||||
if (store->depth == 1) {
|
if (store->depth == 1) {
|
||||||
int i;
|
int i;
|
||||||
|
|||||||
@ -54,9 +54,18 @@ public class wolfSSL_TLS_Client
|
|||||||
/// <param name="x509_ctx">Certificate in WOLFSSL_X509_STORE_CTX format</param>
|
/// <param name="x509_ctx">Certificate in WOLFSSL_X509_STORE_CTX format</param>
|
||||||
private static int myVerify(int preverify, IntPtr x509_ctx)
|
private static int myVerify(int preverify, IntPtr x509_ctx)
|
||||||
{
|
{
|
||||||
/* Use the provided verification */
|
int verify = preverify;
|
||||||
|
|
||||||
|
/* example for overriding an error code */
|
||||||
|
/* X509_STORE_CTX_get_error API can be enabled with
|
||||||
|
* OPENSSL_EXTRA_X509_SMALL or WOLFSSL_EXTRA */
|
||||||
|
int error = wolfssl.X509_STORE_CTX_get_error(x509_ctx);
|
||||||
|
if (error == wolfcrypt.ASN_BEFORE_DATE_E) {
|
||||||
|
verify = 1; /* override error */
|
||||||
|
}
|
||||||
|
|
||||||
/* Can optionally override failures by returning non-zero value */
|
/* Can optionally override failures by returning non-zero value */
|
||||||
return preverify;
|
return verify;
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -90,7 +99,7 @@ public class wolfSSL_TLS_Client
|
|||||||
|
|
||||||
if (caCert == "" || dhparam.Length == 0) {
|
if (caCert == "" || dhparam.Length == 0) {
|
||||||
Console.WriteLine("Platform not supported.");
|
Console.WriteLine("Platform not supported.");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
StringBuilder buff = new StringBuilder(1024);
|
StringBuilder buff = new StringBuilder(1024);
|
||||||
@ -133,14 +142,14 @@ public class wolfSSL_TLS_Client
|
|||||||
}
|
}
|
||||||
|
|
||||||
int sniArg = haveSNI(args);
|
int sniArg = haveSNI(args);
|
||||||
if (sniArg >= 0)
|
if (sniArg >= 0)
|
||||||
{
|
{
|
||||||
string sniHostNameString = args[sniArg].Trim();
|
string sniHostNameString = args[sniArg].Trim();
|
||||||
sniHostName = Marshal.StringToHGlobalAnsi(sniHostNameString);
|
sniHostName = Marshal.StringToHGlobalAnsi(sniHostNameString);
|
||||||
|
|
||||||
ushort size = (ushort)sniHostNameString.Length;
|
ushort size = (ushort)sniHostNameString.Length;
|
||||||
|
|
||||||
if (wolfssl.CTX_UseSNI(ctx, (byte)wolfssl.WOLFSSL_SNI_HOST_NAME, sniHostName, size) != wolfssl.SUCCESS)
|
if (wolfssl.CTX_UseSNI(ctx, (byte)wolfssl.WOLFSSL_SNI_HOST_NAME, sniHostName, size) != wolfssl.SUCCESS)
|
||||||
{
|
{
|
||||||
Console.WriteLine("UseSNI failed");
|
Console.WriteLine("UseSNI failed");
|
||||||
wolfssl.CTX_free(ctx);
|
wolfssl.CTX_free(ctx);
|
||||||
|
|||||||
@ -566,11 +566,29 @@ namespace wolfSSL.CSharp
|
|||||||
public static readonly int AES_BLOCK_SIZE = 16;
|
public static readonly int AES_BLOCK_SIZE = 16;
|
||||||
|
|
||||||
/* Error codes */
|
/* Error codes */
|
||||||
public static readonly int SUCCESS = 0;
|
public static readonly int SUCCESS = 0;
|
||||||
public static readonly int SIG_VERIFY_E = -229; /* wolfcrypt signature verify error */
|
public static readonly int EXCEPTION_E = -1;
|
||||||
public static readonly int MEMORY_E = -125; /* Out of memory error */
|
public static readonly int MEMORY_E = -125; /* Out of memory error */
|
||||||
public static readonly int EXCEPTION_E = -1;
|
public static readonly int BUFFER_E = -131; /* RSA buffer error, output too small/large */
|
||||||
public static readonly int BUFFER_E = -131; /* RSA buffer error, output too small/large */
|
public static readonly int ASN_PARSE_E = -140; /* ASN parsing error, invalid input */
|
||||||
|
public static readonly int ASN_VERSION_E = -141; /* ASN version error, invalid number */
|
||||||
|
public static readonly int ASN_GETINT_E = -142; /* ASN get big int error, invalid data */
|
||||||
|
public static readonly int ASN_RSA_KEY_E = -143; /* ASN key init error, invalid input */
|
||||||
|
public static readonly int ASN_OBJECT_ID_E = -144; /* ASN object id error, invalid id */
|
||||||
|
public static readonly int ASN_TAG_NULL_E = -145; /* ASN tag error, not null */
|
||||||
|
public static readonly int ASN_EXPECT_0_E = -146; /* ASN expect error, not zero */
|
||||||
|
public static readonly int ASN_BITSTR_E = -147; /* ASN bit string error, wrong id */
|
||||||
|
public static readonly int ASN_UNKNOWN_OID_E = -148; /* ASN oid error, unknown sum id */
|
||||||
|
public static readonly int ASN_DATE_SZ_E = -149; /* ASN date error, bad size */
|
||||||
|
public static readonly int ASN_BEFORE_DATE_E = -150; /* ASN date error, current date before */
|
||||||
|
public static readonly int ASN_AFTER_DATE_E = -151; /* ASN date error, current date after */
|
||||||
|
public static readonly int ASN_SIG_OID_E = -152; /* ASN signature error, mismatched oid */
|
||||||
|
public static readonly int ASN_TIME_E = -153; /* ASN time error, unknown time type */
|
||||||
|
public static readonly int ASN_INPUT_E = -154; /* ASN input error, not enough data */
|
||||||
|
public static readonly int ASN_SIG_CONFIRM_E = -155; /* ASN sig error, confirm failure */
|
||||||
|
public static readonly int ASN_SIG_HASH_E = -156; /* ASN sig error, unsupported hash type */
|
||||||
|
public static readonly int ASN_SIG_KEY_E = -157; /* ASN sig error, unsupported key type */
|
||||||
|
public static readonly int SIG_VERIFY_E = -229; /* wolfcrypt signature verify error */
|
||||||
|
|
||||||
|
|
||||||
/***********************************************************************
|
/***********************************************************************
|
||||||
|
|||||||
Reference in New Issue
Block a user