wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Check underlying error, want only maximum validity period error

Browse Source 
add apple test macros to tests requiring cert manager
This commit is contained in:
Ruby Martin
2025-06-18 08:07:03 -06:00
parent 877bade216
commit d3b30f8d51
2 changed files with 56 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
src/internal.c
View File

@@ -42857,6 +42857,46 @@ static int DisplaySecTrustError(CFErrorRef error, SecTrustRef trust)
return 0;
}
static int MaxValidityPeriodErrorOnly(CFErrorRef error)
{
int multiple = 0;
CFDictionaryRef userInfo = CFErrorCopyUserInfo(error);
if (userInfo) {
/* Get underlying error */
CFTypeRef underlying =
CFDictionaryGetValue(userInfo, kCFErrorUnderlyingErrorKey);
if (underlying) {
/* Get underlying error value*/
CFDictionaryRef underlyingDict =
CFErrorCopyUserInfo((CFErrorRef)underlying);
if (underlyingDict) {
char buffer[512];
CFStringRef values =
CFDictionaryGetValue(underlyingDict,
kCFErrorLocalizedDescriptionKey);
if(CFStringGetCString(values, buffer, sizeof(buffer),
kCFStringEncodingUTF8)) {
if (XSTRSTR(buffer, "Certificate exceeds maximum "
"temporal validity period") &&
(!XSTRSTR(buffer, "Certificate exceeds maximum "
"temporal validity period,") ||
!XSTRSTR(buffer, ", Certificate exceeds maximum "
"temporal validity period"))) {
WOLFSSL_MSG("Maximum validity period error only");
} else {
WOLFSSL_MSG("Found other errors");
multiple = 1;
}
}
CFRelease(underlyingDict);
}
}
CFRelease(userInfo);
}
return multiple;
}
/*
* Validates a chain of certificates using the Apple system trust APIs
*
@@ -42966,8 +43006,14 @@ static int DoAppleNativeCertValidation(WOLFSSL* ssl,
* (See: https://support.apple.com/en-us/103769)
* therefore we should skip over this particular error */
if (code == errSecCertificateValidityPeriodTooLong) {
WOLFSSL_MSG("Skipping certificate validity period error");
ret = 1;
if (MaxValidityPeriodErrorOnly(error)) {
WOLFSSL_MSG("Multiple reasons for validity period error, "
"not skipping");
ret = 0;
} else {
WOLFSSL_MSG("Skipping certificate validity period error");
ret = 1;
}
/* TODO: ensure other errors aren't masked by this error */
}
#endif

10
tests/api.c
View File

@@ -5039,6 +5039,7 @@ static int test_wolfSSL_OtherName(void)
}
#ifdef HAVE_CERT_CHAIN_VALIDATION
#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
static int test_wolfSSL_CertRsaPss(void)
{
EXPECT_DECLS;
@@ -5097,7 +5098,7 @@ static int test_wolfSSL_CertRsaPss(void)
return EXPECT_RESULT();
}
#endif
#endif
static int test_wolfSSL_CTX_load_verify_locations_ex(void)
{
EXPECT_DECLS;
@@ -48425,6 +48426,7 @@ static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz,
#endif
#if !defined(NO_FILESYSTEM)
#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
static int test_RsaSigFailure_cm(void)
{
EXPECT_DECLS;
@@ -48499,7 +48501,7 @@ static int test_EccSigFailure_cm(void)
#endif /* HAVE_ECC */
return EXPECT_RESULT();
}
#endif
#endif /* !NO_FILESYSTEM */
#endif /* NO_CERTS */
@@ -58104,6 +58106,7 @@ static int test_chainJ(WOLFSSL_CERT_MANAGER* cm)
return ret;
}
#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
static int test_various_pathlen_chains(void)
{
EXPECT_DECLS;
@@ -58162,6 +58165,7 @@ static int test_various_pathlen_chains(void)
return EXPECT_RESULT();
}
#endif
#endif /* !NO_RSA && !NO_SHA && !NO_FILESYSTEM && !NO_CERTS */
#if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
@@ -67013,6 +67017,7 @@ static int test_tls_cert_store_unchanged_ssl_ready(WOLFSSL* ssl)
}
#endif
#ifndef WOLFSSL_TEST_NATIVE_CERT_VALIDATION
static int test_tls_cert_store_unchanged(void)
{
EXPECT_DECLS;
@@ -67069,6 +67074,7 @@ static int test_tls_cert_store_unchanged(void)
#endif
return EXPECT_RESULT();
}
#endif
static int test_wolfSSL_SendUserCanceled(void)
{