From a00eaeb877d092e1fdc7468d53f7930c98e3ebca Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 4 Jan 2019 13:16:47 -0700 Subject: [PATCH 1/2] add ocsp stapling test and initialize values --- scripts/ocsp-stapling.test | 27 +++++++++++++++++++++++++++ src/internal.c | 3 +++ 2 files changed, 30 insertions(+) diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test index 11b0c41a3..a314f21a4 100755 --- a/scripts/ocsp-stapling.test +++ b/scripts/ocsp-stapling.test @@ -178,6 +178,33 @@ if [ ! -z "$size" ]; then printf 'OK\n' fi +# test interop fail case +ready_file=`pwd`/wolf_ocsp_readyF$$ +printf '%s\n' "ready file: $ready_file" +./examples/server/server -o -R $ready_file & +wolf_pid=$! +wait_for_readyFile $ready_file +if [ ! -f $ready_file ]; then + printf '%s\n' "Failed to create ready file: \"$ready_file\"" + exit 1 +else + # should fail if ocspstapling is also enabled + RPORTSELECTED=`cat $ready_file` + echo "hi" | openssl s_client -status -connect 127.0.0.1:${RPORTSELECTED} -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem + if [ $? -eq 0 ]; then + printf '%s\n' "Succeeded when should have failed" + remove_single_rF $ready_file + exit 1 + fi + remove_single_rF $ready_file + wait $wolf_pid + if [ $? -ne 1 ]; then + printf '%s\n' "wolfSSL server unexpected fail value" + exit 1 + fi +fi + + # create a port 0 port to use with openssl ocsp responder ./examples/server/server -R $ready_file -p $resume_port & wait_for_readyFile $ready_file diff --git a/src/internal.c b/src/internal.c index 9a88638e8..a76d664dd 100644 --- a/src/internal.c +++ b/src/internal.c @@ -14168,6 +14168,9 @@ static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, { int ret; + if (request != NULL) + XMEMSET(request, 0, sizeof(OcspRequest)); + InitDecodedCert(cert, certData, length, ssl->heap); /* TODO: Setup async support here */ ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, ssl->ctx->cm); From 26ae39a2170b924049bf670c1884bcb84a901b57 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 4 Jan 2019 13:22:34 -0700 Subject: [PATCH 2/2] check if secure renegotiation struct available --- src/internal.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/internal.c b/src/internal.c index a76d664dd..bc9c6a255 100644 --- a/src/internal.c +++ b/src/internal.c @@ -23594,7 +23594,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions); if (ret != WOLFSSL_SUCCESS) return ret; - ssl->secure_renegotiation->enabled = 1; + if (ssl->secure_renegotiation) + ssl->secure_renegotiation->enabled = 1; } #endif /* HAVE_SERVER_RENEGOTIATION_INFO */