Add hitch support to wolfSSL.

Add support for cipher aliases DHE, EDH and EECDH.

Add define SSL_CTRL_GET_CHAIN_CERTS to help hitch and other programs detect SSL_CTX_get0_chain_certs is supported.

Add wolfSSL_get_locking_callback.

Allow using ECDHE+RSA cipher suites when ECDHE alias is used while in OpenSSL compatibility mode.

Add more alerts for hitch.

SSL_CM should use the CTX's x509_store_pt if available.

Add support for SSL_CERT_FILE and SSL_CERT_DIR.  Load default OpenSSL TLS 1.3 ciphers when using OPENSSL_COMPATIBLE_DEFAULTS.

Use wolfSSL_sk_X509_new_null to allocate WOLFSSL_STACK in wolfSSL_CTX_get_extra_chain_certs.  Previous approach of malloc'ing without setting type/memsetting was leading to a segfault.

Add --enable-hitch.

hitch: Add unit tests for new APIs, fix a couple of issues uncovered by unit testing.

Correct behavior of wolfSSL_BIO_set_mem_buf for BIO_CLOSE/NOCLOSE and update unit test accordingly.

Add Github action test for hitch.

.github/workflows/hitch.yml

@@ -0,0 +1,71 @@
+name: hitch Tests
+
+on:
+  workflow_call:
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL
+    # Just to keep it the same as the testing target
+    runs-on: ubuntu-latest
+    steps:
+      - name: Build wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          path: wolfssl
+          configure: --enable-hitch
+          install: true
+
+      - name: Upload built lib
+        uses: actions/upload-artifact@v3
+        with:
+          name: wolf-install-hitch
+          path: build-dir
+          retention-days: 1
+
+  hitch_check:
+    strategy:
+      fail-fast: false
+      matrix:
+        # List of releases to test
+        ref: [ 1.7.3 ]
+    name: ${{ matrix.ref }}
+    runs-on: ubuntu-latest
+    needs: build_wolfssl
+    steps:
+      - name: Download lib
+        uses: actions/download-artifact@v3
+        with:
+          name: wolf-install-hitch
+          path: build-dir
+
+      - name: Checkout OSP
+        uses: actions/checkout@v3
+        with:
+          # TODO: change to wolfssl repo once merged
+          repository: kareem-wolfssl/osp
+          ref: hitch
+          path: osp
+
+      - name: Build hitch
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: varnish/hitch
+          ref: ${{ matrix.ref }}
+          path: hitch
+          patch-file: $GITHUB_WORKSPACE/osp/hitch/hitch_${{ matrix.ref }}.patch
+          run: |
+            autoreconf -i
+          configure: --with-wolfssl --enable-warnings
+
+      - name: Confirm hitch built with wolfSSL
+        working-directory: ./hitch
+        run: ldd src/hitch | grep wolfssl
+
+      - name: Run hitch tests, skipping 13, 15 and 39
+        run: |
+          for test in ./test*.sh; do
+            if ! [[ "$test" = ./test13* ]] && ! [[ "$test" = ./test15* ]] && ! [[ "$test" = ./test39* ]]; then
+              $test
+            fi
+          done

.github/workflows/main.yml

@@ -30,6 +30,8 @@ jobs:
         uses: ./.github/workflows/nginx.yml
     zephyr:
         uses: ./.github/workflows/zephyr.yml
+    hitch:
+        uses: ./.github/workflows/hitch.yml
 # TODO: Currently this test fails. Enable it once it becomes passing.        
 #    haproxy:
 #        uses: ./.github/workflows/haproxy.yml