Fix tests when building with PEM support disabled by using DER certs/keys.

2026-01-29 20:22:13 +01:00 · 2025-09-12 16:08:05 -07:00
parent a216ea170c
commit ec92f76dec
11 changed files with 414 additions and 188 deletions
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -2221,7 +2221,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #ifdef HAVE_RPK
    int useRPK = 0;
 #endif /* HAVE_RPK */
+#ifdef WOLFSSL_PEM_TO_DER
    int fileFormat = WOLFSSL_FILETYPE_PEM;
+#else
+    int fileFormat = WOLFSSL_FILETYPE_ASN1;
+#endif
 #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
    const char * policy = NULL;
 #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -105,6 +105,11 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
    int    argc = ((func_args*)args)->argc;
    char** argv = ((func_args*)args)->argv;
    char   buffer[WOLFSSL_MAX_ERROR_SZ];
+#ifdef WOLFSSL_PEM_TO_DER
+    int filetype = WOLFSSL_FILETYPE_PEM;
+#else
+    int filetype = WOLFSSL_FILETYPE_ASN1;
+#endif
 #ifdef HAVE_TEST_SESSION_TICKET
    MyTicketCtx myTicketCtx;
 #endif
@@ -180,12 +185,12 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
    if (doPSK == 0) {
    #if defined(HAVE_ECC) && !defined(WOLFSSL_SNIFFER)
        /* ecc */
-        if (wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, filetype)
                != WOLFSSL_SUCCESS)
            err_sys("can't load server cert file, "
                    "Please run from wolfSSL home dir");

-        if (wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, filetype)
                != WOLFSSL_SUCCESS)
            err_sys("can't load server key file, "
                    "Please run from wolfSSL home dir");
@@ -196,7 +201,7 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
            err_sys("can't load server cert file, "
                    "Please run from wolfSSL home dir");

-        if (wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, filetype)
                != WOLFSSL_SUCCESS)
            err_sys("can't load server key file, "
                    "Please run from wolfSSL home dir");
@@ -208,19 +213,19 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
                    "Please run from wolfSSL home dir");

        if (wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
-                WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
+                filetype) != WOLFSSL_SUCCESS)
            err_sys("can't load server key file, "
                    "Please run from wolfSSL home dir");
    #elif defined(NO_CERTS)
        /* do nothing, just don't load cert files */
    #else
        /* normal */
-        if (wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, filetype)
                != WOLFSSL_SUCCESS)
            err_sys("can't load server cert file, "
                    "Please run from wolfSSL home dir");

-        if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, filetype)
                != WOLFSSL_SUCCESS)
            err_sys("can't load server key file, "
                    "Please run from wolfSSL home dir");
@@ -309,7 +314,7 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
        if (ssl == NULL) err_sys("SSL_new failed");
        wolfSSL_set_fd(ssl, clientfd);
        #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
-            wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
+            wolfSSL_SetTmpDH_file(ssl, dhParamFile, filetype);
        #elif !defined(NO_DH)
            SetDH(ssl);  /* will repick suites with DHE, higher than PSK */
        #endif
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -2771,7 +2771,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
    wolfSSL_CTX_set_TicketEncCtx(ctx, &myTicketCtx);
 #endif

-#if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_STATIC_EPHEMERAL)
+#if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_STATIC_EPHEMERAL) && \
+    defined(WOLFSSL_PEM_TO_DER)
    /* used for testing only to set a static/fixed ephemeral key
        for use with the sniffer */
 #if defined(HAVE_ECC) && !defined(NO_ECC_SECP) && \
@@ -2804,7 +2805,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
        err_sys_ex(runWithErrors, "error loading static X25519 key");
    }
 #endif
-#endif /* WOLFSSL_SNIFFER && WOLFSSL_STATIC_EPHEMERAL */
+#endif /* WOLFSSL_SNIFFER && WOLFSSL_STATIC_EPHEMERAL && WOLFSSL_PEM_TO_DER */

    if (cipherList && !useDefCipherList) {
        if (SSL_CTX_set_cipher_list(ctx, cipherList) != WOLFSSL_SUCCESS)
@@ -2849,8 +2850,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
            err_sys_ex(catastrophic, "can't load server cert buffer");
    #elif !defined(TEST_LOAD_BUFFER)
+        #if defined(WOLFSSL_PEM_TO_DER)
        if (SSL_CTX_use_certificate_chain_file(ctx, ourCert)
                                         != WOLFSSL_SUCCESS)
+        #else
+        if (wolfSSL_CTX_use_certificate_chain_file_format(ctx, ourCert,
+                WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
+        #endif
            err_sys_ex(catastrophic, "can't load server cert file, check file "
                       "and run from wolfSSL home dir");
    #else
@@ -2892,8 +2898,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
            sizeof_server_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
            err_sys_ex(catastrophic, "can't load server private key buffer");
    #elif !defined(TEST_LOAD_BUFFER)
+        #if defined(WOLFSSL_PEM_TO_DER)
        if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM)
                                         != WOLFSSL_SUCCESS)
+        #else
+        if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_ASN1)
+                                         != WOLFSSL_SUCCESS)
+        #endif
            err_sys_ex(catastrophic, "can't load server private key file, "
                       "check file and run from wolfSSL home dir");
        #ifdef WOLFSSL_DUAL_ALG_CERTS