Commit Graph

18 Commits

Author SHA1 Message Date
Tobias Frauenschläger 1093a36bc3 Fix flaky tcp bind on Windows test runs
Windows test code pre-picked a random port via GetRandomPort() (returning
a value in [49152, 65535]) before calling bind(), with no check that the
port was free and no retry on collision. Under load this occasionally
collided with an already-bound port and aborted the test with
"tcp bind failed", producing intermittent Jenkins failures (e.g. PRB
windows-test-v2 #17140 in the OCSP responder test).

The Unix path already does the right thing: bind to port 0 (OS-assigned
ephemeral) and read the port back via getsockname(). The same primitives
exist in Winsock 1.1, so drop the USE_WINDOWS_API guard around the
getsockname block in tcp_listen()/udp_accept() and remove the per-caller
GetRandomPort() workarounds in the OCSP responder, server example, and
the api.c / test_ossl_bio.c test sites. socklen_t is already typedef'd
as int on Windows in test.h.

GetRandomPort() itself is left in place since it is a static inline in a
shipped public test header.
2026-05-04 10:35:04 +02:00
Juliusz Sosinowicz 829fbbc702 Fix namespace collision on CRL reasons 2026-04-01 14:00:27 +02:00
Eric Blankenhorn 1d1d8ff41e Fix OCSP tests to use Alloc/FreeDer 2026-03-24 07:41:40 -05:00
Ruby Martin 2ca2781756 reallocate tmp buffer with space for null terminator 2026-03-13 17:28:00 -06:00
Ruby Martin 5d54d8a488 init caCert before function can error out 2026-03-13 11:57:24 -06:00
Juliusz Sosinowicz 4fbc81916c Address final comments from #9761
- Fix line length
- Remove duplicate comment
- Check return of `wc_HashGetDigestSize`
- Use constant instead of magic number
2026-03-12 12:30:13 +01:00
Juliusz Sosinowicz c920d2882c Restore body size calculation and add comment 2026-03-11 12:46:22 +01:00
Juliusz Sosinowicz 5a4c63423b Address code review 2026-03-11 12:28:11 +01:00
Juliusz Sosinowicz 6bb122d29f Address copilot review 2026-03-11 11:08:44 +01:00
Juliusz Sosinowicz 6fc83e292b Address code review 2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz 9015ae9e17 Return unknown information inside of Basic Responde 2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz 00c6436cce Refactor date parsing 2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz cec611987a fixup! Implement OCSP responder 2026-03-11 10:21:17 +01:00
Juliusz Sosinowicz fcd6c4f203 Enhance OCSP responder error handling for serial validation and HTTP response truncation 2026-03-11 10:21:16 +01:00
Juliusz Sosinowicz 931d056688 Add stapling to test scripts/ocsp-stapling-with-wolfssl-responder.test 2026-03-11 10:21:16 +01:00
Juliusz Sosinowicz 9a9eb2bf1d Add ocsp responder test to testsuite.c and tested on windows 2026-03-11 10:21:16 +01:00
Juliusz Sosinowicz a795b19db2 Implement copilot suggestions 2026-03-11 10:21:16 +01:00
Juliusz Sosinowicz 4578e1390f Implement OCSP responder
OCSP Responder Core API:

- Add new public API for creating and managing an OCSP responder
- Add public wrappers for internal OCSP request/response functions
- OcspRespCheck: fix check when authorized responder is loaded into CM

Header Cleanup:

- Remove circular dependency when including `#include <wolfssl/wolfcrypt/asn.h>` from wolfssl/wolfcrypt/ecc.h and wolfssl/wolfcrypt/rsa.h

OCSP Responder Example (examples/ocsp_responder/):

- Add a command-line OCSP responder for interoperability testing with OpenSSL's `openssl ocsp` client

Test Scripts (scripts/):

- ocsp-responder-openssl-interop.test: Tests wolfSSL OCSP responder with `openssl ocsp` client
- ocsp-stapling-with-wolfssl-responder.test: Tests wolfSSL OCSP responder when doing OCSP stapling

Certificate Infrastructure (certs/ocsp/):

- Add DER-format certificates and keys for OCSP testing
- Update renewcerts.sh to generate DER versions

Known Limitations (documented in src/ocsp.c header comment):

  - Single request/response per OCSP exchange only
  - Key-hash responder ID only (no name-based responder ID)
  - No singleExtensions support
2026-03-11 10:21:16 +01:00