Commit Graph

5405 Commits

Author SHA1 Message Date
David Garske 6ac03d41ef Merge pull request #4203 from SparkiDev/tls13_peek_fix_off
TLS 1.3: ability to turn peek change off
2021-08-16 15:25:58 -07:00
Hayden Roche c6f0fb11d0 Merge pull request #4253 from julek-wolfssl/lighttpd-1.4.55
Implement `wolfSSL_set_client_CA_list` and add 'HIGH' cipher suite
2021-08-16 15:05:51 -05:00
Hayden Roche bbb514fa6d Add support for rsyslog.
- Add an --enable-rsyslog option to configure.ac.
- Add a few missing `WOLFSSL_ERROR` calls that were expected by rsyslog unit
  tests.
- Add better documentation around `WOLFSSL_SHUTDOWN_NOT_DONE` and define it to
  be 0 (rather than 2) when `WOLFSSL_ERROR_CODE_OPENSSL` is defined. This is in
  accordance with OpenSSL documentation. Without this change, rsyslog was
  failing to do the bidirectional shutdown properly because it was checking the
  shutdown return value against 0. I'm keeping the old value when
  `WOLFSSL_ERROR_CODE_OPENSSL` isn't defined because it's part of the public
  wolfssl interface (it's in ssl.h).
2021-08-13 23:24:28 -07:00
Juliusz Sosinowicz 0f6e564093 Rebase fixes 2021-08-14 00:35:55 +02:00
Juliusz Sosinowicz 6a5f40d698 Code review fixes. 2021-08-14 00:25:00 +02:00
Juliusz Sosinowicz 72f1d0adac Refactor client_CA API to use wolfSSL_sk_X509_NAME_* API 2021-08-14 00:24:24 +02:00
Juliusz Sosinowicz 62cab15c64 Reorganize wolfSSL_sk_X509_NAME_*
Make the `wolfSSL_sk_X509_NAME_*` API's available in OPENSSL_EXTRA for use with `client_CA_list` API's.
2021-08-14 00:24:24 +02:00
Juliusz Sosinowicz d4391bd997 Parse distinguished names in DoCertificateRequest
The CA names sent by the server are now being parsed in `DoCertificateRequest` and are saved on a stack in `ssl->ca_names`.
2021-08-14 00:24:08 +02:00
Juliusz Sosinowicz 647e007eea Implement wolfSSL_set_client_CA_list and add 'HIGH' cipher suite 2021-08-14 00:24:08 +02:00
Chris Conlon ca06694bfb Merge pull request #4282 from miyazakh/SSL_CIPHER_xx
Add SSL_CIPHER_get_xxx_nid support
2021-08-13 13:48:31 -06:00
Chris Conlon 5235b7d1e6 Merge pull request #4291 from miyazakh/PARAM_set1_ip
Add X509_VERIFY_PARAM_set1_ip support
2021-08-13 13:45:33 -06:00
Juliusz Sosinowicz 7dea1dcd39 OpenResty 1.13.6.2 and 1.19.3.1 support
# New or Updated APIs
- wolfSSL_get_tlsext_status_type
- wolfSSL_X509_chain_up_ref
- wolfSSL_get0_verified_chain
- SSL_CTX_set_cert_cb
- SSL_certs_clear
- SSL_add0_chain_cert ssl_cert_add0_chain_cert
- SSL_add1_chain_cert ssl_cert_add1_chain_cert
- sk_X509_NAME_new_null
- SSL_CTX_set_cert_cb
- SSL_set0_verify_cert_store
- SSL_set_client_CA_list

# Other Changes
- Ignore gdbinit
- Add api.c tests for new API
- Add `WOLFSSL_X509_STORE* x509_store_pt` to `WOLFSSL`
- Add macro to select the `WOLFSSL` specific store when available and the associated `WOLFSSL_CTX` store otherwise. Calls to `ssl->ctx->cm` and `ssl->ctx->x509_store*` were replaced by macros.
- NO-OP when setting existing store
- Add reference counter to `WOLFSSL_X509_STORE`
- Cleanup MD5 redundant declarations
- WOLFSSL_ERROR may map to nothing so make assignment outside of it
- refMutex fields are excluded with SINGLE_THREADED macro
- Chain cert refactor
- Make `wolfSSL_add0_chain_cert` and `wolfSSL_add1_chain_cert` not affect the context associated with the SSL object
- `wolfSSL_CTX_add1_chain_cert` now updates the `ctx->certChain` on success and stores the cert in `ctx->x509Chain` for later free'ing
2021-08-12 23:58:22 +02:00
David Garske cccb8f940a Merge pull request #4209 from julek-wolfssl/net-snmp
Add support for net-snmp
2021-08-12 13:06:21 -07:00
David Garske 93a1fe4580 Merge pull request #4205 from julek-wolfssl/wpas-include-extra-stuff
Include stuff needed for EAP in hostap
2021-08-12 11:17:23 -07:00
Chris Conlon d4b0ec0705 Merge pull request #4290 from TakayukiMatsuo/general
Add wolfSSL_GENERAL_NAME_print
2021-08-12 09:51:28 -06:00
Juliusz Sosinowicz e583d0ab76 SslSessionCacheOn -> SslSessionCacheOff 2021-08-12 13:52:25 +02:00
TakayukiMatsuo 517309724a Add wolfSSL_GENERAL_NAME_print 2021-08-12 14:17:41 +09:00
Hideki Miyazaki 0b070166cb addressed review comments 2021-08-12 10:44:07 +09:00
Hideki Miyazaki 4fa69c0a3a addressed review comments 2021-08-12 07:41:24 +09:00
David Garske 9c3502bea9 Merge pull request #4285 from haydenroche5/alerts
During the handshake, make sure alerts are getting read on the client side in the event of an error.
2021-08-11 15:22:05 -07:00
elms d39b91de27 Merge pull request #4266 from dgarske/hexchar 2021-08-11 10:56:53 -07:00
Juliusz Sosinowicz dd4adacee8 Code review changes 2021-08-11 17:58:46 +02:00
elms d487916557 Merge pull request #4279 from haydenroche5/pkcs12
Cleanups for PKCS8 and PKCS12 macros (always support parsing PKCS8 header)
2021-08-10 18:37:33 -07:00
David Garske df10152b54 Refactor hex char to byte conversions. 2021-08-10 12:07:41 -07:00
David Garske fdb6c8141e Merge pull request #4274 from haydenroche5/pyopenssl
Add support for pyOpenSSL.
2021-08-10 11:49:07 -07:00
Hayden Roche fdc350fb52 Add a macro guard WOLFSSL_CHECK_ALERT_ON_ERR that has the client check for
alerts in the event of an error during the handshake.
2021-08-10 09:43:12 -07:00
Hayden Roche ef5510cbcc During the handshake, make sure alerts are getting read on the client side in
the event of an error.
2021-08-09 14:26:53 -07:00
David Garske 0e4b200df1 Merge pull request #4267 from elms/key_overflow
tls13: avoid buffer overflow with size check
2021-08-09 09:19:46 -07:00
Hideki Miyazaki 5c55be72ec fix jenkins failure part2 2021-08-09 10:00:35 +09:00
Hideki Miyazaki cf9d5ea8b6 fix jenkins failure part2 2021-08-07 14:14:39 +09:00
Hideki Miyazaki dbf0977ed0 fix fenkins failure 2021-08-07 11:42:03 +09:00
Hideki Miyazaki a066c48f55 fix jenkins failure 2021-08-07 11:13:41 +09:00
Hideki Miyazaki a851e13f1d implemented X509_VERIFY_PARAM_set1_ip 2021-08-07 10:50:57 +09:00
David Garske bd6b765b17 Merge pull request #4287 from ejohnstown/ac-upd
flags update
2021-08-06 16:22:15 -07:00
John Safranek 2c62880fd2 flags update
1. Fixed typo in ifdef for HAVE_ED448.
2. Fixed typos in comments in sha512.
3. Add include config.h to bio.c.
2021-08-06 11:28:20 -06:00
Hideki Miyazaki 67e773db91 implement SSL_CIPHER_xxxx 2021-08-05 09:42:55 +09:00
Elms d8a54e1a32 tls13: avoid buffer overflow with size check
For cases where a private key that is larger than the configured
maximum is passed.
2021-08-04 17:14:25 -07:00
Hayden Roche 35a33b2f00 Add support for pyOpenSSL.
pyOpenSSL needs the OpenSSL function X509_EXTENSION_dup, so this commit adds
that to the compatibility layer. It also needs to be able to access the DER
encoding of the subject alt names in a cert, so that's added as well.
2021-08-04 14:08:43 -07:00
David Garske 45eddc68e2 Fix to always support parsing of the PKCS8 header. Improved macro logic for PKCS8 and PKCS12. Added --disable-pkcs8 option. Fix to enable PWDBASED and PKCS8 if PKCS12 is enabled. 2021-08-03 14:45:45 -07:00
Juliusz Sosinowicz 67ee3ddb0f Set explicit conversion 2021-08-03 19:29:08 +02:00
Juliusz Sosinowicz 3b366d24f2 Rebase fixes 2021-08-03 19:29:08 +02:00
Juliusz Sosinowicz 51b6c413d3 For Windows API socklen_t = int 2021-08-03 19:29:08 +02:00
Juliusz Sosinowicz 2bbd04f10f Implement BIO_new_accept and BIO_do_accept 2021-08-03 19:29:08 +02:00
Juliusz Sosinowicz 2cd499d2df Refactor session cache on checking into function 2021-08-03 17:52:50 +02:00
Juliusz Sosinowicz 46b061c7bc Include stuff needed for EAP in hostap
Patch that includes the API needed for EAP in hostapd and wpa_supplicant
2021-08-03 17:52:50 +02:00
Hayden Roche dc7ae37f7a Make changes to support port of NTP from OpenSSL to wolfSSL. 2021-08-02 13:33:18 -07:00
David Garske 9f6a963c60 Merge pull request #4262 from haydenroche5/libssh2
Add support for libssh2.
2021-08-02 11:29:54 -07:00
Hayden Roche 279b0facb5 Add support for libssh2. 2021-08-02 05:54:08 -07:00
John Safranek 6f2853ef28 Merge pull request #4251 from dgarske/openssl_all
Fixes for edge case builds with openssl all
2021-07-29 08:58:22 -07:00
David Garske 9df4312c4e Merge pull request #3823 from per-allansson/checkaltname-fix
wolfSSL_X509_check_ip_asc/CheckForAltName fixes
2021-07-29 08:08:06 -07:00