timeout(1) is GNU coreutils and is not installed on macOS, so the
"make check macos" job failed with "timeout: command not found" for
every wrapped server. Add a small shim to each affected test: when
timeout is unavailable (e.g. macOS) run the server unbounded, restoring
the prior macOS behavior. The flaky hang the timeout guards against is on
the Linux-only trackmemory job, so macOS does not need the bound.
Several test scripts share the same pattern as ocsp-stapling_tls13multi:
a backgrounded example server is "wait"ed on with no timeout, so a
server that flakily fails to exit blocks the script until the CI job
timeout. Wrap those servers in "timeout -s KILL 2m" as well.
Scripts: ocsp-stapling, ocsp-stapling2,
ocsp-stapling-with-wolfssl-responder, crl-revoked, tls13, resume,
pkcallbacks, dtlscid.
OCSP Responder Core API:
- Add new public API for creating and managing an OCSP responder
- Add public wrappers for internal OCSP request/response functions
- OcspRespCheck: fix check when authorized responder is loaded into CM
Header Cleanup:
- Remove circular dependency when including `#include <wolfssl/wolfcrypt/asn.h>` from wolfssl/wolfcrypt/ecc.h and wolfssl/wolfcrypt/rsa.h
OCSP Responder Example (examples/ocsp_responder/):
- Add a command-line OCSP responder for interoperability testing with OpenSSL's `openssl ocsp` client
Test Scripts (scripts/):
- ocsp-responder-openssl-interop.test: Tests wolfSSL OCSP responder with `openssl ocsp` client
- ocsp-stapling-with-wolfssl-responder.test: Tests wolfSSL OCSP responder when doing OCSP stapling
Certificate Infrastructure (certs/ocsp/):
- Add DER-format certificates and keys for OCSP testing
- Update renewcerts.sh to generate DER versions
Known Limitations (documented in src/ocsp.c header comment):
- Single request/response per OCSP exchange only
- Key-hash responder ID only (no name-based responder ID)
- No singleExtensions support