OCSP Responder Core API:
- Add new public API for creating and managing an OCSP responder
- Add public wrappers for internal OCSP request/response functions
- OcspRespCheck: fix check when authorized responder is loaded into CM
Header Cleanup:
- Remove circular dependency when including `#include <wolfssl/wolfcrypt/asn.h>` from wolfssl/wolfcrypt/ecc.h and wolfssl/wolfcrypt/rsa.h
OCSP Responder Example (examples/ocsp_responder/):
- Add a command-line OCSP responder for interoperability testing with OpenSSL's `openssl ocsp` client
Test Scripts (scripts/):
- ocsp-responder-openssl-interop.test: Tests wolfSSL OCSP responder with `openssl ocsp` client
- ocsp-stapling-with-wolfssl-responder.test: Tests wolfSSL OCSP responder when doing OCSP stapling
Certificate Infrastructure (certs/ocsp/):
- Add DER-format certificates and keys for OCSP testing
- Update renewcerts.sh to generate DER versions
Known Limitations (documented in src/ocsp.c header comment):
- Single request/response per OCSP exchange only
- Key-hash responder ID only (no name-based responder ID)
- No singleExtensions support
Correct the logic for checking if the client and server examples are compiled
in the test scripts. The previous logic was inverted, causing the tests to
always skip if the examples *were* compiled.
Mostly combinations of NO_WOLFSSL_CLIENT, NO_WOLFSSL_SERVER and
WOLFSSL_NO_CLIENT_AUTH were failing.
Added configurations to CI loop.
wc_AesGcmDecryptFinal: use WC_AES_BLOCK_SIZE to satisfy compiler.
New sum algorithm has no clashes at this time.
Old algorithm enabled by defining: WOLFSSL_OLD_OID_SUM.
New oid_sum.h file generated with scripts/asn1_oid_sum.pl.
Added bunch of OID names into asn1 example.
add wolfssl_no_resume flag to openssl.test
check for version of openssl testing against
check if RSA is supported for test case
guard on test case for TLS versions supported
The assumption is that the wrong PIDs are getting killed. Better use the current shell's child processes (ie: 'jobs' command) than storing some calculated PID
Fixed issue reported by scan-build when DTLS13 is enabled.
Fix compile issue when WOLFSSL_DTLS_CH_FRAG is enabled.
Fix running of scripts/dtlscid.test by removing 'set -e' as bwrap
command may not be there.
* Redirect the AesEncrypt_C call to device
* Fix function declarations
* Force CC=nvcc with CUDA
* Don't let C++ mangle function names
* Add larger parallelization
* Add in memory copy to device
* `nvcc` does not support '-Wall' nor '-Wno-unused'
* Add in README.md
* Clean up script to output color coded data
* Fix Asymmetric cipher comparisons
* Add in standard output parsing in addition to the CSV
* Add option to output results in a CSV
---------
Co-authored-by: Andras Fekete <andras@wolfssl.com>
We can omit either the CeritificateStatus message or the appropriate extension when we can not provide the OCSP staple that the peer is asking for. Let peer decide if it requires stapling and error out if we don't send it.
