* Fix with `WOLFSSL_ALT_CERT_CHAINS` to resolve issue with using a trusted intermediate to validate a partial chain. With the alt cert chain enabled a CA may fail with only `ASN_NO_SIGNER_E` and the connection is allowed if the peer's certificate validates to a trusted CA. Eliminates overly complex 1 deep error alternate chain detection logic. Resolves ZD 4525.
* Refactor and cleanup of ProcessPeerPerts to combine duplicate code and improve code commenting.
* Fix for CA path len check in `ParseCertRelative` to always check for self-signed case (was previously only in NO_SKID case).
* Improvement to include self-signed flag in the DecodedCert struct.
Put the clientState into CLIENT_HELLO_RETRY (new state) when waiting for
second ClientHello.
Chrome sends change_cipher_spec message, for reasons of compatability,
which meets the requirements of the Old ClientHello detection when state
of client is NULL.
1. HAVE_WEBSERVER option turns on a couple more functions that MG is
using for client side authentication.
2. If using webserver, those functions return and error.
1. Fix testing issue with a client using the SCSV cipher suite to indicate desire for renegotiation.
2. Add indication to both the server and client examples that the renegotiation was successful.
1. Add an extra guard check around a call to SendHelloRequest() in the case where server renegotiation is disabled.
2. Replaced an accidental deletion of an include of the misc.h header for no inline builds.
1. Add the server side renegotiation flag to the secure renegotiation option.
2. Changed the AddEmptyNegotiationInfo so it doesn't create an extension, just adds a reply if SCR is enabled.
3. Fix the server's reaction to the client sending the SCR extension.
1. Fix an incorrect function entry log string.
2. Restart the server's accept state assuming the client hello was
received when the client initiates renegotiation.
1. Add enables to the example server for turning on secure renegotiation.
2. Add encryption assists to the handhshake message handler functions.
3. Add a hello request message function. Includes handshake timing pre/postambles.
When loading DH domain parameters into a CTX, test the prime
immediately. When loading them into a session, test the prime right
before using it during the handshake. Sessions that get their prime from
their context do not need to test their prime. Added a function to
disable testing the prime in a session. The goal is to speed up testing
as every single test case loads DH parameters whether they are used or
not.
1. Collect the SSL Info capture into its own function.
2. Add a Trace function for the SSL Info.
3. When copying the IANA name for the cipher suite, use a strncpy
instead of a memcpy and cap the copy at the length of the destination.
Force a null terminator at the end of the destination, just in case.
4. Modify the snifftest to collect the SSL Info.