Juliusz Sosinowicz
061311d6ca
zd/21661: harden X.509 chain validation, session ticket identity binding, and peer cert restore
...
- x509_str: require CA:TRUE unconditionally in wolfSSL_X509_verify_cert;
verify leaf signature even when verify_cb overrides INVALID_CA
- x509_str: align WOLFSSL_X509_V_ERR_INVALID_CA with OpenSSL value (79)
so OPENSSL_COEXIST builds compile; bump WC_OSSL_V509_V_ERR_MAX to 80
and extend error_test() missing-value table for the new gaps
- asn: reject embedded NUL in dNSName / rfc822Name / URI SAN entries
- internal: re-verify restored ticket peer cert against trust store with
CRL/OCSP checks; clear stale state from session cache on verification
failure
- ticket: bind SNI and ALPN into session ticket via compile-time selected
hash (TICKET_BINDING_HASH_TYPE); reject resumption on mismatch in both
TLS 1.3 and TLS 1.2 paths
- ticket: defer SNI/ALPN binding check until after extensions are parsed
by consolidating into VerifyTicketBinding(), called once after
ALPN_Select in DoTls13ClientHello and DoClientHello; the early
per-call sites ran before extensions were parsed and rejected valid
resumptions in nginx, haproxy, grpc, and CPython integration tests
- ssl_sess: free previous session in wolfSSL_d2i_SSL_SESSION before
overwrite
- examples/client: increase SESSION_TICKET_LEN fallback from 256 to 2048
to support larger tickets
- tests: update SAN NUL fixtures and add parse-time rejection coverage;
add test_tls13_ticket_peer_cert_reverify for CA-removal scenario; skip
it under WOLFSSL_NO_DEF_TICKET_ENC_CB
2026-05-06 16:45:58 +02:00
..
2026-02-18 09:52:21 -07:00
2026-04-06 00:53:57 -05:00
2026-02-26 11:44:50 -08:00
2026-04-15 11:27:44 -06:00
2026-04-20 10:45:23 +03:00
2026-04-20 10:45:23 +03:00
2026-04-14 13:25:15 +10:00
2026-04-14 13:25:15 +10:00
2026-02-18 09:52:21 -07:00
2026-04-15 17:05:32 +10:00
2026-04-15 17:05:32 +10:00
2026-05-06 16:45:58 +02:00
2026-03-20 16:16:21 -05:00
2026-04-07 13:18:53 -05:00
2026-02-18 09:52:21 -07:00
2026-04-16 08:51:17 +10:00
2026-04-14 13:25:15 +10:00
2026-04-21 10:21:31 +10:00
2026-04-21 10:21:31 +10:00
2026-04-15 17:05:32 +10:00
2026-04-15 17:05:32 +10:00
2026-04-15 17:05:32 +10:00
2026-04-15 17:05:32 +10:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-05-05 04:36:16 +00:00
2026-02-18 09:52:21 -07:00
2026-05-05 12:24:17 -07:00
2026-04-30 10:41:10 -07:00
2026-04-16 08:51:17 +10:00
2026-04-14 13:25:15 +10:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-04-06 00:53:57 -05:00
2026-02-18 09:52:21 -07:00
2026-04-03 12:10:42 +02:00
2026-04-03 12:10:42 +02:00
2026-04-23 11:26:33 +02:00
2026-04-23 11:26:33 +02:00
2026-05-05 04:36:16 +00:00
2026-03-26 14:56:00 -04:00
2026-05-05 04:36:16 +00:00
2026-03-26 14:56:00 -04:00
2026-04-02 12:35:15 +02:00
2026-03-05 08:51:52 -06:00
2026-04-07 13:18:53 -05:00
2026-02-18 09:52:21 -07:00
2026-04-30 14:16:05 -06:00
2026-04-30 14:16:05 -06:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-04-24 06:52:49 -06:00
2026-02-18 09:52:21 -07:00
2026-02-26 14:51:49 -06:00
2026-02-26 10:26:20 -06:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-05-02 08:15:22 +09:00
2026-05-02 08:19:19 +09:00
2026-04-30 11:03:06 +02:00
2026-04-15 03:09:11 +02:00
2026-02-26 11:44:50 -08:00
2026-04-02 22:54:10 -05:00
2026-04-02 11:24:25 +02:00
2026-04-03 17:13:29 -06:00
2026-02-18 09:52:21 -07:00
2026-05-04 10:35:04 +02:00
2026-04-21 19:05:26 +03:00
2026-04-13 15:50:26 +02:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-04-06 00:53:57 -05:00
2026-02-18 09:52:21 -07:00
2026-04-06 21:18:32 +02:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-04-23 09:36:32 +02:00
2026-04-23 09:36:32 +02:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-04-10 07:58:37 +10:00
2026-02-18 09:52:21 -07:00
2026-04-21 02:35:57 +02:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-04-28 10:06:47 +00:00
2026-04-28 10:06:47 +00:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-05-05 11:41:28 -07:00
2026-04-09 13:09:17 -04:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-05-06 16:45:58 +02:00
2026-04-21 16:56:08 -05:00
2026-04-25 11:47:24 -05:00
2026-04-23 11:03:24 +02:00
2026-04-30 14:00:15 -06:00
2026-04-15 03:08:50 +02:00
2026-04-10 15:43:21 +10:00
2026-04-10 15:43:21 +10:00
2026-04-24 06:52:49 -06:00
2026-04-24 06:52:49 -06:00
2026-04-16 08:51:17 +10:00
2026-04-14 13:25:15 +10:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-04-15 17:29:37 -04:00
2026-04-10 11:17:45 -04:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-04-15 18:03:39 -06:00
2026-04-15 11:28:03 -06:00
2026-04-08 17:07:42 +09:00
2026-04-08 17:07:42 +09:00
2026-05-05 11:02:13 -05:00
2026-04-30 18:32:07 +02:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-04-14 13:25:15 +10:00
2026-04-14 13:25:15 +10:00
2026-05-06 16:45:58 +02:00
2026-05-06 16:45:58 +02:00
2026-04-27 14:03:31 +02:00
2026-04-27 14:03:14 +02:00
2026-04-17 10:41:53 +10:00
2026-04-17 10:41:53 +10:00
2026-04-10 15:43:21 +10:00
2026-04-10 15:43:21 +10:00
2026-04-10 10:48:17 -07:00
2026-02-18 09:52:21 -07:00
2026-04-14 07:47:29 -05:00
2026-04-13 17:02:51 -05:00