define KEEP_OUR_CERT to set keeping ssl certificate

2016-05-04 09:05:11 -06:00 · 2016-05-04 09:05:11 -06:00 · 197672d4fc
commit 197672d4fc
parent b2325aad6d
5 changed files with 17 additions and 11 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -643,7 +643,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
 #ifndef NO_CERTS
    FreeDer(&ctx->privateKey);
    FreeDer(&ctx->certificate);
-    #ifdef OPENSSL_EXTRA
+    #ifdef KEEP_OUR_CERT
        FreeX509(ctx->ourCert);
        if (ctx->ourCert) {
            XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
--- a/src/ssl.c
+++ b/src/ssl.c
@ -3468,7 +3468,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
             /* Make sure previous is free'd */
            if (ssl->buffers.weOwnCert) {
                FreeDer(&ssl->buffers.certificate);
-                #ifdef OPENSSL_EXTRA
+                #ifdef KEEP_OUR_CERT
                    FreeX509(ssl->ourCert);
                    if (ssl->ourCert) {
                        XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
@ -3477,14 +3477,14 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
                #endif
            }
            XMEMCPY(&ssl->buffers.certificate, &der, sizeof(der));
-            #ifdef OPENSSL_EXTRA
+            #ifdef KEEP_OUR_CERT
                ssl->keepCert = 1; /* hold cert for ssl lifetime */
            #endif
            ssl->buffers.weOwnCert = 1;
        }
        else if (ctx) {
            FreeDer(&ctx->certificate); /* Make sure previous is free'd */
-            #ifdef OPENSSL_EXTRA
+            #ifdef KEEP_OUR_CERT
                FreeX509(ctx->ourCert);
                if (ctx->ourCert) {
                    XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
@ -8037,7 +8037,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
        if (ssl->buffers.weOwnCert && !ssl->keepCert) {
            WOLFSSL_MSG("Unloading cert");
            FreeDer(&ssl->buffers.certificate);
-            #ifdef OPENSSL_EXTRA
+            #ifdef KEEP_OUR_CERT
                FreeX509(ssl->ourCert);
                if (ssl->ourCert) {
                    XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
@ -10756,7 +10756,9 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)

 #endif /* KEEP_PEER_CERT || SESSION_CERTS */

-#ifdef OPENSSL_EXTRA /* needed for wolfSSL_X509_d21 function */
+/* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function
+   KEEP_OUR_CERT is to insure ability for returning ssl certificate */
+#if defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
 WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
 {
    if (ssl == NULL) {
@ -10785,7 +10787,7 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
        }
    }
 }
-#endif /* OPENSSL_EXTRA */
+#endif /* OPENSSL_EXTRA && KEEP_OUR_CERT */
 #endif /* NO_CERTS */


@ -11192,6 +11194,10 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher)
                return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
            case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
                return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
+        #ifndef NO_DES3
+            case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
+                return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
+         #endif
 #endif
 #ifndef NO_HC128
    #ifndef NO_MD5
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -1903,7 +1903,7 @@ struct WOLFSSL_CTX {
    DerBuffer*  privateKey;
    WOLFSSL_CERT_MANAGER* cm;      /* our cert manager, ctx owns SSL will use */
 #endif
-#ifdef OPENSSL_EXTRA
+#ifdef KEEP_OUR_CERT
    WOLFSSL_X509*    ourCert;     /* keep alive a X509 struct of cert */
 #endif
    Suites*     suites;           /* make dynamic, user may not need/set */
@ -2726,7 +2726,7 @@ struct WOLFSSL {
 #ifdef KEEP_PEER_CERT
    WOLFSSL_X509     peerCert;           /* X509 peer cert */
 #endif
-#ifdef OPENSSL_EXTRA
+#ifdef KEEP_OUR_CERT
    WOLFSSL_X509*    ourCert;            /* keep alive a X509 struct of cert.
                                            points to ctx if not owned (owned
                                            flag found in buffers.weOwnCert) */
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -1012,7 +1012,7 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
                                               const unsigned char*, long);
    WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*);

-    #ifdef OPENSSL_EXTRA
+    #if defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
        WOLFSSL_API WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl);
    #endif
 #endif
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@ -495,7 +495,7 @@ static INLINE void showPeer(WOLFSSL* ssl)
        printf("peer has no cert!\n");
    wolfSSL_FreeX509(peer);
 #endif
-#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA)
+#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
    ShowX509(wolfSSL_get_certificate(ssl), "our cert info:");
 #endif /* SHOW_CERTS */
    printf("SSL version is %s\n", wolfSSL_get_version(ssl));