From 197672d4fc9956950c3adb2cffcc393d9c5a7bda Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Wed, 4 May 2016 09:05:11 -0600
Subject: [PATCH] define KEEP_OUR_CERT to set keeping ssl certificate

---
 src/internal.c     |  2 +-
 src/ssl.c          | 18 ++++++++++++------
 wolfssl/internal.h |  4 ++--
 wolfssl/ssl.h      |  2 +-
 wolfssl/test.h     |  2 +-
 5 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index bf78a27a3..39af8da3d 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -643,7 +643,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
 #ifndef NO_CERTS
     FreeDer(&ctx->privateKey);
     FreeDer(&ctx->certificate);
-    #ifdef OPENSSL_EXTRA
+    #ifdef KEEP_OUR_CERT
         FreeX509(ctx->ourCert);
         if (ctx->ourCert) {
             XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
diff --git a/src/ssl.c b/src/ssl.c
index f4c7eb628..21a801259 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -3468,7 +3468,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
              /* Make sure previous is free'd */
             if (ssl->buffers.weOwnCert) {
                 FreeDer(&ssl->buffers.certificate);
-                #ifdef OPENSSL_EXTRA
+                #ifdef KEEP_OUR_CERT
                     FreeX509(ssl->ourCert);
                     if (ssl->ourCert) {
                         XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
@@ -3477,14 +3477,14 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
                 #endif
             }
             XMEMCPY(&ssl->buffers.certificate, &der, sizeof(der));
-            #ifdef OPENSSL_EXTRA
+            #ifdef KEEP_OUR_CERT
                 ssl->keepCert = 1; /* hold cert for ssl lifetime */
             #endif
             ssl->buffers.weOwnCert = 1;
         }
         else if (ctx) {
             FreeDer(&ctx->certificate); /* Make sure previous is free'd */
-            #ifdef OPENSSL_EXTRA
+            #ifdef KEEP_OUR_CERT
                 FreeX509(ctx->ourCert);
                 if (ctx->ourCert) {
                     XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
@@ -8037,7 +8037,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         if (ssl->buffers.weOwnCert && !ssl->keepCert) {
             WOLFSSL_MSG("Unloading cert");
             FreeDer(&ssl->buffers.certificate);
-            #ifdef OPENSSL_EXTRA
+            #ifdef KEEP_OUR_CERT
                 FreeX509(ssl->ourCert);
                 if (ssl->ourCert) {
                     XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
@@ -10756,7 +10756,9 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
 
 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
 
-#ifdef OPENSSL_EXTRA /* needed for wolfSSL_X509_d21 function */
+/* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function
+   KEEP_OUR_CERT is to insure ability for returning ssl certificate */
+#if defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
 WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
 {
     if (ssl == NULL) {
@@ -10785,7 +10787,7 @@ WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
         }
     }
 }
-#endif /* OPENSSL_EXTRA */
+#endif /* OPENSSL_EXTRA && KEEP_OUR_CERT */
 #endif /* NO_CERTS */
 
 
@@ -11192,6 +11194,10 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher)
                 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
             case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
                 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
+        #ifndef NO_DES3
+            case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
+                return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
+         #endif
 #endif
 #ifndef NO_HC128
     #ifndef NO_MD5
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index d24f3fce7..7047b4567 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1903,7 +1903,7 @@ struct WOLFSSL_CTX {
     DerBuffer*  privateKey;
     WOLFSSL_CERT_MANAGER* cm;      /* our cert manager, ctx owns SSL will use */
 #endif
-#ifdef OPENSSL_EXTRA
+#ifdef KEEP_OUR_CERT
     WOLFSSL_X509*    ourCert;     /* keep alive a X509 struct of cert */
 #endif
     Suites*     suites;           /* make dynamic, user may not need/set */
@@ -2726,7 +2726,7 @@ struct WOLFSSL {
 #ifdef KEEP_PEER_CERT
     WOLFSSL_X509     peerCert;           /* X509 peer cert */
 #endif
-#ifdef OPENSSL_EXTRA
+#ifdef KEEP_OUR_CERT
     WOLFSSL_X509*    ourCert;            /* keep alive a X509 struct of cert.
                                             points to ctx if not owned (owned
                                             flag found in buffers.weOwnCert) */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index ceea78c31..92d783976 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1012,7 +1012,7 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL*, void* key, unsigned int len,
                                                const unsigned char*, long);
     WOLFSSL_API int wolfSSL_UnloadCertsKeys(WOLFSSL*);
 
-    #ifdef OPENSSL_EXTRA
+    #if defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
         WOLFSSL_API WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl);
     #endif
 #endif
diff --git a/wolfssl/test.h b/wolfssl/test.h
index 8c0468660..d979872ca 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -495,7 +495,7 @@ static INLINE void showPeer(WOLFSSL* ssl)
         printf("peer has no cert!\n");
     wolfSSL_FreeX509(peer);
 #endif
-#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA)
+#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
     ShowX509(wolfSSL_get_certificate(ssl), "our cert info:");
 #endif /* SHOW_CERTS */
     printf("SSL version is %s\n", wolfSSL_get_version(ssl));