mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1783 from dgarske/load_loc

Browse Source 
Enhanced load verify locations to support flags
This commit is contained in:
toddouska 2018-09-06 17:00:09 -07:00 committed by GitHub
commit a7fb48e157
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 490 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
certs/test/expired-ca.der Normal file
View File

Binary file not shown.

109
certs/test/expired-ca.pem
View File

@ -1,56 +1,69 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
8a:37:22:65:73:f5:aa:e8
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Version: 1 (0x0)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=www.wolfssl.com, ST=Montana, C=US/emailAddress=info@wolfssl.com, OU=Engineering
Validity
Not Before: Jun 30 18:47:10 2010 GMT
Not After : Mar 26 18:47:10 2013 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Not Before: Jul 31 00:00:00 2018 GMT
Not After : Aug 30 00:00:00 2018 GMT
Subject: CN=www.wolfssl.com, ST=Montana, C=US/emailAddress=info@wolfssl.com, OU=Engineering
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:97:30:b9:1a:92:ef:25:4f:ca:4c:11:31:95:1a:
e1:c0:10:19:0a:20:b9:37:80:1a:57:38:02:4e:1b:
c5:0f:28:4f:da:e3:c9:16:aa:50:bd:4a:fb:b7:71:
c7:35:cc:63:81:c1:dd:9d:33:f9:38:16:88:32:a0:
aa:56:23:03:a3
Public-Key: (2048 bit)
Modulus:
00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77:
32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1:
8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3:
a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed:
a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95:
82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c:
3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db:
76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc:
73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98:
de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68:
cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2:
b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3:
13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98:
ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed:
36:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
X509v3 Authority Key Identifier:
keyid:3B:66:FD:A0:40:C6:F4:E2:70:CF:21:1A:0C:4F:67:FE:B7:4B:42:09
DirName:/C=US/ST=Montana/L=Bozeman/O=sawtooth/OU=consulting/CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
serial:8A:37:22:65:73:F5:AA:E8
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
32:65:a2:b1:dc:6d:e0:8d:8b:c8:58:29:8e:b8:18:4b:62:88:
13:67:f8:6c:75:46:75:8f:8a:19:a6:a3:d5:3c:fc:57:4e:7a:
68:a9:fc:93:dc:ae:29:7d:bb:4e:ec:ea:55:fa:a4:e3:00:61:
f4:b0:34:6d:d1:d5:a4:64:24:f8
Signature Algorithm: sha256WithRSAEncryption
52:af:84:10:08:83:9a:39:c2:05:5c:33:fc:a6:a0:7c:ce:68:
34:fa:cc:05:9f:8a:33:79:64:07:da:6c:17:85:91:ab:1d:be:
32:45:c6:7f:54:b6:10:cf:ea:17:74:d4:d9:06:6e:71:5d:0d:
40:72:21:07:79:20:63:b3:15:d5:b7:e6:1a:d6:d0:11:1a:60:
7f:81:e9:9b:69:b4:67:4e:e2:22:1a:2f:9d:6a:3c:da:95:34:
a9:bf:2b:14:fa:fe:21:73:e7:c9:19:7d:2c:14:9f:9f:33:c1:
83:35:9c:94:95:0e:e4:3e:29:17:95:a2:85:e3:ad:70:5f:6a:
ff:2d:8a:92:fb:58:f6:fe:46:2b:d0:e4:9d:9b:0d:d9:e4:39:
0a:c5:e2:3d:17:de:95:cc:a4:1c:33:a1:75:02:ec:98:66:47:
b9:ce:e4:8f:7e:32:cd:38:ff:6f:3d:be:7a:44:bf:47:61:7a:
b7:5a:09:fa:1e:bf:3d:63:68:b3:15:00:87:fd:8d:b8:f6:b8:
83:13:ff:f8:56:ed:14:05:4f:49:07:f9:33:6b:3f:fd:c6:7d:
ff:6b:04:d5:46:80:c1:6b:74:fd:e6:18:14:1d:3b:c6:12:67:
0e:1e:8d:81:c4:a9:9c:59:ee:29:cd:cf:55:a6:bc:53:13:f4:
51:bc:b7:b3
-----BEGIN CERTIFICATE-----
MIIDQDCCAuqgAwIBAgIJAIo3ImVz9aroMA0GCSqGSIb3DQEBBAUAMIGeMQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
A1UEChMIc2F3dG9vdGgxEzARBgNVBAsTCmNvbnN1bHRpbmcxJDAiBgNVBAMTG3d3
dy5zYXd0b290aC1jb25zdWx0aW5nLmNvbTEdMBsGCSqGSIb3DQEJARYOaW5mb0B5
YXNzbC5jb20wHhcNMTAwNjMwMTg0NzEwWhcNMTMwMzI2MTg0NzEwWjCBnjELMAkG
A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
eWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJcwuRqS7yVPykwRMZUa
4cAQGQoguTeAGlc4Ak4bxQ8oT9rjyRaqUL1K+7dxxzXMY4HB3Z0z+TgWiDKgqlYj
A6MCAwEAAaOCAQcwggEDMB0GA1UdDgQWBBQ7Zv2gQMb04nDPIRoMT2f+t0tCCTCB
0wYDVR0jBIHLMIHIgBQ7Zv2gQMb04nDPIRoMT2f+t0tCCaGBpKSBoTCBnjELMAkG
A1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmExEDAOBgNVBAcTB0JvemVtYW4xETAP
BgNVBAoTCHNhd3Rvb3RoMRMwEQYDVQQLEwpjb25zdWx0aW5nMSQwIgYDVQQDExt3
d3cuc2F3dG9vdGgtY29uc3VsdGluZy5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9A
eWFzc2wuY29tggkAijciZXP1qugwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQF
AANBADJlorHcbeCNi8hYKY64GEtiiBNn+Gx1RnWPihmmo9U8/FdOemip/JPcril9
u07s6lX6pOMAYfSwNG3R1aRkJPg=
MIIDVTCCAj0CAhAAMA0GCSqGSIb3DQEBCwUAMHAxGDAWBgNVBAMMD3d3dy53b2xm
c3NsLmNvbTEQMA4GA1UECAwHTW9udGFuYTELMAkGA1UEBhMCVVMxHzAdBgkqhkiG
9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFDASBgNVBAsMC0VuZ2luZWVyaW5nMB4Y
DTIwMTgwNzMxMDAwMFoYDTIwMTgwODMwMDAwMFowcDEYMBYGA1UEAwwPd3d3Lndv
bGZzc2wuY29tMRAwDgYDVQQIDAdNb250YW5hMQswCQYDVQQGEwJVUzEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEUMBIGA1UECwwLRW5naW5lZXJpbmcw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJN
dRDxtjWf38p9A5jTrN4DZu4q8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7
aVIQAy+o85XF8YtiVhvvZ2+kEEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRys
x+3yfJWwlYJ9SVw4zXcl772AdVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pA
b9gh3HMbQi1TnP4a/H2rejY/mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm
0rdvsVoX1ziZCP6TWG/+wxNJCBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5
AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAFKvhBAIg5o5wgVcM/ymoHzOaDT6zAWf
ijN5ZAfabBeFkasdvjJFxn9UthDP6hd01NkGbnFdDUByIQd5IGOzFdW35hrW0BEa
YH+B6ZtptGdO4iIaL51qPNqVNKm/KxT6/iFz58kZfSwUn58zwYM1nJSVDuQ+KReV
ooXjrXBfav8tipL7WPb+RivQ5J2bDdnkOQrF4j0X3pXMpBwzoXUC7JhmR7nO5I9+
Ms04/289vnpEv0dherdaCfoevz1jaLMVAIf9jbj2uIMT//hW7RQFT0kH+TNrP/3G
ff9rBNVGgMFrdP3mGBQdO8YSZw4ejYHEqZxZ7inNz1WmvFMT9FG8t7M=
-----END CERTIFICATE-----

BIN
certs/test/expired-cert.der Normal file
View File

Binary file not shown.

90
certs/test/expired-cert.pem
View File

@ -1,39 +1,69 @@
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Montana, L=Bozeman, O=sawtooth, OU=consulting, CN=www.sawtooth-consulting.com/emailAddress=info@yassl.com
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=www.wolfssl.com, ST=Montana, C=US/emailAddress=info@wolfssl.com, OU=Engineering
Validity
Not Before: Jun 30 18:52:17 2010 GMT
Not After : Mar 26 18:52:17 2013 GMT
Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=support, CN=www.yassl.com/emailAddress=info@yassl.com
Not Before: Jul 31 00:00:00 2018 GMT
Not After : Aug 30 00:00:00 2018 GMT
Subject: CN=www.wolfssl.com, ST=Montana, C=US/emailAddress=info@wolfssl.com, OU=Engineering
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:c6:7b:c0:68:81:2f:de:82:3f:f9:ac:c3:86:4a:
66:b7:ec:d4:f1:f6:64:21:ff:f5:a2:34:42:d0:38:
9f:c6:dd:3b:6e:26:65:6a:54:96:dd:d2:7b:eb:36:
a2:ae:7e:2a:9e:7e:56:a5:b6:87:9f:15:c7:18:66:
7e:16:77:e2:a7
Public-Key: (2048 bit)
Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab:
64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e:
86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25:
4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c:
34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6:
8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc:
40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8:
dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3:
e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9:
64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0:
c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77:
ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4:
b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
58:a9:98:e7:16:52:4c:40:e7:e1:47:92:19:1b:3a:8f:97:6c:
7b:b7:b0:cb:20:6d:ad:b5:d3:47:58:d8:e4:f2:3e:32:e9:ef:
87:77:e5:54:36:f4:8d:50:8d:07:b4:77:45:ea:9d:a4:33:36:
9b:0b:e0:74:58:11:c5:01:7b:4d
Signature Algorithm: sha256WithRSAEncryption
3d:b8:e9:dc:03:4f:0c:79:ed:5d:b5:e8:45:99:b4:9e:fe:9b:
d9:88:aa:6c:de:1e:34:59:8a:4b:1c:39:0c:7a:a0:7d:24:c1:
8d:54:d2:65:92:d4:5b:35:cb:de:fc:37:fe:b1:67:20:64:04:
0a:8f:09:71:cf:d3:16:2e:dc:23:c8:7c:2e:72:35:54:ec:d3:
63:5a:9d:63:93:42:b6:72:67:8f:80:83:6a:e3:d3:ad:28:87:
46:4c:6e:56:d2:02:af:58:2e:a9:0e:e0:07:a6:f1:58:dd:17:
82:27:f1:49:3b:8c:77:6f:08:96:d9:04:c8:ec:34:22:a5:b1:
e9:48:07:41:3c:aa:1e:e4:d9:75:1b:71:bd:4f:ec:5e:fd:2b:
44:2e:81:cd:8c:b1:08:e6:de:9b:e2:61:c9:ee:43:f7:af:99:
29:fa:50:69:2a:98:47:b9:58:46:57:1e:2d:29:77:51:89:64:
ee:f2:ba:14:fb:f7:ba:dc:68:d6:34:bc:28:eb:17:f4:37:6a:
91:a9:cf:d5:46:e8:6e:8f:2f:e7:f2:e0:b1:ca:8a:0f:a4:55:
8b:b9:c2:89:d0:29:82:b7:11:47:af:8b:96:92:e5:a3:da:11:
0f:76:db:15:61:a5:5a:ab:60:83:06:de:7e:bf:b6:c8:10:ab:
38:1a:d3:c2
-----BEGIN CERTIFICATE-----
MIICFDCCAb4CAQEwDQYJKoZIhvcNAQEEBQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYD
VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhzYXd0b290
aDETMBEGA1UECxMKY29uc3VsdGluZzEkMCIGA1UEAxMbd3d3LnNhd3Rvb3RoLWNv
bnN1bHRpbmcuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0x
MDA2MzAxODUyMTdaFw0xMzAzMjYxODUyMTdaMIGKMQswCQYDVQQGEwJVUzEQMA4G
A1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjEOMAwGA1UEChMFeWFTU0wx
EDAOBgNVBAsTB3N1cHBvcnQxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkq
hkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
AMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpUlt3Se+s2oq5+
Kp5+VqW2h58VxxhmfhZ34qcCAwEAATANBgkqhkiG9w0BAQQFAANBAFipmOcWUkxA
5+FHkhkbOo+XbHu3sMsgba2100dY2OTyPjLp74d35VQ29I1QjQe0d0XqnaQzNpsL
4HRYEcUBe00=
MIIDVTCCAj0CAhAAMA0GCSqGSIb3DQEBCwUAMHAxGDAWBgNVBAMMD3d3dy53b2xm
c3NsLmNvbTEQMA4GA1UECAwHTW9udGFuYTELMAkGA1UEBhMCVVMxHzAdBgkqhkiG
9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFDASBgNVBAsMC0VuZ2luZWVyaW5nMB4Y
DTIwMTgwNzMxMDAwMFoYDTIwMTgwODMwMDAwMFowcDEYMBYGA1UEAwwPd3d3Lndv
bGZzc2wuY29tMRAwDgYDVQQIDAdNb250YW5hMQswCQYDVQQGEwJVUzEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEUMBIGA1UECwwLRW5naW5lZXJpbmcw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFl
xkWu8rwkMLiVzi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zK
XXu64CHlci5vLobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2
fwtZaHhzpowYqQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZR
DL1Us+FtXxy8I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Wh
d7oT0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63X
AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD246dwDTwx57V216EWZtJ7+m9mIqmze
HjRZikscOQx6oH0kwY1U0mWS1Fs1y978N/6xZyBkBAqPCXHP0xYu3CPIfC5yNVTs
02NanWOTQrZyZ4+Ag2rj060oh0ZMblbSAq9YLqkO4Aem8VjdF4In8Uk7jHdvCJbZ
BMjsNCKlselIB0E8qh7k2XUbcb1P7F79K0Qugc2MsQjm3pviYcnuQ/evmSn6UGkq
mEe5WEZXHi0pd1GJZO7yuhT797rcaNY0vCjrF/Q3apGpz9VG6G6PL+fy4LHKig+k
VYu5wonQKYK3EUevi5aS5aPaEQ922xVhpVqrYIMG3n6/tsgQqzga08I=
-----END CERTIFICATE-----

9
certs/test/expired-key.pem
View File

@ -1,9 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBAMZ7wGiBL96CP/msw4ZKZrfs1PH2ZCH/9aI0QtA4n8bdO24mZWpU
lt3Se+s2oq5+Kp5+VqW2h58VxxhmfhZ34qcCAwEAAQJBAJSbGxgjgV+rTZL2Ev58
viN/IoB25cm/Bn4Heu7DNn2A2kpdGX2cCaf7rEQoIKCiHxvopvxOcd/7nLS/gNli
dCECIQD/cX/9fvB1Uajw0fmvwNON9+3P9uJSqpig90zL32pwjQIhAMbqee9TBMN4
TxXbgWqA92PrCXe8WDZ3PwoJqdR6MRUDAiEAny+TDF1z6hiWiGTCDgXDkKBlwgjf
p5aKgR077XzwLu0CICVpWEGg1ZaF/CnaPP7w/pZ2UDOK4vRrfRnAM4bY7H5NAiBS
1eXJ/MCZ2uPfpl7XK2BU9P69KdKUk5WHxdRchVvcDg==
-----END RSA PRIVATE KEY-----

69
certs/test/gen-testcerts.sh
View File

@ -1,12 +1,38 @@
#!/bin/sh
# Args: 1=FileName, 2=CN, 3=AltName
# Args: 1=FileName, 2=CN, 3=AltName, 4=CA
function build_test_cert_conf {
echo "[ req ]" > $1.conf
echo "# Generated openssl conf" > $1.conf
echo "" >> $1.conf
echo "[ ca ]" >> $1.conf
echo "default_ca = CA_default" >> $1.conf
echo "[ CA_default ]" >> $1.conf
echo "certificate = ../ca-cert.pem" >> $1.conf
echo "database = ./index.txt" >> $1.conf
echo "new_certs_dir = ./certs" >> $1.conf
echo "private_key = ./private/cakey.pem" >> $1.conf
echo "serial = ./serial" >> $1.conf
echo "default_md = sha256" >> $1.conf
echo "default_days = 1000" >> $1.conf
echo "policy = default_ca_policy" >> $1.conf
echo "" >> $1.conf
echo "[ default_ca_policy ]" >> $1.conf
echo "commonName = supplied" >> $1.conf
echo "stateOrProvinceName = supplied" >> $1.conf
echo "countryName = supplied" >> $1.conf
echo "emailAddress = supplied" >> $1.conf
echo "organizationName = optional" >> $1.conf
echo "organizationalUnitName = optional" >> $1.conf
echo "" >> $1.conf
echo "[ req ]" >> $1.conf
echo "prompt = no" >> $1.conf
echo "default_bits = 2048" >> $1.conf
echo "distinguished_name = req_distinguished_name" >> $1.conf
echo "req_extensions = req_ext" >> $1.conf
if [ -n "$4" ]; then
echo "basicConstraints=CA:true,pathlen:0" >> $1.conf
echo "" >> $1.conf
fi
echo "" >> $1.conf
echo "[ req_distinguished_name ]" >> $1.conf
echo "C = US" >> $1.conf
@ -70,6 +96,40 @@ function generate_test_cert {
openssl x509 -inform pem -in $1.pem -outform der -out $1.der
}
function generate_expired_certs {
rm $1.der
rm $1.pem
mkdir -p certs
touch ./index.txt
echo 1000 > ./serial
echo "step 1 create configuration"
build_test_cert_conf $1 www.wolfssl.com 0 $3
echo "step 2 create csr"
openssl req -new -sha256 -out $1.csr -key $2 -config $1.conf
echo "step 3 check csr"
openssl req -text -noout -in $1.csr
echo "step 4 create cert"
openssl ca -selfsign -config $1.conf -keyfile $2 -in $1.csr -out $1.pem \
-startdate 201807310000Z -enddate 201808300000Z -batch
rm $1.conf
rm $1.csr
echo "step 5 add cert text information to pem"
openssl x509 -inform pem -in $1.pem -text > tmp.pem
mv tmp.pem $1.pem
echo "step 7 make binary der version"
openssl x509 -inform pem -in $1.pem -outform der -out $1.der
rm -rf certs
rm ./index.txt*
rm ./serial*
}
# Generate Good CN=localhost, Alt=None
generate_test_cert server-goodcn localhost "" 1
@ -101,3 +161,8 @@ generate_test_cert server-localhost localhost localhost
# Generate Bad Alt Name CN=localhost, Alt=garbage
generate_test_cert server-garbage localhost garbage
# Generate Expired Certificates
generate_expired_certs expired-ca ../ca-key.pem 1
generate_expired_certs expired-cert ../server-key.pem

29
certs/test/include.am
View File

@ -21,8 +21,8 @@ EXTRA_DIST += \
EXTRA_DIST += \
certs/test/gen-testcerts.sh \
certs/test/server-garbage.der \
certs/test/server-garbage.pem \
certs/test/server-garbage.der \
certs/test/server-garbage.pem \
certs/test/server-goodcn.pem \
certs/test/server-goodcn.der \
certs/test/server-goodalt.pem \
@ -39,21 +39,22 @@ EXTRA_DIST += \
certs/test/server-badaltnull.der \
certs/test/server-badaltname.der \
certs/test/server-badaltname.pem \
certs/test/server-localhost.der \
certs/test/server-localhost.pem \
certs/test/server-localhost.der \
certs/test/server-localhost.pem \
certs/crl/server-goodaltCrl.pem \
certs/crl/server-goodcnCrl.pem \
certs/crl/server-goodaltwildCrl.pem \
certs/crl/server-goodcnwildCrl.pem
EXTRA_DIST += \
certs/test/crit-cert.pem \
certs/test/crit-key.pem \
certs/test/dh1024.der \
certs/test/dh1024.pem \
certs/test/dh512.der \
certs/test/dh512.pem \
certs/test/digsigku.pem \
certs/test/expired-ca.pem \
certs/test/expired-cert.pem \
certs/test/expired-key.pem
certs/test/crit-cert.pem \
certs/test/crit-key.pem \
certs/test/dh1024.der \
certs/test/dh1024.pem \
certs/test/dh512.der \
certs/test/dh512.pem \
certs/test/digsigku.pem \
certs/test/expired-ca.pem \
certs/test/expired-ca.der \
certs/test/expired-cert.pem \
certs/test/expired-cert.der

74
doc/dox_comments/header_files/ssl.h
View File

@ -896,8 +896,8 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int);
as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not
defined when building the library, wolfSSL will load all CA certificates
located in the given directory. This function will attempt to load all
files in the directory and locate any files with the PEM header
-----BEGIN CERTIFICATE-----. Please see the examples for proper usage.
files in the directory. This function expects PEM formatted CERT_TYPE
file with header -----BEGIN CERTIFICATE-----.
\return SSL_SUCCESS up success.
\return SSL_FAILURE will be returned if ctx is NULL, or if both file and
@ -923,13 +923,14 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int);
int ret = 0;
WOLFSSL_CTX* ctx;
...
ret = wolfSSL_CTX_load_verify_locations(ctx, ./ca-cert.pem, 0);
if (ret != SSL_SUCCESS) {
ret = wolfSSL_CTX_load_verify_locations(ctx, ./ca-cert.pem, NULL);
if (ret != WOLFSSL_SUCCESS) {
// error loading CA certs
}
...
\endcode
\sa wolfSSL_CTX_load_verify_locations_ex
\sa wolfSSL_CTX_load_verify_buffer
\sa wolfSSL_CTX_use_certificate_file
\sa wolfSSL_CTX_use_PrivateKey_file
@ -942,6 +943,71 @@ WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int);
WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*,
const char*);
/*!
\ingroup CertsKeys
\brief This function loads PEM-formatted CA certificate files into the SSL
context (WOLFSSL_CTX). These certificates will be treated as trusted root
certificates and used to verify certs received from peers during the SSL
handshake. The root certificate file, provided by the file argument, may
be a single certificate or a file containing multiple certificates.
If multiple CA certs are included in the same file, wolfSSL will load them
in the same order they are presented in the file. The path argument is
a pointer to the name of a directory that contains certificates of
trusted root CAs. If the value of file is not NULL, path may be specified
as NULL if not needed. If path is specified and NO_WOLFSSL_DIR was not
defined when building the library, wolfSSL will load all CA certificates
located in the given directory. This function will attempt to load all
files in the directory based on flags specified. This function expects PEM
formatted CERT_TYPE files with header -----BEGIN CERTIFICATE-----.
\return SSL_SUCCESS up success.
\return SSL_FAILURE will be returned if ctx is NULL, or if both file and
path are NULL.
\return SSL_BAD_FILETYPE will be returned if the file is the wrong format.
\return SSL_BAD_FILE will be returned if the file doesnt exist, cant be
read, or is corrupted.
\return MEMORY_E will be returned if an out of memory condition occurs.
\return ASN_INPUT_E will be returned if Base16 decoding fails on the file.
\return BUFFER_E will be returned if a chain buffer is bigger than the
receiving buffer.
\return BAD_PATH_ERROR will be returned if opendir() fails when trying
to open path.
\param ctx pointer to the SSL context, created with wolfSSL_CTX_new().
\param file pointer to name of the file containing PEM-formatted CA
certificates.
\param path pointer to the name of a directory to load PEM-formatted
certificates from.
\param flags possible mask values are: WOLFSSL_LOAD_FLAG_IGNORE_ERR,
WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY and WOLFSSL_LOAD_FLAG_PEM_CA_ONLY
_Example_
\code
int ret = 0;
WOLFSSL_CTX* ctx;
...
ret = wolfSSL_CTX_load_verify_locations_ex(ctx, NUULL, ./certs/external",
WOLFSSL_LOAD_FLAG_PEM_CA_ONLY);
if (ret != WOLFSSL_SUCCESS) {
// error loading CA certs
}
...
\endcode
\sa wolfSSL_CTX_load_verify_locations
\sa wolfSSL_CTX_load_verify_buffer
\sa wolfSSL_CTX_use_certificate_file
\sa wolfSSL_CTX_use_PrivateKey_file
\sa wolfSSL_CTX_use_NTRUPrivateKey_file
\sa wolfSSL_CTX_use_certificate_chain_file
\sa wolfSSL_use_certificate_file
\sa wolfSSL_use_PrivateKey_file
\sa wolfSSL_use_certificate_chain_file
*/
WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*,
const char*, unsigned int flags);
/*!
\ingroup Setup

71
src/ssl.c
View File

@ -5085,7 +5085,7 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
WOLFSSL_MSG("Trying a CRL");
if (PemToDer(buff + used, sz - used, CRL_TYPE, &der, NULL, &info,
NULL) == 0) {
WOLFSSL_MSG(" Proccessed a CRL");
WOLFSSL_MSG(" Processed a CRL");
wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, der->buffer,
der->length, WOLFSSL_FILETYPE_ASN1);
FreeDer(&der);
@ -5095,26 +5095,26 @@ static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
}
#endif
#endif
if (ret < 0)
{
if(consumed > 0) { /* Made progress in file */
if (ret < 0) {
if (consumed > 0) { /* Made progress in file */
WOLFSSL_ERROR(ret);
WOLFSSL_MSG("CA Parse failed, with progress in file.");
WOLFSSL_MSG("Search for other certs in file");
} else {
}
else {
WOLFSSL_MSG("CA Parse failed, no progress in file.");
WOLFSSL_MSG("Do not continue search for other certs in file");
break;
}
} else {
}
else {
WOLFSSL_MSG(" Processed a CA");
gotOne = 1;
}
used += consumed;
}
if(gotOne)
{
if (gotOne) {
WOLFSSL_MSG("Processed at least one valid CA. Other stuff OK");
return WOLFSSL_SUCCESS;
}
@ -5733,17 +5733,18 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
return ret;
}
/* loads file then loads each file in path, no c_rehash */
int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
const char* path)
int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
const char* path, word32 flags)
{
int ret = WOLFSSL_SUCCESS;
#ifndef NO_WOLFSSL_DIR
int fileRet;
int successCount = 0;
int failCount = 0;
#endif
WOLFSSL_ENTER("wolfSSL_CTX_load_verify_locations");
WOLFSSL_MSG("wolfSSL_CTX_load_verify_locations_ex");
if (ctx == NULL || (file == NULL && path == NULL) )
return WOLFSSL_FAILURE;
@ -5767,30 +5768,70 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
/* try to load each regular file in path */
fileRet = wc_ReadDirFirst(readCtx, path, &name);
while (fileRet == 0 && name) {
WOLFSSL_MSG(name); /* log file name */
ret = ProcessFile(ctx, name, WOLFSSL_FILETYPE_PEM, CA_TYPE,
NULL, 0, NULL);
if (ret != WOLFSSL_SUCCESS)
break;
if (ret != WOLFSSL_SUCCESS) {
/* handle flags for ignoring errors, skipping expired certs or
by PEM certificate header error */
if ( (flags & WOLFSSL_LOAD_FLAG_IGNORE_ERR) ||
((flags & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) &&
(ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E)) ||
((flags & WOLFSSL_LOAD_FLAG_PEM_CA_ONLY) &&
(ret == ASN_NO_PEM_HEADER))) {
/* Do not fail here if a certificate fails to load,
continue to next file */
ret = WOLFSSL_SUCCESS;
}
else {
WOLFSSL_ERROR(ret);
WOLFSSL_MSG("Load CA file failed, continuing");
failCount++;
}
}
else {
successCount++;
}
fileRet = wc_ReadDirNext(readCtx, path, &name);
}
wc_ReadDirClose(readCtx);
/* pass directory read failure to response code */
if (ret == WOLFSSL_SUCCESS && fileRet != -1) {
if (fileRet != WC_READDIR_NOFILE) {
ret = fileRet;
}
/* report failure if no files were loaded or there were failures */
else if (successCount == 0 || failCount > 0) {
/* use existing error code if exists */
if (ret == WOLFSSL_SUCCESS)
ret = WOLFSSL_FAILURE;
}
else {
ret = WOLFSSL_SUCCESS;
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_DIRCTX);
#endif
#else
ret = NOT_COMPILED_IN;
(void)flags;
#endif
}
return ret;
}
#ifndef WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS
#define WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS WOLFSSL_LOAD_FLAG_NONE
#endif
int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
const char* path)
{
return wolfSSL_CTX_load_verify_locations_ex(ctx, file, path,
WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS);
}
#ifdef WOLFSSL_TRUST_PEER_CERT
/* Used to specify a peer cert to match when connecting

159
tests/api.c
View File

@ -697,32 +697,39 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
#ifdef PERSIST_CERT_CACHE
int cacheSz;
#endif
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
const char* load_certs_path = "./certs/external";
const char* load_no_certs_path = "./examples";
#endif
AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
/* invalid context */
AssertFalse(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, 0));
/* invalid arguments */
AssertIntEQ(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, NULL), WOLFSSL_FAILURE);
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL), WOLFSSL_FAILURE);
/* invalid ca file */
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, NULL, 0));
AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, bogusFile, 0));
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL), WOLFSSL_BAD_FILE);
#ifndef WOLFSSL_TIRTOS
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
/* invalid path */
/* not working... investigate! */
/* AssertFalse(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, bogusFile)); */
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile), BAD_PATH_ERROR);
#endif
/* load ca cert */
AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
#ifdef NO_RSA
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), ASN_UNKNOWN_OID_E);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);
#endif
#ifdef PERSIST_CERT_CACHE
/* Get cert cache size */
cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx);
#endif
/* Test unloading CA's */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UnloadCAs(ctx));
AssertIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS);
#ifdef PERSIST_CERT_CACHE
/* Verify no certs (result is less than cacheSz) */
@ -730,23 +737,143 @@ static void test_wolfSSL_CTX_load_verify_locations(void)
#endif
/* load ca cert again */
AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
#ifdef NO_RSA
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), ASN_UNKNOWN_OID_E);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);
#endif
/* Test getting CERT_MANAGER */
AssertNotNull(cm = wolfSSL_CTX_GetCertManager(ctx));
/* Test unloading CA's using CM */
AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerUnloadCAs(cm));
AssertIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
#ifdef PERSIST_CERT_CACHE
/* Verify no certs (result is less than cacheSz) */
AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
#endif
#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
/* Test loading CA certificates using a path */
#ifdef NO_RSA
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), ASN_UNKNOWN_OID_E);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
#endif
/* Test loading path with no files */
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_no_certs_path,
WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_FAILURE);
/* Test loading expired CA certificates */
#ifdef NO_RSA
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), ASN_UNKNOWN_OID_E);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
#endif
/* Test loading CA certificates and ignoring all errors */
#ifdef NO_RSA
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_FAILURE);
#else
AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_SUCCESS);
#endif
#endif
wolfSSL_CTX_free(ctx);
#endif
}
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz, int file_type)
{
int ret;
WOLFSSL_CERT_MANAGER* cm = NULL;
cm = wolfSSL_CertManagerNew();
if (cm == NULL) {
printf("test_cm_load_ca failed\n");
return -1;
}
ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, cert_sz, file_type);
wolfSSL_CertManagerFree(cm);
return ret;
}
static int test_cm_load_ca_file(const char* ca_cert_file)
{
int ret = 0;
byte* cert_buf = NULL;
size_t cert_sz = 0;
#if defined(WOLFSSL_PEM_TO_DER)
DerBuffer* pDer = NULL;
#endif
ret = load_file(ca_cert_file, &cert_buf, &cert_sz);
if (ret == 0) {
/* normal test */
ret = test_cm_load_ca_buffer(cert_buf, cert_sz, WOLFSSL_FILETYPE_PEM);
if (ret == 0) {
/* test including null terminator in length */
ret = test_cm_load_ca_buffer(cert_buf, cert_sz+1, WOLFSSL_FILETYPE_PEM);
}
#if defined(WOLFSSL_PEM_TO_DER)
if (ret == 0) {
/* test loading DER */
ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL);
if (ret == 0) {
ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length,
WOLFSSL_FILETYPE_ASN1);
wc_FreeDer(&pDer);
}
}
#endif
free(cert_buf);
}
return ret;
}
#endif /* !NO_FILESYSTEM && !NO_CERTS */
static int test_wolfSSL_CertManagerLoadCABuffer(void)
{
int ret = 0;
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
const char* ca_cert = "./certs/ca-cert.pem";
const char* ca_expired_cert = "./certs/test/expired-ca.pem";
ret = test_cm_load_ca_file(ca_cert);
#ifdef NO_RSA
AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
#else
AssertIntEQ(ret, WOLFSSL_SUCCESS);
#endif
ret = test_cm_load_ca_file(ca_expired_cert);
#ifdef NO_RSA
AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
#else
AssertIntEQ(ret, ASN_AFTER_DATE_E);
#endif
#endif
return ret;
}
static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
{
@ -16222,13 +16349,14 @@ static void test_wolfSSL_PEM_PrivateKey(void)
#if !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))
{
#define BIO_PEM_TEST_CHAR 'a'
EVP_PKEY* pkey2 = NULL;
unsigned char extra[10];
int i;
printf(testingFmt, "wolfSSL_PEM_PrivateKey()");
XMEMSET(extra, 0, sizeof(extra));
XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra));
AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE);
@ -16245,14 +16373,14 @@ static void test_wolfSSL_PEM_PrivateKey(void)
/* test creating new EVP_PKEY with good args */
AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr)
AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0);
AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz), 0);
/* test of reuse of EVP_PKEY */
AssertNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
AssertIntEQ(BIO_pending(bio), 0);
AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
SSL_SUCCESS);
AssertIntEQ(BIO_write(bio, extra, 10), 10); /*add 10 extra bytes after PEM*/
AssertIntEQ(BIO_write(bio, extra, 10), 10); /* add 10 extra bytes after PEM */
AssertNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
AssertNotNull(pkey);
if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) {
@ -16261,7 +16389,7 @@ static void test_wolfSSL_PEM_PrivateKey(void)
AssertIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */
AssertIntEQ(BIO_read(bio, extra, 10), 10);
for (i = 0; i < 10; i++) {
AssertIntEQ(extra[i], 0);
AssertIntEQ(extra[i], BIO_PEM_TEST_CHAR);
}
BIO_free(bio);
@ -20647,6 +20775,7 @@ void ApiTest(void)
AssertIntEQ(test_wolfSSL_CTX_use_certificate_buffer(), WOLFSSL_SUCCESS);
test_wolfSSL_CTX_use_PrivateKey_file();
test_wolfSSL_CTX_load_verify_locations();
test_wolfSSL_CertManagerLoadCABuffer();
test_wolfSSL_CTX_use_certificate_chain_file_format();
test_wolfSSL_CTX_trust_peer_cert();
test_wolfSSL_CTX_SetTmpDH_file();

5
wolfcrypt/src/asn.c
View File

@ -8389,9 +8389,12 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
consumedEnd = footerEnd + XSTRLEN(footer);
if (consumedEnd < bufferEnd) { /* handle no end of line on last line */
if (consumedEnd < bufferEnd) { /* handle no end of line on last line */
/* eat end of line characters */
consumedEnd = SkipEndOfLineChars(consumedEnd, bufferEnd);
/* skip possible null term */
if (consumedEnd < bufferEnd && consumedEnd[0] == '\0')
consumedEnd++;
}
if (info)

8
wolfcrypt/src/wc_port.c
View File

@ -247,10 +247,10 @@ int wolfCrypt_Cleanup(void)
!defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2)
/* File Handling Helpers */
/* returns 0 if file found, -1 if no files or negative error */
/* returns 0 if file found, WC_READDIR_NOFILE if no files or negative error */
int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
{
int ret = -1; /* default to no files found */
int ret = WC_READDIR_NOFILE; /* default to no files found */
int pathLen = 0;
int dnameLen = 0;
@ -329,10 +329,10 @@ int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name)
return ret;
}
/* returns 0 if file found, -1 if no more files */
/* returns 0 if file found, WC_READDIR_NOFILE if no more files */
int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name)
{
int ret = -1; /* default to no file found */
int ret = WC_READDIR_NOFILE; /* default to no file found */
int pathLen = 0;
int dnameLen = 0;

7
wolfssl/ssl.h
View File

@ -504,6 +504,13 @@ WOLFSSL_API int wolfSSL_is_static_memory(WOLFSSL* ssl,
WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int);
WOLFSSL_API int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX*, const char*, int);
#define WOLFSSL_LOAD_FLAG_NONE 0x00000000
#define WOLFSSL_LOAD_FLAG_IGNORE_ERR 0x00000001
#define WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY 0x00000002
#define WOLFSSL_LOAD_FLAG_PEM_CA_ONLY 0x00000004
WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX*, const char*,
const char*, unsigned int);
WOLFSSL_API int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX*, const char*,
const char*);
#ifdef WOLFSSL_TRUST_PEER_CERT

2
wolfssl/wolfcrypt/wc_port.h
View File

@ -357,6 +357,8 @@ WOLFSSL_API int wolfCrypt_Cleanup(void);
char name[MAX_FILENAME_SZ];
} ReadDirCtx;
#define WC_READDIR_NOFILE -1
WOLFSSL_API int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name);
WOLFSSL_API int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name);
WOLFSSL_API void wc_ReadDirClose(ReadDirCtx* ctx);