mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1281 from dgarske/fix_ocsp_nb_checkall

Browse Source 
Fix for OCSP non-blocking with check all flag set
This commit is contained in:
toddouska 2017-12-20 09:04:09 -08:00 committed by GitHub
commit ac8996c9bc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
examples/client/client.c
View File

@ -1583,7 +1583,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
| WOLFSSL_OCSP_URL_OVERRIDE);
}
else {
wolfSSL_CTX_EnableOCSP(ctx, 0);
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL);
}
#ifdef WOLFSSL_NONBLOCK_OCSP

15
src/internal.c
View File

@ -8101,6 +8101,12 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
args->dCertInit = 1;
}
/* check if returning from non-blocking OCSP */
#ifdef WOLFSSL_NONBLOCK_OCSP
if (args->lastErr != OCSP_WANT_READ)
{
#endif
ret = ParseCertRelative(args->dCert, CERT_TYPE,
!ssl->options.verifyNone, ssl->ctx->cm);
#ifdef WOLFSSL_ASYNC_CRYPT
@ -8225,6 +8231,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
WOLFSSL_MSG("Verified CA from chain and already had it");
}
#ifdef WOLFSSL_NONBLOCK_OCSP
}
else {
args->lastErr = 0; /* clear last error */
}
#endif
#if defined(HAVE_OCSP) || defined(HAVE_CRL)
if (ret == 0) {
int doCrlLookup = 1;
@ -8243,6 +8256,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
args->dCert, NULL, ssl);
#ifdef WOLFSSL_NONBLOCK_OCSP
if (ret == OCSP_WANT_READ) {
args->lastErr = ret;
goto exit_ppc;
}
#endif
@ -8262,6 +8276,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
ret = CheckCertCRL(ssl->ctx->cm->crl, args->dCert);
#ifdef WOLFSSL_NONBLOCK_OCSP
if (ret == OCSP_WANT_READ) {
args->lastErr = ret;
goto exit_ppc;
}
#endif