* added POSIX definitions for XFEOF(), XFERROR(), and XCLEARERR(), currently with no-op fallbacks for !POSIX.
* added missing file handle checks in testsuite/testsuite.c:file_test() and tests/utils.h:copy_file().
* added fixes and suppression around tests/api.c:test_wolfSSL_SMIME_read_PKCS7().
* added various fixes in examples/asn1/asn1.c and examples/pem/pem.c.
asn1.c: Allow sample to build without coding (base64 decoding).
set_curves_list(): function for ECC, Ed25519, Ed448 but this block of
code is ECC only. Fixed #ifdef protection.
wolfSSL_CTX_set1_curves_list and wolfSSL_set1_curves_list also available
when Curve25519/Curve448 compiled in but not ECC.
Moved E[CD][25519||448] APIs to pk.c
Move public key PEM APIs to pk.c.
Move wolfSSL loading and using of private keys and certificates to
ssl_load.c
Move PKCS#7 and PKCS#12 APIs to ssl_p7p12.c.
Move session and session cache APIs to ssl_sess.c.
Other minor fixes.
As per https://datatracker.ietf.org/doc/html/rfc7250#section-3 Figure 1,
the RPK is a single ASN.1_subjectPublicKeyInfo, whereas X509 certificates
etc. are transmitted as a certificate list (even if there is only 1).
This is for (D)TLS1.2 transfers, and this PR fixes this.
As per https://datatracker.ietf.org/doc/html/rfc8446#section-4.4.2 all
certificates (both RPK and Z509) are transferred using a certificate list.
Update examples client to support RPK certificates.
For testing:-
Server:
$ gnutls-serv --http --x509fmtder --priority NORMAL:+CTYPE-CLI-RAWPK:+CTYPE-SRV-RAWPK --rawpkfile certs/server-keyPub.der --rawpkkeyfile certs/server-key.der
Client:
$ examples/client/client -g -p 5556 -c certs/client-keyPub.der -k certs/client-key.der --rpk --files-are-der
- DTLS 1.3 pqc support
- Add --enable-dtls-frag-ch option to enable CH fragmenting
- Send an alert when we get an empty keyshare with a cookie present to not allow for multiple HRR in one connection
- Only update the DTLS window when we have successfully processed or stored a message
- Call ssl->chGoodCb as soon as we have processed a verified full or fragmented ClientHello cookie
