Skip to content

Commit

Permalink
add and use WOLFSSL_PARTIAL_CHAIN as native bitmask macro for compat …
Browse files Browse the repository at this point in the history
…layer X509_V_FLAG_PARTIAL_CHAIN, and remove unused/unsupported X509_V_FLAG_TRUSTED_FIRST;

in src/x509_str.c, fix several C++ "invalid conversion" errors in X509StoreFreeObjList() and wolfSSL_X509_STORE_get0_objects().
  • Loading branch information
douzzer committed Oct 23, 2024
1 parent c8421b3 commit a17ca40
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 11 deletions.
18 changes: 9 additions & 9 deletions src/x509_str.c
Original file line number Diff line number Diff line change
Expand Up @@ -415,8 +415,8 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
* a trusted CA in the CM */
ret = X509StoreVerifyCert(ctx);
if (ret != WOLFSSL_SUCCESS) {
if (((ctx->flags & X509_V_FLAG_PARTIAL_CHAIN) ||
(ctx->store->param->flags & X509_V_FLAG_PARTIAL_CHAIN)) &&
if (((ctx->flags & WOLFSSL_PARTIAL_CHAIN) ||
(ctx->store->param->flags & WOLFSSL_PARTIAL_CHAIN)) &&
(added == 1)) {
wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert);
ret = WOLFSSL_SUCCESS;
Expand Down Expand Up @@ -592,8 +592,8 @@ int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx,
void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx,
unsigned long flags)
{
if ((ctx != NULL) && (flags & X509_V_FLAG_PARTIAL_CHAIN)){
ctx->flags |= X509_V_FLAG_PARTIAL_CHAIN;
if ((ctx != NULL) && (flags & WOLFSSL_PARTIAL_CHAIN)){
ctx->flags |= WOLFSSL_PARTIAL_CHAIN;
}
}

Expand Down Expand Up @@ -1059,9 +1059,9 @@ static void X509StoreFreeObjList(WOLFSSL_X509_STORE* store,
i = wolfSSL_sk_X509_OBJECT_num(objs) - 1;
while (cnt > 0 && i > 0) {
/* The inner X509 is owned by somebody else, NULL out the reference */
obj = wolfSSL_sk_X509_OBJECT_value(objs, i);
obj = (WOLFSSL_X509_OBJECT *)wolfSSL_sk_X509_OBJECT_value(objs, i);
if (obj != NULL) {
obj->type = 0;
obj->type = (WOLFSSL_X509_LOOKUP_TYPE)0;
obj->data.ptr = NULL;
}
cnt--;
Expand Down Expand Up @@ -1363,8 +1363,8 @@ int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag)
ret = wolfSSL_CertManagerDisableCRL(store->cm);
}
#endif
if (flag & X509_V_FLAG_PARTIAL_CHAIN) {
store->param->flags |= X509_V_FLAG_PARTIAL_CHAIN;
if (flag & WOLFSSL_PARTIAL_CHAIN) {
store->param->flags |= WOLFSSL_PARTIAL_CHAIN;
}
return ret;
}
Expand Down Expand Up @@ -1753,7 +1753,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
/* Do not modify stack until after we guarantee success to
* simplify cleanup logic handling cert merging above */
for (i = 0; i < wolfSSL_sk_X509_num(cert_stack); i++) {
x509 = wolfSSL_sk_value(cert_stack, i);
x509 = (WOLFSSL_X509 *)wolfSSL_sk_value(cert_stack, i);
obj = wolfSSL_X509_OBJECT_new();
if (obj == NULL) {
WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error");
Expand Down
3 changes: 1 addition & 2 deletions wolfssl/openssl/ssl.h
Original file line number Diff line number Diff line change
Expand Up @@ -643,8 +643,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY;
#define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK
#define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL

#define X509_V_FLAG_PARTIAL_CHAIN 0x80000
#define X509_V_FLAG_TRUSTED_FIRST 0
#define X509_V_FLAG_PARTIAL_CHAIN WOLFSSL_PARTIAL_CHAIN

#define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME
#define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME
Expand Down
1 change: 1 addition & 0 deletions wolfssl/ssl.h
Original file line number Diff line number Diff line change
Expand Up @@ -616,6 +616,7 @@ struct WOLFSSL_X509_STORE {
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
#define WOLFSSL_USE_CHECK_TIME 0x2
#define WOLFSSL_NO_CHECK_TIME 0x200000
#define WOLFSSL_PARTIAL_CHAIN 0x80000
#define WOLFSSL_HOST_NAME_MAX 256

#define WOLFSSL_VPARAM_DEFAULT 0x1
Expand Down

0 comments on commit a17ca40

Please sign in to comment.