cjson
fuzzing
inputs
test1 test10 test11 test2 test3 test3.bu test3.uf test3.uu test4 test5 test6 test7 test8 test9library_config
cJSONConfig.cmake.in cJSONConfigVersion.cmake.in libcjson.pc.in libcjson_utils.pc.in uninstall.cmaketests
inputs
test1 test1.expected test10 test10.expected test11 test11.expected test2 test2.expected test3 test3.expected test4 test4.expected test5 test5.expected test6 test7 test7.expected test8 test8.expected test9 test9.expectedjson-patch-tests
.editorconfig .gitignore .npmignore README.md cjson-utils-tests.json package.json spec_tests.json tests.jsonunity
auto
colour_prompt.rb colour_reporter.rb generate_config.yml generate_module.rb generate_test_runner.rb parse_output.rb stylize_as_junit.rb test_file_filter.rb type_sanitizer.rb unity_test_summary.py unity_test_summary.rb unity_to_junit.pydocs
ThrowTheSwitchCodingStandard.md UnityAssertionsCheatSheetSuitableforPrintingandPossiblyFraming.pdf UnityAssertionsReference.md UnityConfigurationGuide.md UnityGettingStartedGuide.md UnityHelperScriptsGuide.md license.txtexamples
unity_config.hcurl
.github
scripts
cleancmd.pl cmp-config.pl cmp-pkg-config.sh codespell-ignore.words codespell.sh distfiles.sh pyspelling.words pyspelling.yaml randcurl.pl requirements-docs.txt requirements-proselint.txt requirements.txt shellcheck-ci.sh shellcheck.sh spellcheck.curl trimmarkdownheader.pl typos.sh typos.toml verify-examples.pl verify-synopsis.pl yamlcheck.sh yamlcheck.yamlworkflows
appveyor-status.yml checkdocs.yml checksrc.yml checkurls.yml codeql.yml configure-vs-cmake.yml curl-for-win.yml distcheck.yml fuzz.yml http3-linux.yml label.yml linux-old.yml linux.yml macos.yml non-native.yml windows.ymlCMake
CurlSymbolHiding.cmake CurlTests.c FindBrotli.cmake FindCares.cmake FindGSS.cmake FindGnuTLS.cmake FindLDAP.cmake FindLibbacktrace.cmake FindLibgsasl.cmake FindLibidn2.cmake FindLibpsl.cmake FindLibssh.cmake FindLibssh2.cmake FindLibuv.cmake FindMbedTLS.cmake FindNGHTTP2.cmake FindNGHTTP3.cmake FindNGTCP2.cmake FindNettle.cmake FindQuiche.cmake FindRustls.cmake FindWolfSSL.cmake FindZstd.cmake Macros.cmake OtherTests.cmake PickyWarnings.cmake Utilities.cmake cmake_uninstall.in.cmake curl-config.in.cmake unix-cache.cmake win32-cache.cmakedocs
cmdline-opts
.gitignore CMakeLists.txt MANPAGE.md Makefile.am Makefile.inc _AUTHORS.md _BUGS.md _DESCRIPTION.md _ENVIRONMENT.md _EXITCODES.md _FILES.md _GLOBBING.md _NAME.md _OPTIONS.md _OUTPUT.md _PROGRESS.md _PROTOCOLS.md _PROXYPREFIX.md _SEEALSO.md _SYNOPSIS.md _URL.md _VARIABLES.md _VERSION.md _WWW.md abstract-unix-socket.md alt-svc.md anyauth.md append.md aws-sigv4.md basic.md ca-native.md cacert.md capath.md cert-status.md cert-type.md cert.md ciphers.md compressed-ssh.md compressed.md config.md connect-timeout.md connect-to.md continue-at.md cookie-jar.md cookie.md create-dirs.md create-file-mode.md crlf.md crlfile.md curves.md data-ascii.md data-binary.md data-raw.md data-urlencode.md data.md delegation.md digest.md disable-eprt.md disable-epsv.md disable.md disallow-username-in-url.md dns-interface.md dns-ipv4-addr.md dns-ipv6-addr.md dns-servers.md doh-cert-status.md doh-insecure.md doh-url.md dump-ca-embed.md dump-header.md ech.md egd-file.md engine.md etag-compare.md etag-save.md expect100-timeout.md fail-early.md fail-with-body.md fail.md false-start.md follow.md form-escape.md form-string.md form.md ftp-account.md ftp-alternative-to-user.md ftp-create-dirs.md ftp-method.md ftp-pasv.md ftp-port.md ftp-pret.md ftp-skip-pasv-ip.md ftp-ssl-ccc-mode.md ftp-ssl-ccc.md ftp-ssl-control.md get.md globoff.md happy-eyeballs-timeout-ms.md haproxy-clientip.md haproxy-protocol.md head.md header.md help.md hostpubmd5.md hostpubsha256.md hsts.md http0.9.md http1.0.md http1.1.md http2-prior-knowledge.md http2.md http3-only.md http3.md ignore-content-length.md insecure.md interface.md ip-tos.md ipfs-gateway.md ipv4.md ipv6.md json.md junk-session-cookies.md keepalive-cnt.md keepalive-time.md key-type.md key.md knownhosts.md krb.md libcurl.md limit-rate.md list-only.md local-port.md location-trusted.md location.md login-options.md mail-auth.md mail-from.md mail-rcpt-allowfails.md mail-rcpt.md mainpage.idx manual.md max-filesize.md max-redirs.md max-time.md metalink.md mptcp.md negotiate.md netrc-file.md netrc-optional.md netrc.md next.md no-alpn.md no-buffer.md no-clobber.md no-keepalive.md no-npn.md no-progress-meter.md no-sessionid.md noproxy.md ntlm-wb.md ntlm.md oauth2-bearer.md out-null.md output-dir.md output.md parallel-immediate.md parallel-max-host.md parallel-max.md parallel.md pass.md path-as-is.md pinnedpubkey.md post301.md post302.md post303.md preproxy.md progress-bar.md proto-default.md proto-redir.md proto.md proxy-anyauth.md proxy-basic.md proxy-ca-native.md proxy-cacert.md proxy-capath.md proxy-cert-type.md proxy-cert.md proxy-ciphers.md proxy-crlfile.md proxy-digest.md proxy-header.md proxy-http2.md proxy-insecure.md proxy-key-type.md proxy-key.md proxy-negotiate.md proxy-ntlm.md proxy-pass.md proxy-pinnedpubkey.md proxy-service-name.md proxy-ssl-allow-beast.md proxy-ssl-auto-client-cert.md proxy-tls13-ciphers.md proxy-tlsauthtype.md proxy-tlspassword.md proxy-tlsuser.md proxy-tlsv1.md proxy-user.md proxy.md proxy1.0.md proxytunnel.md pubkey.md quote.md random-file.md range.md rate.md raw.md referer.md remote-header-name.md remote-name-all.md remote-name.md remote-time.md remove-on-error.md request-target.md request.md resolve.md retry-all-errors.md retry-connrefused.md retry-delay.md retry-max-time.md retry.md sasl-authzid.md sasl-ir.md service-name.md show-error.md show-headers.md sigalgs.md silent.md skip-existing.md socks4.md socks4a.md socks5-basic.md socks5-gssapi-nec.md socks5-gssapi-service.md socks5-gssapi.md socks5-hostname.md socks5.md speed-limit.md speed-time.md ssl-allow-beast.md ssl-auto-client-cert.md ssl-no-revoke.md ssl-reqd.md ssl-revoke-best-effort.md ssl-sessions.md ssl.md sslv2.md sslv3.md stderr.md styled-output.md suppress-connect-headers.md tcp-fastopen.md tcp-nodelay.md telnet-option.md tftp-blksize.md tftp-no-options.md time-cond.md tls-earlydata.md tls-max.md tls13-ciphers.md tlsauthtype.md tlspassword.md tlsuser.md tlsv1.0.md tlsv1.1.md tlsv1.2.md tlsv1.3.md tlsv1.md tr-encoding.md trace-ascii.md trace-config.md trace-ids.md trace-time.md trace.md unix-socket.md upload-file.md upload-flags.md url-query.md url.md use-ascii.md user-agent.md user.md variable.md verbose.md version.md vlan-priority.md write-out.md xattr.mdexamples
.checksrc .gitignore 10-at-a-time.c CMakeLists.txt Makefile.am Makefile.example Makefile.inc README.md adddocsref.pl address-scope.c altsvc.c anyauthput.c block_ip.c cacertinmem.c certinfo.c chkspeed.c connect-to.c cookie_interface.c crawler.c debug.c default-scheme.c ephiperfifo.c evhiperfifo.c externalsocket.c fileupload.c ftp-delete.c ftp-wildcard.c ftpget.c ftpgetinfo.c ftpgetresp.c ftpsget.c ftpupload.c ftpuploadfrommem.c ftpuploadresume.c getinfo.c getinmemory.c getredirect.c getreferrer.c ghiper.c headerapi.c hiperfifo.c hsts-preload.c htmltidy.c htmltitle.cpp http-options.c http-post.c http2-download.c http2-pushinmemory.c http2-serverpush.c http2-upload.c http3-present.c http3.c httpcustomheader.c httpput-postfields.c httpput.c https.c imap-append.c imap-authzid.c imap-copy.c imap-create.c imap-delete.c imap-examine.c imap-fetch.c imap-list.c imap-lsub.c imap-multi.c imap-noop.c imap-search.c imap-ssl.c imap-store.c imap-tls.c interface.c ipv6.c keepalive.c localport.c log_failed_transfers.c maxconnects.c multi-app.c multi-debugcallback.c multi-double.c multi-event.c multi-formadd.c multi-legacy.c multi-post.c multi-single.c multi-uv.c netrc.c parseurl.c persistent.c pop3-authzid.c pop3-dele.c pop3-list.c pop3-multi.c pop3-noop.c pop3-retr.c pop3-ssl.c pop3-stat.c pop3-tls.c pop3-top.c pop3-uidl.c post-callback.c postinmemory.c postit2-formadd.c postit2.c progressfunc.c protofeats.c range.c resolve.c rtsp-options.c sendrecv.c sepheaders.c sessioninfo.c sftpget.c sftpuploadresume.c shared-connection-cache.c simple.c simplepost.c simplessl.c smooth-gtk-thread.c smtp-authzid.c smtp-expn.c smtp-mail.c smtp-mime.c smtp-multi.c smtp-ssl.c smtp-tls.c smtp-vrfy.c sslbackend.c synctime.c threaded.c unixsocket.c url2file.c urlapi.c usercertinmem.c version-check.pl websocket-cb.c websocket-updown.c websocket.c xmlstream.cinternals
BUFQ.md BUFREF.md CHECKSRC.md CLIENT-READERS.md CLIENT-WRITERS.md CODE_STYLE.md CONNECTION-FILTERS.md CREDENTIALS.md CURLX.md DYNBUF.md HASH.md LLIST.md MID.md MQTT.md MULTI-EV.md NEW-PROTOCOL.md PEERS.md PORTING.md RATELIMITS.md README.md SCORECARD.md SPLAY.md STRPARSE.md THRDPOOL-AND-QUEUE.md TIME-KEEPING.md TLS-SESSIONS.md UINT_SETS.md WEBSOCKET.mdlibcurl
opts
CMakeLists.txt CURLINFO_ACTIVESOCKET.md CURLINFO_APPCONNECT_TIME.md CURLINFO_APPCONNECT_TIME_T.md CURLINFO_CAINFO.md CURLINFO_CAPATH.md CURLINFO_CERTINFO.md CURLINFO_CONDITION_UNMET.md CURLINFO_CONNECT_TIME.md CURLINFO_CONNECT_TIME_T.md CURLINFO_CONN_ID.md CURLINFO_CONTENT_LENGTH_DOWNLOAD.md CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md CURLINFO_CONTENT_LENGTH_UPLOAD.md CURLINFO_CONTENT_LENGTH_UPLOAD_T.md CURLINFO_CONTENT_TYPE.md CURLINFO_COOKIELIST.md CURLINFO_EARLYDATA_SENT_T.md CURLINFO_EFFECTIVE_METHOD.md CURLINFO_EFFECTIVE_URL.md CURLINFO_FILETIME.md CURLINFO_FILETIME_T.md CURLINFO_FTP_ENTRY_PATH.md CURLINFO_HEADER_SIZE.md CURLINFO_HTTPAUTH_AVAIL.md CURLINFO_HTTPAUTH_USED.md CURLINFO_HTTP_CONNECTCODE.md CURLINFO_HTTP_VERSION.md CURLINFO_LASTSOCKET.md CURLINFO_LOCAL_IP.md CURLINFO_LOCAL_PORT.md CURLINFO_NAMELOOKUP_TIME.md CURLINFO_NAMELOOKUP_TIME_T.md CURLINFO_NUM_CONNECTS.md CURLINFO_OS_ERRNO.md CURLINFO_POSTTRANSFER_TIME_T.md CURLINFO_PRETRANSFER_TIME.md CURLINFO_PRETRANSFER_TIME_T.md CURLINFO_PRIMARY_IP.md CURLINFO_PRIMARY_PORT.md CURLINFO_PRIVATE.md CURLINFO_PROTOCOL.md CURLINFO_PROXYAUTH_AVAIL.md CURLINFO_PROXYAUTH_USED.md CURLINFO_PROXY_ERROR.md CURLINFO_PROXY_SSL_VERIFYRESULT.md CURLINFO_QUEUE_TIME_T.md CURLINFO_REDIRECT_COUNT.md CURLINFO_REDIRECT_TIME.md CURLINFO_REDIRECT_TIME_T.md CURLINFO_REDIRECT_URL.md CURLINFO_REFERER.md CURLINFO_REQUEST_SIZE.md CURLINFO_RESPONSE_CODE.md CURLINFO_RETRY_AFTER.md CURLINFO_RTSP_CLIENT_CSEQ.md CURLINFO_RTSP_CSEQ_RECV.md CURLINFO_RTSP_SERVER_CSEQ.md CURLINFO_RTSP_SESSION_ID.md CURLINFO_SCHEME.md CURLINFO_SIZE_DELIVERED.md CURLINFO_SIZE_DOWNLOAD.md CURLINFO_SIZE_DOWNLOAD_T.md CURLINFO_SIZE_UPLOAD.md CURLINFO_SIZE_UPLOAD_T.md CURLINFO_SPEED_DOWNLOAD.md CURLINFO_SPEED_DOWNLOAD_T.md CURLINFO_SPEED_UPLOAD.md CURLINFO_SPEED_UPLOAD_T.md CURLINFO_SSL_ENGINES.md CURLINFO_SSL_VERIFYRESULT.md CURLINFO_STARTTRANSFER_TIME.md CURLINFO_STARTTRANSFER_TIME_T.md CURLINFO_TLS_SESSION.md CURLINFO_TLS_SSL_PTR.md CURLINFO_TOTAL_TIME.md CURLINFO_TOTAL_TIME_T.md CURLINFO_USED_PROXY.md CURLINFO_XFER_ID.md CURLMINFO_XFERS_ADDED.md CURLMINFO_XFERS_CURRENT.md CURLMINFO_XFERS_DONE.md CURLMINFO_XFERS_PENDING.md CURLMINFO_XFERS_RUNNING.md CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.md CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.md CURLMOPT_MAXCONNECTS.md CURLMOPT_MAX_CONCURRENT_STREAMS.md CURLMOPT_MAX_HOST_CONNECTIONS.md CURLMOPT_MAX_PIPELINE_LENGTH.md CURLMOPT_MAX_TOTAL_CONNECTIONS.md CURLMOPT_NETWORK_CHANGED.md CURLMOPT_NOTIFYDATA.md CURLMOPT_NOTIFYFUNCTION.md CURLMOPT_PIPELINING.md CURLMOPT_PIPELINING_SERVER_BL.md CURLMOPT_PIPELINING_SITE_BL.md CURLMOPT_PUSHDATA.md CURLMOPT_PUSHFUNCTION.md CURLMOPT_QUICK_EXIT.md CURLMOPT_RESOLVE_THREADS_MAX.md CURLMOPT_SOCKETDATA.md CURLMOPT_SOCKETFUNCTION.md CURLMOPT_TIMERDATA.md CURLMOPT_TIMERFUNCTION.md CURLOPT_ABSTRACT_UNIX_SOCKET.md CURLOPT_ACCEPTTIMEOUT_MS.md CURLOPT_ACCEPT_ENCODING.md CURLOPT_ADDRESS_SCOPE.md CURLOPT_ALTSVC.md CURLOPT_ALTSVC_CTRL.md CURLOPT_APPEND.md CURLOPT_AUTOREFERER.md CURLOPT_AWS_SIGV4.md CURLOPT_BUFFERSIZE.md CURLOPT_CAINFO.md CURLOPT_CAINFO_BLOB.md CURLOPT_CAPATH.md CURLOPT_CA_CACHE_TIMEOUT.md CURLOPT_CERTINFO.md CURLOPT_CHUNK_BGN_FUNCTION.md CURLOPT_CHUNK_DATA.md CURLOPT_CHUNK_END_FUNCTION.md CURLOPT_CLOSESOCKETDATA.md CURLOPT_CLOSESOCKETFUNCTION.md CURLOPT_CONNECTTIMEOUT.md CURLOPT_CONNECTTIMEOUT_MS.md CURLOPT_CONNECT_ONLY.md CURLOPT_CONNECT_TO.md CURLOPT_CONV_FROM_NETWORK_FUNCTION.md CURLOPT_CONV_FROM_UTF8_FUNCTION.md CURLOPT_CONV_TO_NETWORK_FUNCTION.md CURLOPT_COOKIE.md CURLOPT_COOKIEFILE.md CURLOPT_COOKIEJAR.md CURLOPT_COOKIELIST.md CURLOPT_COOKIESESSION.md CURLOPT_COPYPOSTFIELDS.md CURLOPT_CRLF.md CURLOPT_CRLFILE.md CURLOPT_CURLU.md CURLOPT_CUSTOMREQUEST.md CURLOPT_DEBUGDATA.md CURLOPT_DEBUGFUNCTION.md CURLOPT_DEFAULT_PROTOCOL.md CURLOPT_DIRLISTONLY.md CURLOPT_DISALLOW_USERNAME_IN_URL.md CURLOPT_DNS_CACHE_TIMEOUT.md CURLOPT_DNS_INTERFACE.md CURLOPT_DNS_LOCAL_IP4.md CURLOPT_DNS_LOCAL_IP6.md CURLOPT_DNS_SERVERS.md CURLOPT_DNS_SHUFFLE_ADDRESSES.md CURLOPT_DNS_USE_GLOBAL_CACHE.md CURLOPT_DOH_SSL_VERIFYHOST.md CURLOPT_DOH_SSL_VERIFYPEER.md CURLOPT_DOH_SSL_VERIFYSTATUS.md CURLOPT_DOH_URL.md CURLOPT_ECH.md CURLOPT_EGDSOCKET.md CURLOPT_ERRORBUFFER.md CURLOPT_EXPECT_100_TIMEOUT_MS.md CURLOPT_FAILONERROR.md CURLOPT_FILETIME.md CURLOPT_FNMATCH_DATA.md CURLOPT_FNMATCH_FUNCTION.md CURLOPT_FOLLOWLOCATION.md CURLOPT_FORBID_REUSE.md CURLOPT_FRESH_CONNECT.md CURLOPT_FTPPORT.md CURLOPT_FTPSSLAUTH.md CURLOPT_FTP_ACCOUNT.md CURLOPT_FTP_ALTERNATIVE_TO_USER.md CURLOPT_FTP_CREATE_MISSING_DIRS.md CURLOPT_FTP_FILEMETHOD.md CURLOPT_FTP_SKIP_PASV_IP.md CURLOPT_FTP_SSL_CCC.md CURLOPT_FTP_USE_EPRT.md CURLOPT_FTP_USE_EPSV.md CURLOPT_FTP_USE_PRET.md CURLOPT_GSSAPI_DELEGATION.md CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.md CURLOPT_HAPROXYPROTOCOL.md CURLOPT_HAPROXY_CLIENT_IP.md CURLOPT_HEADER.md CURLOPT_HEADERDATA.md CURLOPT_HEADERFUNCTION.md CURLOPT_HEADEROPT.md CURLOPT_HSTS.md CURLOPT_HSTSREADDATA.md CURLOPT_HSTSREADFUNCTION.md CURLOPT_HSTSWRITEDATA.md CURLOPT_HSTSWRITEFUNCTION.md CURLOPT_HSTS_CTRL.md CURLOPT_HTTP09_ALLOWED.md CURLOPT_HTTP200ALIASES.md CURLOPT_HTTPAUTH.md CURLOPT_HTTPGET.md CURLOPT_HTTPHEADER.md CURLOPT_HTTPPOST.md CURLOPT_HTTPPROXYTUNNEL.md CURLOPT_HTTP_CONTENT_DECODING.md CURLOPT_HTTP_TRANSFER_DECODING.md CURLOPT_HTTP_VERSION.md CURLOPT_IGNORE_CONTENT_LENGTH.md CURLOPT_INFILESIZE.md CURLOPT_INFILESIZE_LARGE.md CURLOPT_INTERFACE.md CURLOPT_INTERLEAVEDATA.md CURLOPT_INTERLEAVEFUNCTION.md CURLOPT_IOCTLDATA.md CURLOPT_IOCTLFUNCTION.md CURLOPT_IPRESOLVE.md CURLOPT_ISSUERCERT.md CURLOPT_ISSUERCERT_BLOB.md CURLOPT_KEEP_SENDING_ON_ERROR.md CURLOPT_KEYPASSWD.md CURLOPT_KRBLEVEL.md CURLOPT_LOCALPORT.md CURLOPT_LOCALPORTRANGE.md CURLOPT_LOGIN_OPTIONS.md CURLOPT_LOW_SPEED_LIMIT.md CURLOPT_LOW_SPEED_TIME.md CURLOPT_MAIL_AUTH.md CURLOPT_MAIL_FROM.md CURLOPT_MAIL_RCPT.md CURLOPT_MAIL_RCPT_ALLOWFAILS.md CURLOPT_MAXAGE_CONN.md CURLOPT_MAXCONNECTS.md CURLOPT_MAXFILESIZE.md CURLOPT_MAXFILESIZE_LARGE.md CURLOPT_MAXLIFETIME_CONN.md CURLOPT_MAXREDIRS.md CURLOPT_MAX_RECV_SPEED_LARGE.md CURLOPT_MAX_SEND_SPEED_LARGE.md CURLOPT_MIMEPOST.md CURLOPT_MIME_OPTIONS.md CURLOPT_NETRC.md CURLOPT_NETRC_FILE.md CURLOPT_NEW_DIRECTORY_PERMS.md CURLOPT_NEW_FILE_PERMS.md CURLOPT_NOBODY.md CURLOPT_NOPROGRESS.md CURLOPT_NOPROXY.md CURLOPT_NOSIGNAL.md CURLOPT_OPENSOCKETDATA.md CURLOPT_OPENSOCKETFUNCTION.md CURLOPT_PASSWORD.md CURLOPT_PATH_AS_IS.md CURLOPT_PINNEDPUBLICKEY.md CURLOPT_PIPEWAIT.md CURLOPT_PORT.md CURLOPT_POST.md CURLOPT_POSTFIELDS.md CURLOPT_POSTFIELDSIZE.md CURLOPT_POSTFIELDSIZE_LARGE.md CURLOPT_POSTQUOTE.md CURLOPT_POSTREDIR.md CURLOPT_PREQUOTE.md CURLOPT_PREREQDATA.md CURLOPT_PREREQFUNCTION.md CURLOPT_PRE_PROXY.md CURLOPT_PRIVATE.md CURLOPT_PROGRESSDATA.md CURLOPT_PROGRESSFUNCTION.md CURLOPT_PROTOCOLS.md CURLOPT_PROTOCOLS_STR.md CURLOPT_PROXY.md CURLOPT_PROXYAUTH.md CURLOPT_PROXYHEADER.md CURLOPT_PROXYPASSWORD.md CURLOPT_PROXYPORT.md CURLOPT_PROXYTYPE.md CURLOPT_PROXYUSERNAME.md CURLOPT_PROXYUSERPWD.md CURLOPT_PROXY_CAINFO.md CURLOPT_PROXY_CAINFO_BLOB.md CURLOPT_PROXY_CAPATH.md CURLOPT_PROXY_CRLFILE.md CURLOPT_PROXY_ISSUERCERT.md CURLOPT_PROXY_ISSUERCERT_BLOB.md CURLOPT_PROXY_KEYPASSWD.md CURLOPT_PROXY_PINNEDPUBLICKEY.md CURLOPT_PROXY_SERVICE_NAME.md CURLOPT_PROXY_SSLCERT.md CURLOPT_PROXY_SSLCERTTYPE.md CURLOPT_PROXY_SSLCERT_BLOB.md CURLOPT_PROXY_SSLKEY.md CURLOPT_PROXY_SSLKEYTYPE.md CURLOPT_PROXY_SSLKEY_BLOB.md CURLOPT_PROXY_SSLVERSION.md CURLOPT_PROXY_SSL_CIPHER_LIST.md CURLOPT_PROXY_SSL_OPTIONS.md CURLOPT_PROXY_SSL_VERIFYHOST.md CURLOPT_PROXY_SSL_VERIFYPEER.md CURLOPT_PROXY_TLS13_CIPHERS.md CURLOPT_PROXY_TLSAUTH_PASSWORD.md CURLOPT_PROXY_TLSAUTH_TYPE.md CURLOPT_PROXY_TLSAUTH_USERNAME.md CURLOPT_PROXY_TRANSFER_MODE.md CURLOPT_PUT.md CURLOPT_QUICK_EXIT.md CURLOPT_QUOTE.md CURLOPT_RANDOM_FILE.md CURLOPT_RANGE.md CURLOPT_READDATA.md CURLOPT_READFUNCTION.md CURLOPT_REDIR_PROTOCOLS.md CURLOPT_REDIR_PROTOCOLS_STR.md CURLOPT_REFERER.md CURLOPT_REQUEST_TARGET.md CURLOPT_RESOLVE.md CURLOPT_RESOLVER_START_DATA.md CURLOPT_RESOLVER_START_FUNCTION.md CURLOPT_RESUME_FROM.md CURLOPT_RESUME_FROM_LARGE.md CURLOPT_RTSP_CLIENT_CSEQ.md CURLOPT_RTSP_REQUEST.md CURLOPT_RTSP_SERVER_CSEQ.md CURLOPT_RTSP_SESSION_ID.md CURLOPT_RTSP_STREAM_URI.md CURLOPT_RTSP_TRANSPORT.md CURLOPT_SASL_AUTHZID.md CURLOPT_SASL_IR.md CURLOPT_SEEKDATA.md CURLOPT_SEEKFUNCTION.md CURLOPT_SERVER_RESPONSE_TIMEOUT.md CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.md CURLOPT_SERVICE_NAME.md CURLOPT_SHARE.md CURLOPT_SOCKOPTDATA.md CURLOPT_SOCKOPTFUNCTION.md CURLOPT_SOCKS5_AUTH.md CURLOPT_SOCKS5_GSSAPI_NEC.md CURLOPT_SOCKS5_GSSAPI_SERVICE.md CURLOPT_SSH_AUTH_TYPES.md CURLOPT_SSH_COMPRESSION.md CURLOPT_SSH_HOSTKEYDATA.md CURLOPT_SSH_HOSTKEYFUNCTION.md CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.md CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.md CURLOPT_SSH_KEYDATA.md CURLOPT_SSH_KEYFUNCTION.md CURLOPT_SSH_KNOWNHOSTS.md CURLOPT_SSH_PRIVATE_KEYFILE.md CURLOPT_SSH_PUBLIC_KEYFILE.md CURLOPT_SSLCERT.md CURLOPT_SSLCERTTYPE.md CURLOPT_SSLCERT_BLOB.md CURLOPT_SSLENGINE.md CURLOPT_SSLENGINE_DEFAULT.md CURLOPT_SSLKEY.md CURLOPT_SSLKEYTYPE.md CURLOPT_SSLKEY_BLOB.md CURLOPT_SSLVERSION.md CURLOPT_SSL_CIPHER_LIST.md CURLOPT_SSL_CTX_DATA.md CURLOPT_SSL_CTX_FUNCTION.md CURLOPT_SSL_EC_CURVES.md CURLOPT_SSL_ENABLE_ALPN.md CURLOPT_SSL_ENABLE_NPN.md CURLOPT_SSL_FALSESTART.md CURLOPT_SSL_OPTIONS.md CURLOPT_SSL_SESSIONID_CACHE.md CURLOPT_SSL_SIGNATURE_ALGORITHMS.md CURLOPT_SSL_VERIFYHOST.md CURLOPT_SSL_VERIFYPEER.md CURLOPT_SSL_VERIFYSTATUS.md CURLOPT_STDERR.md CURLOPT_STREAM_DEPENDS.md CURLOPT_STREAM_DEPENDS_E.md CURLOPT_STREAM_WEIGHT.md CURLOPT_SUPPRESS_CONNECT_HEADERS.md CURLOPT_TCP_FASTOPEN.md CURLOPT_TCP_KEEPALIVE.md CURLOPT_TCP_KEEPCNT.md CURLOPT_TCP_KEEPIDLE.md CURLOPT_TCP_KEEPINTVL.md CURLOPT_TCP_NODELAY.md CURLOPT_TELNETOPTIONS.md CURLOPT_TFTP_BLKSIZE.md CURLOPT_TFTP_NO_OPTIONS.md CURLOPT_TIMECONDITION.md CURLOPT_TIMEOUT.md CURLOPT_TIMEOUT_MS.md CURLOPT_TIMEVALUE.md CURLOPT_TIMEVALUE_LARGE.md CURLOPT_TLS13_CIPHERS.md CURLOPT_TLSAUTH_PASSWORD.md CURLOPT_TLSAUTH_TYPE.md CURLOPT_TLSAUTH_USERNAME.md CURLOPT_TRAILERDATA.md CURLOPT_TRAILERFUNCTION.md CURLOPT_TRANSFERTEXT.md CURLOPT_TRANSFER_ENCODING.md CURLOPT_UNIX_SOCKET_PATH.md CURLOPT_UNRESTRICTED_AUTH.md CURLOPT_UPKEEP_INTERVAL_MS.md CURLOPT_UPLOAD.md CURLOPT_UPLOAD_BUFFERSIZE.md CURLOPT_UPLOAD_FLAGS.md CURLOPT_URL.md CURLOPT_USERAGENT.md CURLOPT_USERNAME.md CURLOPT_USERPWD.md CURLOPT_USE_SSL.md CURLOPT_VERBOSE.md CURLOPT_WILDCARDMATCH.md CURLOPT_WRITEDATA.md CURLOPT_WRITEFUNCTION.md CURLOPT_WS_OPTIONS.md CURLOPT_XFERINFODATA.md CURLOPT_XFERINFOFUNCTION.md CURLOPT_XOAUTH2_BEARER.md CURLSHOPT_LOCKFUNC.md CURLSHOPT_SHARE.md CURLSHOPT_UNLOCKFUNC.md CURLSHOPT_UNSHARE.md CURLSHOPT_USERDATA.md Makefile.am Makefile.incinclude
curl
Makefile.am curl.h curlver.h easy.h header.h mprintf.h multi.h options.h stdcheaders.h system.h typecheck-gcc.h urlapi.h websockets.hlib
curlx
base64.c base64.h basename.c basename.h dynbuf.c dynbuf.h fopen.c fopen.h inet_ntop.c inet_ntop.h inet_pton.c inet_pton.h multibyte.c multibyte.h nonblock.c nonblock.h snprintf.c snprintf.h strcopy.c strcopy.h strdup.c strdup.h strerr.c strerr.h strparse.c strparse.h timediff.c timediff.h timeval.c timeval.h version_win32.c version_win32.h wait.c wait.h warnless.c warnless.h winapi.c winapi.hvauth
cleartext.c cram.c digest.c digest.h digest_sspi.c gsasl.c krb5_gssapi.c krb5_sspi.c ntlm.c ntlm_sspi.c oauth2.c spnego_gssapi.c spnego_sspi.c vauth.c vauth.hvquic
curl_ngtcp2.c curl_ngtcp2.h curl_quiche.c curl_quiche.h vquic-tls.c vquic-tls.h vquic.c vquic.h vquic_int.hvtls
apple.c apple.h cipher_suite.c cipher_suite.h gtls.c gtls.h hostcheck.c hostcheck.h keylog.c keylog.h mbedtls.c mbedtls.h openssl.c openssl.h rustls.c rustls.h schannel.c schannel.h schannel_int.h schannel_verify.c vtls.c vtls.h vtls_int.h vtls_scache.c vtls_scache.h vtls_spack.c vtls_spack.h wolfssl.c wolfssl.h x509asn1.c x509asn1.hm4
.gitignore curl-amissl.m4 curl-apple-sectrust.m4 curl-compilers.m4 curl-confopts.m4 curl-functions.m4 curl-gnutls.m4 curl-mbedtls.m4 curl-openssl.m4 curl-override.m4 curl-reentrant.m4 curl-rustls.m4 curl-schannel.m4 curl-sysconfig.m4 curl-wolfssl.m4 xc-am-iface.m4 xc-cc-check.m4 xc-lt-iface.m4 xc-val-flgs.m4 zz40-xc-ovr.m4 zz50-xc-ovr.m4projects
OS400
.checksrc README.OS400 ccsidcurl.c ccsidcurl.h config400.default curl.cmd curl.inc.in curlcl.c curlmain.c initscript.sh make-docs.sh make-include.sh make-lib.sh make-src.sh make-tests.sh makefile.sh os400sys.c os400sys.hWindows
tmpl
.gitattributes README.txt curl-all.sln curl.sln curl.vcxproj curl.vcxproj.filters libcurl.sln libcurl.vcxproj libcurl.vcxproj.filtersvms
Makefile.am backup_gnv_curl_src.com build_curl-config_script.com build_gnv_curl.com build_gnv_curl_pcsi_desc.com build_gnv_curl_pcsi_text.com build_gnv_curl_release_notes.com build_libcurl_pc.com build_vms.com clean_gnv_curl.com compare_curl_source.com config_h.com curl_crtl_init.c curl_gnv_build_steps.txt curl_release_note_start.txt curl_startup.com curlmsg.h curlmsg.msg curlmsg.sdl curlmsg_vms.h generate_config_vms_h_curl.com generate_vax_transfer.com gnv_conftest.c_first gnv_curl_configure.sh gnv_libcurl_symbols.opt gnv_link_curl.com macro32_exactcase.patch make_gnv_curl_install.sh make_pcsi_curl_kit_name.com pcsi_gnv_curl_file_list.txt pcsi_product_gnv_curl.com readme report_openssl_version.c setup_gnv_curl_build.com stage_curl_install.com vms_eco_level.hscripts
.checksrc CMakeLists.txt Makefile.am badwords badwords-all badwords.txt cd2cd cd2nroff cdall checksrc-all.pl checksrc.pl cmakelint.sh completion.pl contributors.sh contrithanks.sh coverage.sh delta dmaketgz extract-unit-protos firefox-db2pem.sh installcheck.sh maketgz managen mdlinkcheck mk-ca-bundle.pl mk-unity.pl nroff2cd perlcheck.sh pythonlint.sh randdisable release-notes.pl release-tools.sh schemetable.c singleuse.pl spacecheck.pl top-complexity top-length verify-release wcurlsrc
.checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc config2setopts.c config2setopts.h curl.rc curlinfo.c mk-file-embed.pl mkhelp.pl slist_wc.c slist_wc.h terminal.c terminal.h tool_cb_dbg.c tool_cb_dbg.h tool_cb_hdr.c tool_cb_hdr.h tool_cb_prg.c tool_cb_prg.h tool_cb_rea.c tool_cb_rea.h tool_cb_see.c tool_cb_see.h tool_cb_soc.c tool_cb_soc.h tool_cb_wrt.c tool_cb_wrt.h tool_cfgable.c tool_cfgable.h tool_dirhie.c tool_dirhie.h tool_doswin.c tool_doswin.h tool_easysrc.c tool_easysrc.h tool_filetime.c tool_filetime.h tool_findfile.c tool_findfile.h tool_formparse.c tool_formparse.h tool_getparam.c tool_getparam.h tool_getpass.c tool_getpass.h tool_help.c tool_help.h tool_helpers.c tool_helpers.h tool_hugehelp.h tool_ipfs.c tool_ipfs.h tool_libinfo.c tool_libinfo.h tool_listhelp.c tool_main.c tool_main.h tool_msgs.c tool_msgs.h tool_operate.c tool_operate.h tool_operhlp.c tool_operhlp.h tool_paramhlp.c tool_paramhlp.h tool_parsecfg.c tool_parsecfg.h tool_progress.c tool_progress.h tool_sdecls.h tool_setopt.c tool_setopt.h tool_setup.h tool_ssls.c tool_ssls.h tool_stderr.c tool_stderr.h tool_urlglob.c tool_urlglob.h tool_util.c tool_util.h tool_version.h tool_vms.c tool_vms.h tool_writeout.c tool_writeout.h tool_writeout_json.c tool_writeout_json.h tool_xattr.c tool_xattr.h var.c var.htests
certs
.gitignore CMakeLists.txt Makefile.am Makefile.inc genserv.pl srp-verifier-conf srp-verifier-db test-ca.cnf test-ca.prm test-client-cert.prm test-client-eku-only.prm test-localhost-san-first.prm test-localhost-san-last.prm test-localhost.nn.prm test-localhost.prm test-localhost0h.prmdata
.gitignore DISABLED Makefile.am data-xml1 data1400.c data1401.c data1402.c data1403.c data1404.c data1405.c data1406.c data1407.c data1420.c data1461.txt data1463.txt data1465.c data1481.c data1705-1.md data1705-2.md data1705-3.md data1705-4.md data1705-stdout.1 data1706-1.md data1706-2.md data1706-3.md data1706-4.md data1706-stdout.txt data320.html test1 test10 test100 test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 test1008 test1009 test101 test1010 test1011 test1012 test1013 test1014 test1015 test1016 test1017 test1018 test1019 test102 test1020 test1021 test1022 test1023 test1024 test1025 test1026 test1027 test1028 test1029 test103 test1030 test1031 test1032 test1033 test1034 test1035 test1036 test1037 test1038 test1039 test104 test1040 test1041 test1042 test1043 test1044 test1045 test1046 test1047 test1048 test1049 test105 test1050 test1051 test1052 test1053 test1054 test1055 test1056 test1057 test1058 test1059 test106 test1060 test1061 test1062 test1063 test1064 test1065 test1066 test1067 test1068 test1069 test107 test1070 test1071 test1072 test1073 test1074 test1075 test1076 test1077 test1078 test1079 test108 test1080 test1081 test1082 test1083 test1084 test1085 test1086 test1087 test1088 test1089 test109 test1090 test1091 test1092 test1093 test1094 test1095 test1096 test1097 test1098 test1099 test11 test110 test1100 test1101 test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 test111 test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 test1118 test1119 test112 test1120 test1121 test1122 test1123 test1124 test1125 test1126 test1127 test1128 test1129 test113 test1130 test1131 test1132 test1133 test1134 test1135 test1136 test1137 test1138 test1139 test114 test1140 test1141 test1142 test1143 test1144 test1145 test1146 test1147 test1148 test1149 test115 test1150 test1151 test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 test116 test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 test1168 test1169 test117 test1170 test1171 test1172 test1173 test1174 test1175 test1176 test1177 test1178 test1179 test118 test1180 test1181 test1182 test1183 test1184 test1185 test1186 test1187 test1188 test1189 test119 test1190 test1191 test1192 test1193 test1194 test1195 test1196 test1197 test1198 test1199 test12 test120 test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 test1208 test1209 test121 test1210 test1211 test1212 test1213 test1214 test1215 test1216 test1217 test1218 test1219 test122 test1220 test1221 test1222 test1223 test1224 test1225 test1226 test1227 test1228 test1229 test123 test1230 test1231 test1232 test1233 test1234 test1235 test1236 test1237 test1238 test1239 test124 test1240 test1241 test1242 test1243 test1244 test1245 test1246 test1247 test1248 test1249 test125 test1250 test1251 test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 test126 test1260 test1261 test1262 test1263 test1264 test1265 test1266 test1267 test1268 test1269 test127 test1270 test1271 test1272 test1273 test1274 test1275 test1276 test1277 test1278 test1279 test128 test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 test1288 test1289 test129 test1290 test1291 test1292 test1293 test1294 test1295 test1296 test1297 test1298 test1299 test13 test130 test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308 test1309 test131 test1310 test1311 test1312 test1313 test1314 test1315 test1316 test1317 test1318 test1319 test132 test1320 test1321 test1322 test1323 test1324 test1325 test1326 test1327 test1328 test1329 test133 test1330 test1331 test1332 test1333 test1334 test1335 test1336 test1337 test1338 test1339 test134 test1340 test1341 test1342 test1343 test1344 test1345 test1346 test1347 test1348 test1349 test135 test1350 test1351 test1352 test1353 test1354 test1355 test1356 test1357 test1358 test1359 test136 test1360 test1361 test1362 test1363 test1364 test1365 test1366 test1367 test1368 test1369 test137 test1370 test1371 test1372 test1373 test1374 test1375 test1376 test1377 test1378 test1379 test138 test1380 test1381 test1382 test1383 test1384 test1385 test1386 test1387 test1388 test1389 test139 test1390 test1391 test1392 test1393 test1394 test1395 test1396 test1397 test1398 test1399 test14 test140 test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 test1408 test1409 test141 test1410 test1411 test1412 test1413 test1414 test1415 test1416 test1417 test1418 test1419 test142 test1420 test1421 test1422 test1423 test1424 test1425 test1426 test1427 test1428 test1429 test143 test1430 test1431 test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 test144 test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 test1448 test1449 test145 test1450 test1451 test1452 test1453 test1454 test1455 test1456 test1457 test1458 test1459 test146 test1460 test1461 test1462 test1463 test1464 test1465 test1466 test1467 test1468 test1469 test147 test1470 test1471 test1472 test1473 test1474 test1475 test1476 test1477 test1478 test1479 test148 test1480 test1481 test1482 test1483 test1484 test1485 test1486 test1487 test1488 test1489 test149 test1490 test1491 test1492 test1493 test1494 test1495 test1496 test1497 test1498 test1499 test15 test150 test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 test1508 test1509 test151 test1510 test1511 test1512 test1513 test1514 test1515 test1516 test1517 test1518 test1519 test152 test1520 test1521 test1522 test1523 test1524 test1525 test1526 test1527 test1528 test1529 test153 test1530 test1531 test1532 test1533 test1534 test1535 test1536 test1537 test1538 test1539 test154 test1540 test1541 test1542 test1543 test1544 test1545 test1546 test1547 test1548 test1549 test155 test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 test1558 test1559 test156 test1560 test1561 test1562 test1563 test1564 test1565 test1566 test1567 test1568 test1569 test157 test1570 test1571 test1572 test1573 test1574 test1575 test1576 test1577 test1578 test1579 test158 test1580 test1581 test1582 test1583 test1584 test1585 test1586 test1587 test1588 test1589 test159 test1590 test1591 test1592 test1593 test1594 test1595 test1596 test1597 test1598 test1599 test16 test160 test1600 test1601 test1602 test1603 test1604 test1605 test1606 test1607 test1608 test1609 test161 test1610 test1611 test1612 test1613 test1614 test1615 test1616 test1617 test1618 test1619 test162 test1620 test1621 test1622 test1623 test1624 test1625 test1626 test1627 test1628 test1629 test163 test1630 test1631 test1632 test1633 test1634 test1635 test1636 test1637 test1638 test1639 test164 test1640 test1641 test1642 test1643 test1644 test1645 test165 test1650 test1651 test1652 test1653 test1654 test1655 test1656 test1657 test1658 test1659 test166 test1660 test1661 test1662 test1663 test1664 test1665 test1666 test1667 test1668 test1669 test167 test1670 test1671 test1672 test1673 test1674 test1675 test1676 test168 test1680 test1681 test1682 test1683 test1684 test1685 test169 test17 test170 test1700 test1701 test1702 test1703 test1704 test1705 test1706 test1707 test1708 test1709 test171 test1710 test1711 test1712 test1713 test1714 test1715 test172 test1720 test1721 test173 test174 test175 test176 test177 test178 test179 test18 test180 test1800 test1801 test1802 test181 test182 test183 test184 test1847 test1848 test1849 test185 test1850 test1851 test186 test187 test188 test189 test19 test190 test1900 test1901 test1902 test1903 test1904 test1905 test1906 test1907 test1908 test1909 test191 test1910 test1911 test1912 test1913 test1914 test1915 test1916 test1917 test1918 test1919 test192 test1920 test1921 test193 test1933 test1934 test1935 test1936 test1937 test1938 test1939 test194 test1940 test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 test195 test1955 test1956 test1957 test1958 test1959 test196 test1960 test1964 test1965 test1966 test197 test1970 test1971 test1972 test1973 test1974 test1975 test1976 test1977 test1978 test1979 test198 test1980 test1981 test1982 test1983 test1984 test199 test2 test20 test200 test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 test2008 test2009 test201 test2010 test2011 test2012 test2013 test2014 test202 test2023 test2024 test2025 test2026 test2027 test2028 test2029 test203 test2030 test2031 test2032 test2033 test2034 test2035 test2037 test2038 test2039 test204 test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047 test2048 test2049 test205 test2050 test2051 test2052 test2053 test2054 test2055 test2056 test2057 test2058 test2059 test206 test2060 test2061 test2062 test2063 test2064 test2065 test2066 test2067 test2068 test2069 test207 test2070 test2071 test2072 test2073 test2074 test2075 test2076 test2077 test2078 test2079 test208 test2080 test2081 test2082 test2083 test2084 test2085 test2086 test2087 test2088 test2089 test209 test2090 test2091 test2092 test21 test210 test2100 test2101 test2102 test2103 test2104 test211 test212 test213 test214 test215 test216 test217 test218 test219 test22 test220 test2200 test2201 test2202 test2203 test2204 test2205 test2206 test2207 test221 test222 test223 test224 test225 test226 test227 test228 test229 test23 test230 test2300 test2301 test2302 test2303 test2304 test2306 test2307 test2308 test2309 test231 test232 test233 test234 test235 test236 test237 test238 test239 test24 test240 test2400 test2401 test2402 test2403 test2404 test2405 test2406 test2407 test2408 test2409 test241 test2410 test2411 test242 test243 test244 test245 test246 test247 test248 test249 test25 test250 test2500 test2501 test2502 test2503 test2504 test2505 test2506 test251 test252 test253 test254 test255 test256 test257 test258 test259 test26 test260 test2600 test2601 test2602 test2603 test2604 test2605 test261 test262 test263 test264 test265 test266 test267 test268 test269 test27 test270 test2700 test2701 test2702 test2703 test2704 test2705 test2706 test2707 test2708 test2709 test271 test2710 test2711 test2712 test2713 test2714 test2715 test2716 test2717 test2718 test2719 test272 test2720 test2721 test2722 test2723 test273 test274 test275 test276 test277 test278 test279 test28 test280 test281 test282 test283 test284 test285 test286 test287 test288 test289 test29 test290 test291 test292 test293 test294 test295 test296 test297 test298 test299 test3 test30 test300 test3000 test3001 test3002 test3003 test3004 test3005 test3006 test3007 test3008 test3009 test301 test3010 test3011 test3012 test3013 test3014 test3015 test3016 test3017 test3018 test3019 test302 test3020 test3021 test3022 test3023 test3024 test3025 test3026 test3027 test3028 test3029 test303 test3030 test3031 test3032 test3033 test3034 test3035 test3036 test304 test305 test306 test307 test308 test309 test31 test310 test3100 test3101 test3102 test3103 test3104 test3105 test3106 test311 test312 test313 test314 test315 test316 test317 test318 test319 test32 test320 test3200 test3201 test3202 test3203 test3204 test3205 test3206 test3207 test3208 test3209 test321 test3210 test3211 test3212 test3213 test3214 test3215 test3216 test3217 test3218 test3219 test322 test3220 test323 test324 test325 test326 test327 test328 test329 test33 test330 test3300 test3301 test3302 test331 test332 test333 test334 test335 test336 test337 test338 test339 test34 test340 test341 test342 test343 test344 test345 test346 test347 test348 test349 test35 test350 test351 test352 test353 test354 test355 test356 test357 test358 test359 test36 test360 test361 test362 test363 test364 test365 test366 test367 test368 test369 test37 test370 test371 test372 test373 test374 test375 test376 test378 test379 test38 test380 test381 test383 test384 test385 test386 test387 test388 test389 test39 test390 test391 test392 test393 test394 test395 test396 test397 test398 test399 test4 test40 test400 test4000 test4001 test401 test402 test403 test404 test405 test406 test407 test408 test409 test41 test410 test411 test412 test413 test414 test415 test416 test417 test418 test419 test42 test420 test421 test422 test423 test424 test425 test426 test427 test428 test429 test43 test430 test431 test432 test433 test434 test435 test436 test437 test438 test439 test44 test440 test441 test442 test443 test444 test445 test446 test447 test448 test449 test45 test450 test451 test452 test453 test454 test455 test456 test457 test458 test459 test46 test460 test461 test462 test463 test467 test468 test469 test47 test470 test471 test472 test473 test474 test475 test476 test477 test478 test479 test48 test480 test481 test482 test483 test484 test485 test486 test487 test488 test489 test49 test490 test491 test492 test493 test494 test495 test496 test497 test498 test499 test5 test50 test500 test501 test502 test503 test504 test505 test506 test507 test508 test509 test51 test510 test511 test512 test513 test514 test515 test516 test517 test518 test519 test52 test520 test521 test522 test523 test524 test525 test526 test527 test528 test529 test53 test530 test531 test532 test533 test534 test535 test536 test537 test538 test539 test54 test540 test541 test542 test543 test544 test545 test546 test547 test548 test549 test55 test550 test551 test552 test553 test554 test555 test556 test557 test558 test559 test56 test560 test561 test562 test563 test564 test565 test566 test567 test568 test569 test57 test570 test571 test572 test573 test574 test575 test576 test577 test578 test579 test58 test580 test581 test582 test583 test584 test585 test586 test587 test588 test589 test59 test590 test591 test592 test593 test594 test595 test596 test597 test598 test599 test6 test60 test600 test601 test602 test603 test604 test605 test606 test607 test608 test609 test61 test610 test611 test612 test613 test614 test615 test616 test617 test618 test619 test62 test620 test621 test622 test623 test624 test625 test626 test627 test628 test629 test63 test630 test631 test632 test633 test634 test635 test636 test637 test638 test639 test64 test640 test641 test642 test643 test644 test645 test646 test647 test648 test649 test65 test650 test651 test652 test653 test654 test655 test656 test658 test659 test66 test660 test661 test662 test663 test664 test665 test666 test667 test668 test669 test67 test670 test671 test672 test673 test674 test675 test676 test677 test678 test679 test68 test680 test681 test682 test683 test684 test685 test686 test687 test688 test689 test69 test690 test691 test692 test693 test694 test695 test696 test697 test698 test699 test7 test70 test700 test701 test702 test703 test704 test705 test706 test707 test708 test709 test71 test710 test711 test712 test713 test714 test715 test716 test717 test718 test719 test72 test720 test721 test722 test723 test724 test725 test726 test727 test728 test729 test73 test730 test731 test732 test733 test734 test735 test736 test737 test738 test739 test74 test740 test741 test742 test743 test744 test745 test746 test747 test748 test749 test75 test750 test751 test752 test753 test754 test755 test756 test757 test758 test759 test76 test760 test761 test762 test763 test764 test765 test766 test767 test768 test769 test77 test770 test771 test772 test773 test774 test775 test776 test777 test778 test779 test78 test780 test781 test782 test783 test784 test785 test786 test787 test788 test789 test79 test790 test791 test792 test793 test794 test795 test796 test797 test798 test799 test8 test80 test800 test801 test802 test803 test804 test805 test806 test807 test808 test809 test81 test810 test811 test812 test813 test814 test815 test816 test817 test818 test819 test82 test820 test821 test822 test823 test824 test825 test826 test827 test828 test829 test83 test830 test831 test832 test833 test834 test835 test836 test837 test838 test839 test84 test840 test841 test842 test843 test844 test845 test846 test847 test848 test849 test85 test850 test851 test852 test853 test854 test855 test856 test857 test858 test859 test86 test860 test861 test862 test863 test864 test865 test866 test867 test868 test869 test87 test870 test871 test872 test873 test874 test875 test876 test877 test878 test879 test88 test880 test881 test882 test883 test884 test885 test886 test887 test888 test889 test89 test890 test891 test892 test893 test894 test895 test896 test897 test898 test899 test9 test90 test900 test901 test902 test903 test904 test905 test906 test907 test908 test909 test91 test910 test911 test912 test913 test914 test915 test916 test917 test918 test919 test92 test920 test921 test922 test923 test924 test925 test926 test927 test928 test929 test93 test930 test931 test932 test933 test934 test935 test936 test937 test938 test939 test94 test940 test941 test942 test943 test944 test945 test946 test947 test948 test949 test95 test950 test951 test952 test953 test954 test955 test956 test957 test958 test959 test96 test960 test961 test962 test963 test964 test965 test966 test967 test968 test969 test97 test970 test971 test972 test973 test974 test975 test976 test977 test978 test979 test98 test980 test981 test982 test983 test984 test985 test986 test987 test988 test989 test99 test990 test991 test992 test993 test994 test995 test996 test997 test998 test999http
testenv
__init__.py caddy.py certs.py client.py curl.py dante.py dnsd.py env.py httpd.py nghttpx.py ports.py sshd.py vsftpd.py ws_echo_server.pylibtest
.gitignore CMakeLists.txt Makefile.am Makefile.inc cli_ftp_upload.c cli_h2_pausing.c cli_h2_serverpush.c cli_h2_upgrade_extreme.c cli_hx_download.c cli_hx_upload.c cli_tls_session_reuse.c cli_upload_pausing.c cli_ws_data.c cli_ws_pingpong.c first.c first.h lib1156.c lib1301.c lib1308.c lib1485.c lib1500.c lib1501.c lib1502.c lib1506.c lib1507.c lib1508.c lib1509.c lib1510.c lib1511.c lib1512.c lib1513.c lib1514.c lib1515.c lib1517.c lib1518.c lib1520.c lib1522.c lib1523.c lib1525.c lib1526.c lib1527.c lib1528.c lib1529.c lib1530.c lib1531.c lib1532.c lib1533.c lib1534.c lib1535.c lib1536.c lib1537.c lib1538.c lib1540.c lib1541.c lib1542.c lib1545.c lib1549.c lib1550.c lib1551.c lib1552.c lib1553.c lib1554.c lib1555.c lib1556.c lib1557.c lib1558.c lib1559.c lib1560.c lib1564.c lib1565.c lib1567.c lib1568.c lib1569.c lib1571.c lib1576.c lib1582.c lib1587.c lib1588.c lib1589.c lib1591.c lib1592.c lib1593.c lib1594.c lib1597.c lib1598.c lib1599.c lib1662.c lib1900.c lib1901.c lib1902.c lib1903.c lib1905.c lib1906.c lib1907.c lib1908.c lib1910.c lib1911.c lib1912.c lib1913.c lib1915.c lib1916.c lib1918.c lib1919.c lib1920.c lib1921.c lib1933.c lib1934.c lib1935.c lib1936.c lib1937.c lib1938.c lib1939.c lib1940.c lib1945.c lib1947.c lib1948.c lib1955.c lib1956.c lib1957.c lib1958.c lib1959.c lib1960.c lib1964.c lib1965.c lib1970.c lib1971.c lib1972.c lib1973.c lib1974.c lib1975.c lib1977.c lib1978.c lib2023.c lib2032.c lib2082.c lib2301.c lib2302.c lib2304.c lib2306.c lib2308.c lib2309.c lib2402.c lib2404.c lib2405.c lib2502.c lib2504.c lib2505.c lib2506.c lib2700.c lib3010.c lib3025.c lib3026.c lib3027.c lib3033.c lib3034.c lib3100.c lib3101.c lib3102.c lib3103.c lib3104.c lib3105.c lib3207.c lib3208.c lib500.c lib501.c lib502.c lib503.c lib504.c lib505.c lib506.c lib507.c lib508.c lib509.c lib510.c lib511.c lib512.c lib513.c lib514.c lib515.c lib516.c lib517.c lib518.c lib519.c lib520.c lib521.c lib523.c lib524.c lib525.c lib526.c lib530.c lib533.c lib536.c lib537.c lib539.c lib540.c lib541.c lib542.c lib543.c lib544.c lib547.c lib549.c lib552.c lib553.c lib554.c lib555.c lib556.c lib557.c lib558.c lib559.c lib560.c lib562.c lib564.c lib566.c lib567.c lib568.c lib569.c lib570.c lib571.c lib572.c lib573.c lib574.c lib575.c lib576.c lib578.c lib579.c lib582.c lib583.c lib586.c lib589.c lib590.c lib591.c lib597.c lib598.c lib599.c lib643.c lib650.c lib651.c lib652.c lib653.c lib654.c lib655.c lib658.c lib659.c lib661.c lib666.c lib667.c lib668.c lib670.c lib674.c lib676.c lib677.c lib678.c lib694.c lib695.c lib751.c lib753.c lib757.c lib758.c lib766.c memptr.c mk-lib1521.pl test1013.pl test1022.pl test307.pl test610.pl test613.pl testtrace.c testtrace.h testutil.c testutil.h unitcheck.hserver
.checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc dnsd.c first.c first.h getpart.c mqttd.c resolve.c rtspd.c sockfilt.c socksd.c sws.c tftpd.c util.ctunit
.gitignore CMakeLists.txt Makefile.am Makefile.inc README.md tool1394.c tool1604.c tool1621.c tool1622.c tool1623.c tool1720.cunit
.gitignore CMakeLists.txt Makefile.am Makefile.inc README.md unit1300.c unit1302.c unit1303.c unit1304.c unit1305.c unit1307.c unit1309.c unit1323.c unit1330.c unit1395.c unit1396.c unit1397.c unit1398.c unit1399.c unit1600.c unit1601.c unit1602.c unit1603.c unit1605.c unit1606.c unit1607.c unit1608.c unit1609.c unit1610.c unit1611.c unit1612.c unit1614.c unit1615.c unit1616.c unit1620.c unit1625.c unit1626.c unit1627.c unit1636.c unit1650.c unit1651.c unit1652.c unit1653.c unit1654.c unit1655.c unit1656.c unit1657.c unit1658.c unit1660.c unit1661.c unit1663.c unit1664.c unit1666.c unit1667.c unit1668.c unit1669.c unit1674.c unit1675.c unit1676.c unit1979.c unit1980.c unit2600.c unit2601.c unit2602.c unit2603.c unit2604.c unit2605.c unit3200.c unit3205.c unit3211.c unit3212.c unit3213.c unit3214.c unit3216.c unit3219.c unit3300.c unit3301.c unit3302.cexamples
.env config.ini crypto_test.lua env_test.lua fs_example.lua http_server.lua https_test.lua ini_example.lua json.lua log.lua path_fs_example.lua process_example.lua request_download.lua request_test.lua run_all.lua sqlite_example.lua sqlite_http_template.lua stash_test.lua template_test.lua timer.lua websocket.luainiparser
example
iniexample.c iniwrite.c parse.c twisted-errors.ini twisted-genhuge.py twisted-ofkey.ini twisted-ofval.ini twisted.initest
CMakeLists.txt test_dictionary.c test_iniparser.c unity-config.yml unity_config.hjinjac
libjinjac
src
CMakeLists.txt ast.c ast.h block_statement.c block_statement.h buffer.c buffer.h buildin.c buildin.h common.h convert.c convert.h flex_decl.h jfunction.c jfunction.h jinja_expression.l jinja_expression.y jinjac_parse.c jinjac_parse.h jinjac_stream.c jinjac_stream.h jlist.c jlist.h jobject.c jobject.h parameter.c parameter.h str_obj.c str_obj.h trace.c trace.htest
.gitignore CMakeLists.txt autotest.rb test_01.expected test_01.jinja test_01b.expected test_01b.jinja test_01c.expected test_01c.jinja test_01d.expected test_01d.jinja test_02.expected test_02.jinja test_03.expected test_03.jinja test_04.expected test_04.jinja test_05.expected test_05.jinja test_06.expected test_06.jinja test_07.expected test_07.jinja test_08.expected test_08.jinja test_08b.expected test_08b.jinja test_09.expected test_09.jinja test_10.expected test_10.jinja test_11.expected test_11.jinja test_12.expected test_12.jinja test_13.expected test_13.jinja test_14.expected test_14.jinja test_15.expected test_15.jinja test_16.expected test_16.jinja test_17.expected test_17.jinja test_18.expected test_18.jinja test_18b.expected test_18b.jinja test_18c.expected test_18c.jinja test_19.expected test_19.jinja test_19b.expected test_19b.jinja test_19c.expected test_19c.jinja test_19d.expected test_19d.jinja test_19e.expected test_19e.jinja test_19f.expected test_19f.jinja test_20.expected test_20.jinja test_21.expected test_21.jinja test_22.expected test_22.jinja test_22a.expected test_22a.jinja test_22b.expected test_22b.jinja test_23.expected test_23.jinja test_24.expected test_24.jinjalibev
Changes LICENSE Makefile Makefile.am Makefile.in README Symbols.ev Symbols.event aclocal.m4 autogen.sh compile config.guess config.h config.h.in config.status config.sub configure configure.ac depcomp ev++.h ev.3 ev.c ev.h ev.pod ev_epoll.c ev_kqueue.c ev_poll.c ev_port.c ev_select.c ev_vars.h ev_win32.c ev_wrap.h event.c event.h install-sh libev.m4 libtool ltmain.sh missing mkinstalldirs stamp-h1luajit
doc
bluequad-print.css bluequad.css contact.html ext_buffer.html ext_c_api.html ext_ffi.html ext_ffi_api.html ext_ffi_semantics.html ext_ffi_tutorial.html ext_jit.html ext_profiler.html extensions.html install.html luajit.html running.html
dynasm
dasm_arm.h dasm_arm.lua dasm_arm64.h dasm_arm64.lua dasm_mips.h dasm_mips.lua dasm_mips64.lua dasm_ppc.h dasm_ppc.lua dasm_proto.h dasm_x64.lua dasm_x86.h dasm_x86.lua dynasm.luasrc
host
.gitignore README buildvm.c buildvm.h buildvm_asm.c buildvm_fold.c buildvm_lib.c buildvm_libbc.h buildvm_peobj.c genlibbc.lua genminilua.lua genversion.lua minilua.cjit
.gitignore bc.lua bcsave.lua dis_arm.lua dis_arm64.lua dis_arm64be.lua dis_mips.lua dis_mips64.lua dis_mips64el.lua dis_mips64r6.lua dis_mips64r6el.lua dis_mipsel.lua dis_ppc.lua dis_x64.lua dis_x86.lua dump.lua p.lua v.lua zone.luawolfssl
.github
workflows
ada.yml arduino.yml async-examples.yml async.yml atecc608-sim.yml bind.yml cmake-autoconf.yml cmake.yml codespell.yml coverity-scan-fixes.yml cryptocb-only.yml curl.yml cyrus-sasl.yml disable-pk-algs.yml docker-Espressif.yml docker-OpenWrt.yml emnet-nonblock.yml fil-c.yml freertos-mem-track.yml gencertbuf.yml grpc.yml haproxy.yml hostap-vm.yml intelasm-c-fallback.yml ipmitool.yml jwt-cpp.yml krb5.yml libspdm.yml libssh2.yml libvncserver.yml linuxkm.yml macos-apple-native-cert-validation.yml mbedtls.sh mbedtls.yml membrowse-comment.yml membrowse-onboard.yml membrowse-report.yml memcached.sh memcached.yml mono.yml mosquitto.yml msmtp.yml msys2.yml multi-arch.yml multi-compiler.yml net-snmp.yml nginx.yml no-malloc.yml no-tls.yml nss.sh nss.yml ntp.yml ocsp.yml openldap.yml openssh.yml openssl-ech.yml opensslcoexist.yml openvpn.yml os-check.yml packaging.yml pam-ipmi.yml pq-all.yml pr-commit-check.yml psk.yml puf.yml python.yml rng-tools.yml rust-wrapper.yml se050-sim.yml smallStackSize.yml socat.yml softhsm.yml sssd.yml stm32-sim.yml stsafe-a120-sim.yml stunnel.yml symbol-prefixes.yml threadx.yml tls-anvil.yml trackmemory.yml watcomc.yml win-csharp-test.yml wolfCrypt-Wconversion.yml wolfboot-integration.yml wolfsm.yml xcode.yml zephyr-4.x.yml zephyr.ymlIDE
ARDUINO
Arduino_README_prepend.md README.md include.am keywords.txt library.properties.template wolfssl-arduino.cpp wolfssl-arduino.sh wolfssl.hECLIPSE
Espressif
ESP-IDF
examples
template
CMakeLists.txt Makefile README.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp8266wolfssl_benchmark
VisualGDB
wolfssl_benchmark_IDF_v4.4_ESP32.sln wolfssl_benchmark_IDF_v4.4_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32.sln wolfssl_benchmark_IDF_v5_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32C3.sln wolfssl_benchmark_IDF_v5_ESP32C3.vgdbproj wolfssl_benchmark_IDF_v5_ESP32S3.sln wolfssl_benchmark_IDF_v5_ESP32S3.vgdbprojwolfssl_client
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_client_ESP8266.vgdbprojwolfssl_server
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_server_ESP8266.vgdbprojwolfssl_test
VisualGDB
wolfssl_test-IDF_v5_ESP32.sln wolfssl_test-IDF_v5_ESP32.vgdbproj wolfssl_test-IDF_v5_ESP32C3.sln wolfssl_test-IDF_v5_ESP32C3.vgdbproj wolfssl_test-IDF_v5_ESP32C6.sln wolfssl_test-IDF_v5_ESP32C6.vgdbproj wolfssl_test_IDF_v5_ESP32S3.sln wolfssl_test_IDF_v5_ESP32S3.vgdbprojGCC-ARM
Makefile Makefile.bench Makefile.client Makefile.common Makefile.server Makefile.static Makefile.test README.md include.am linker.ld linker_fips.ldIAR-EWARM
embOS
SAMV71_XULT
embOS_SAMV71_XULT_user_settings
user_settings.h user_settings_simple_example.h user_settings_verbose_example.hembOS_wolfcrypt_benchmark_SAMV71_XULT
README_wolfcrypt_benchmark wolfcrypt_benchmark.ewd wolfcrypt_benchmark.ewpINTIME-RTOS
Makefile README.md include.am libwolfssl.c libwolfssl.vcxproj user_settings.h wolfExamples.c wolfExamples.h wolfExamples.sln wolfExamples.vcxproj wolfssl-lib.sln wolfssl-lib.vcxprojMQX
Makefile README-jp.md README.md client-tls.c include.am server-tls.c user_config.h user_settings.hMSVS-2019-AZSPHERE
wolfssl_new_azsphere
.gitignore CMakeLists.txt CMakeSettings.json app_manifest.json applibs_versions.h launch.vs.json main.cNETOS
Makefile.wolfcrypt.inc README.md include.am user_settings.h user_settings.h-cert2425 user_settings.h-cert3389 wolfssl_netos_custom.cPlatformIO
examples
wolfssl_benchmark
CMakeLists.txt README.md platformio.ini sdkconfig.defaults wolfssl_benchmark.code-workspaceROWLEY-CROSSWORKS-ARM
Kinetis_FlashPlacement.xml README.md arm_startup.c benchmark_main.c hw.h include.am kinetis_hw.c retarget.c test_main.c user_settings.h wolfssl.hzp wolfssl_ltc.hzpRenesas
e2studio
RA6M3
README.md README_APRA6M_en.md README_APRA6M_jp.md include.amRX72N
EnvisionKit
Simple
README_EN.md README_JP.mdwolfssl_demo
key_data.c key_data.h user_settings.h wolfssl_demo.c wolfssl_demo.h wolfssl_tsip_unit_test.cSTM32Cube
README.md STM32_Benchmarks.md default_conf.ftl include.am main.c wolfssl_example.c wolfssl_example.hWIN
README.txt include.am test.vcxproj user_settings.h user_settings_dtls.h wolfssl-fips.sln wolfssl-fips.vcxprojWIN-SRTP-KDF-140-3
README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxprojWIN10
README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxprojXCODE
Benchmark
include.amXilinxSDK
README.md bench.sh combine.sh eclipse_formatter_profile.xml graph.sh include.am user_settings.h wolfssl_example.capple-universal
wolfssl-multiplatform
iotsafe
Makefile README.md ca-cert.c devices.c devices.h include.am main.c memory-tls.c startup.c target.ld user_settings.hmynewt
README.md apps.wolfcrypttest.pkg.yml crypto.wolfssl.pkg.yml crypto.wolfssl.syscfg.yml include.am setup.shcerts
1024
ca-cert.der ca-cert.pem ca-key.der ca-key.pem client-cert.der client-cert.pem client-key.der client-key.pem client-keyPub.der dh1024.der dh1024.pem dsa-pub-1024.pem dsa1024.der dsa1024.pem include.am rsa1024.der server-cert.der server-cert.pem server-key.der server-key.pemcrl
extra-crls
ca-int-cert-revoked.pem claim-root.pem crl_critical_entry.pem crlnum_57oct.pem crlnum_64oct.pem general-server-crl.pem large_crlnum.pem large_crlnum2.pemdilithium
bench_dilithium_level2_key.der bench_dilithium_level3_key.der bench_dilithium_level5_key.der include.amecc
bp256r1-key.der bp256r1-key.pem ca-secp256k1-cert.pem ca-secp256k1-key.pem client-bp256r1-cert.der client-bp256r1-cert.pem client-secp256k1-cert.der client-secp256k1-cert.pem genecc.sh include.am secp256k1-key.der secp256k1-key.pem secp256k1-param.pem secp256k1-privkey.der secp256k1-privkey.pem server-bp256r1-cert.der server-bp256r1-cert.pem server-secp256k1-cert.der server-secp256k1-cert.pem server2-secp256k1-cert.der server2-secp256k1-cert.pem wolfssl.cnf wolfssl_384.cnfed25519
ca-ed25519-key.der ca-ed25519-key.pem ca-ed25519-priv.der ca-ed25519-priv.pem ca-ed25519.der ca-ed25519.pem client-ed25519-key.der client-ed25519-key.pem client-ed25519-priv.der client-ed25519-priv.pem client-ed25519.der client-ed25519.pem eddsa-ed25519.der eddsa-ed25519.pem gen-ed25519-certs.sh gen-ed25519-keys.sh gen-ed25519.sh include.am root-ed25519-key.der root-ed25519-key.pem root-ed25519-priv.der root-ed25519-priv.pem root-ed25519.der root-ed25519.pem server-ed25519-cert.pem server-ed25519-key.der server-ed25519-key.pem server-ed25519-priv.der server-ed25519-priv.pem server-ed25519.der server-ed25519.pemed448
ca-ed448-key.der ca-ed448-key.pem ca-ed448-priv.der ca-ed448-priv.pem ca-ed448.der ca-ed448.pem client-ed448-key.der client-ed448-key.pem client-ed448-priv.der client-ed448-priv.pem client-ed448.der client-ed448.pem gen-ed448-certs.sh gen-ed448-keys.sh include.am root-ed448-key.der root-ed448-key.pem root-ed448-priv.der root-ed448-priv.pem root-ed448.der root-ed448.pem server-ed448-cert.pem server-ed448-key.der server-ed448-key.pem server-ed448-priv.der server-ed448-priv.pem server-ed448.der server-ed448.pemexternal
DigiCertGlobalRootCA.pem README.txt ca-digicert-ev.pem ca-globalsign-root.pem ca-google-root.pem ca_collection.pem include.amintermediate
ca_false_intermediate
gentestcert.sh int_ca.key server.key test_ca.key test_ca.pem test_int_not_cacert.pem test_sign_bynoca_srv.pem wolfssl_base.conf wolfssl_srv.conflms
bc_hss_L2_H5_W8_root.der bc_hss_L3_H5_W4_root.der bc_lms_chain_ca.der bc_lms_chain_leaf.der bc_lms_native_bc_root.der bc_lms_sha256_h10_w8_root.der bc_lms_sha256_h5_w4_root.der include.ammldsa
README.txt include.am mldsa44-cert.der mldsa44-cert.pem mldsa44-key.pem mldsa44_bare-priv.der mldsa44_bare-seed.der mldsa44_oqskeypair.der mldsa44_priv-only.der mldsa44_pub-spki.der mldsa44_seed-only.der mldsa44_seed-priv.der mldsa65-cert.der mldsa65-cert.pem mldsa65-key.pem mldsa65_bare-priv.der mldsa65_bare-seed.der mldsa65_oqskeypair.der mldsa65_priv-only.der mldsa65_pub-spki.der mldsa65_seed-only.der mldsa65_seed-priv.der mldsa87-cert.der mldsa87-cert.pem mldsa87-key.pem mldsa87_bare-priv.der mldsa87_bare-seed.der mldsa87_oqskeypair.der mldsa87_priv-only.der mldsa87_pub-spki.der mldsa87_seed-only.der mldsa87_seed-priv.derocsp
imposter-root-ca-cert.der imposter-root-ca-cert.pem imposter-root-ca-key.der imposter-root-ca-key.pem include.am index-ca-and-intermediate-cas.txt index-ca-and-intermediate-cas.txt.attr index-intermediate1-ca-issued-certs.txt index-intermediate1-ca-issued-certs.txt.attr index-intermediate2-ca-issued-certs.txt index-intermediate2-ca-issued-certs.txt.attr index-intermediate3-ca-issued-certs.txt index-intermediate3-ca-issued-certs.txt.attr intermediate1-ca-cert.der intermediate1-ca-cert.pem intermediate1-ca-key.der intermediate1-ca-key.pem intermediate2-ca-cert.der intermediate2-ca-cert.pem intermediate2-ca-key.der intermediate2-ca-key.pem intermediate3-ca-cert.der intermediate3-ca-cert.pem intermediate3-ca-key.der intermediate3-ca-key.pem ocsp-responder-cert.der ocsp-responder-cert.pem ocsp-responder-key.der ocsp-responder-key.pem openssl.cnf renewcerts-for-test.sh renewcerts.sh root-ca-cert.der root-ca-cert.pem root-ca-crl.pem root-ca-key.der root-ca-key.pem server1-cert.der server1-cert.pem server1-chain-noroot.pem server1-key.der server1-key.pem server2-cert.der server2-cert.pem server2-key.der server2-key.pem server3-cert.der server3-cert.pem server3-key.der server3-key.pem server4-cert.der server4-cert.pem server4-key.der server4-key.pem server5-cert.der server5-cert.pem server5-key.der server5-key.pem test-leaf-response.der test-multi-response.der test-response-nointern.der test-response-rsapss.der test-response.derp521
ca-p521-key.der ca-p521-key.pem ca-p521-priv.der ca-p521-priv.pem ca-p521.der ca-p521.pem client-p521-key.der client-p521-key.pem client-p521-priv.der client-p521-priv.pem client-p521.der client-p521.pem gen-p521-certs.sh gen-p521-keys.sh include.am root-p521-key.der root-p521-key.pem root-p521-priv.der root-p521-priv.pem root-p521.der root-p521.pem server-p521-cert.pem server-p521-key.der server-p521-key.pem server-p521-priv.der server-p521-priv.pem server-p521.der server-p521.pemrpk
client-cert-rpk.der client-ecc-cert-rpk.der include.am server-cert-rpk.der server-ecc-cert-rpk.derrsapss
ca-3072-rsapss-key.der ca-3072-rsapss-key.pem ca-3072-rsapss-priv.der ca-3072-rsapss-priv.pem ca-3072-rsapss.der ca-3072-rsapss.pem ca-rsapss-key.der ca-rsapss-key.pem ca-rsapss-priv.der ca-rsapss-priv.pem ca-rsapss.der ca-rsapss.pem client-3072-rsapss-key.der client-3072-rsapss-key.pem client-3072-rsapss-priv.der client-3072-rsapss-priv.pem client-3072-rsapss.der client-3072-rsapss.pem client-rsapss-key.der client-rsapss-key.pem client-rsapss-priv.der client-rsapss-priv.pem client-rsapss.der client-rsapss.pem gen-rsapss-keys.sh include.am renew-rsapss-certs.sh root-3072-rsapss-key.der root-3072-rsapss-key.pem root-3072-rsapss-priv.der root-3072-rsapss-priv.pem root-3072-rsapss.der root-3072-rsapss.pem root-rsapss-key.der root-rsapss-key.pem root-rsapss-priv.der root-rsapss-priv.pem root-rsapss.der root-rsapss.pem server-3072-rsapss-cert.pem server-3072-rsapss-key.der server-3072-rsapss-key.pem server-3072-rsapss-priv.der server-3072-rsapss-priv.pem server-3072-rsapss.der server-3072-rsapss.pem server-mix-rsapss-cert.pem server-rsapss-cert.pem server-rsapss-key.der server-rsapss-key.pem server-rsapss-priv.der server-rsapss-priv.pem server-rsapss.der server-rsapss.pemslhdsa
bench_slhdsa_sha2_128f_key.der bench_slhdsa_sha2_128s_key.der bench_slhdsa_sha2_192f_key.der bench_slhdsa_sha2_192s_key.der bench_slhdsa_sha2_256f_key.der bench_slhdsa_sha2_256s_key.der bench_slhdsa_shake128f_key.der bench_slhdsa_shake128s_key.der bench_slhdsa_shake192f_key.der bench_slhdsa_shake192s_key.der bench_slhdsa_shake256f_key.der bench_slhdsa_shake256s_key.der client-mldsa44-priv.pem client-mldsa44-sha2.der client-mldsa44-sha2.pem client-mldsa44-shake.der client-mldsa44-shake.pem gen-slhdsa-mldsa-certs.sh include.am root-slhdsa-sha2-128s-priv.der root-slhdsa-sha2-128s-priv.pem root-slhdsa-sha2-128s.der root-slhdsa-sha2-128s.pem root-slhdsa-shake-128s-priv.der root-slhdsa-shake-128s-priv.pem root-slhdsa-shake-128s.der root-slhdsa-shake-128s.pem server-mldsa44-priv.pem server-mldsa44-sha2.der server-mldsa44-sha2.pem server-mldsa44-shake.der server-mldsa44-shake.pemsm2
ca-sm2-key.der ca-sm2-key.pem ca-sm2-priv.der ca-sm2-priv.pem ca-sm2.der ca-sm2.pem client-sm2-key.der client-sm2-key.pem client-sm2-priv.der client-sm2-priv.pem client-sm2.der client-sm2.pem fix_sm2_spki.py gen-sm2-certs.sh gen-sm2-keys.sh include.am root-sm2-key.der root-sm2-key.pem root-sm2-priv.der root-sm2-priv.pem root-sm2.der root-sm2.pem self-sm2-cert.pem self-sm2-key.pem self-sm2-priv.pem server-sm2-cert.der server-sm2-cert.pem server-sm2-key.der server-sm2-key.pem server-sm2-priv.der server-sm2-priv.pem server-sm2.der server-sm2.pemstatickeys
dh-ffdhe2048-params.pem dh-ffdhe2048-pub.der dh-ffdhe2048-pub.pem dh-ffdhe2048.der dh-ffdhe2048.pem ecc-secp256r1.der ecc-secp256r1.pem gen-static.sh include.am x25519-pub.der x25519-pub.pem x25519.der x25519.pemtest
catalog.txt cert-bad-neg-int.der cert-bad-oid.der cert-bad-utf8.der cert-ext-ia.cfg cert-ext-ia.der cert-ext-ia.pem cert-ext-joi.cfg cert-ext-joi.der cert-ext-joi.pem cert-ext-mnc.der cert-ext-multiple.cfg cert-ext-multiple.der cert-ext-multiple.pem cert-ext-nc-combined.der cert-ext-nc-combined.pem cert-ext-nc.cfg cert-ext-nc.der cert-ext-nc.pem cert-ext-ncdns.der cert-ext-ncdns.pem cert-ext-ncip.der cert-ext-ncip.pem cert-ext-ncmixed.der cert-ext-ncmulti.der cert-ext-ncmulti.pem cert-ext-ncrid.der cert-ext-ncrid.pem cert-ext-nct.cfg cert-ext-nct.der cert-ext-nct.pem cert-ext-ndir-exc.cfg cert-ext-ndir-exc.der cert-ext-ndir-exc.pem cert-ext-ndir.cfg cert-ext-ndir.der cert-ext-ndir.pem cert-ext-ns.der cert-over-max-altnames.cfg cert-over-max-altnames.der cert-over-max-altnames.pem cert-over-max-nc.cfg cert-over-max-nc.der cert-over-max-nc.pem client-ecc-cert-ski.hex cn-ip-literal.der cn-ip-wildcard.der crit-cert.pem crit-key.pem dh1024.der dh1024.pem dh512.der dh512.pem digsigku.pem encrypteddata.msg gen-badsig.sh gen-ext-certs.sh gen-testcerts.sh include.am kari-keyid-cms.msg ktri-keyid-cms.msg ossl-trusted-cert.pem server-badaltname.der server-badaltname.pem server-badaltnull.der server-badaltnull.pem server-badcn.der server-badcn.pem server-badcnnull.der server-badcnnull.pem server-cert-ecc-badsig.der server-cert-ecc-badsig.pem server-cert-rsa-badsig.der server-cert-rsa-badsig.pem server-duplicate-policy.pem server-garbage.der server-garbage.pem server-goodalt.der server-goodalt.pem server-goodaltwild.der server-goodaltwild.pem server-goodcn.der server-goodcn.pem server-goodcnwild.der server-goodcnwild.pem server-localhost.der server-localhost.pem smime-test-canon.p7s smime-test-multipart-badsig.p7s smime-test-multipart.p7s smime-test.p7stest-pathlen
assemble-chains.sh chainA-ICA1-key.pem chainA-ICA1-pathlen0.pem chainA-assembled.pem chainA-entity-key.pem chainA-entity.pem chainB-ICA1-key.pem chainB-ICA1-pathlen0.pem chainB-ICA2-key.pem chainB-ICA2-pathlen1.pem chainB-assembled.pem chainB-entity-key.pem chainB-entity.pem chainC-ICA1-key.pem chainC-ICA1-pathlen1.pem chainC-assembled.pem chainC-entity-key.pem chainC-entity.pem chainD-ICA1-key.pem chainD-ICA1-pathlen127.pem chainD-assembled.pem chainD-entity-key.pem chainD-entity.pem chainE-ICA1-key.pem chainE-ICA1-pathlen128.pem chainE-assembled.pem chainE-entity-key.pem chainE-entity.pem chainF-ICA1-key.pem chainF-ICA1-pathlen1.pem chainF-ICA2-key.pem chainF-ICA2-pathlen0.pem chainF-assembled.pem chainF-entity-key.pem chainF-entity.pem chainG-ICA1-key.pem chainG-ICA1-pathlen0.pem chainG-ICA2-key.pem chainG-ICA2-pathlen1.pem chainG-ICA3-key.pem chainG-ICA3-pathlen99.pem chainG-ICA4-key.pem chainG-ICA4-pathlen5.pem chainG-ICA5-key.pem chainG-ICA5-pathlen20.pem chainG-ICA6-key.pem chainG-ICA6-pathlen10.pem chainG-ICA7-key.pem chainG-ICA7-pathlen100.pem chainG-assembled.pem chainG-entity-key.pem chainG-entity.pem chainH-ICA1-key.pem chainH-ICA1-pathlen0.pem chainH-ICA2-key.pem chainH-ICA2-pathlen2.pem chainH-ICA3-key.pem chainH-ICA3-pathlen2.pem chainH-ICA4-key.pem chainH-ICA4-pathlen2.pem chainH-assembled.pem chainH-entity-key.pem chainH-entity.pem chainI-ICA1-key.pem chainI-ICA1-no_pathlen.pem chainI-ICA2-key.pem chainI-ICA2-no_pathlen.pem chainI-ICA3-key.pem chainI-ICA3-pathlen2.pem chainI-assembled.pem chainI-entity-key.pem chainI-entity.pem chainJ-ICA1-key.pem chainJ-ICA1-no_pathlen.pem chainJ-ICA2-key.pem chainJ-ICA2-no_pathlen.pem chainJ-ICA3-key.pem chainJ-ICA3-no_pathlen.pem chainJ-ICA4-key.pem chainJ-ICA4-pathlen2.pem chainJ-assembled.pem chainJ-entity-key.pem chainJ-entity.pem include.am refreshkeys.shtest-serial0
ee_normal.pem ee_serial0.pem generate_certs.sh include.am intermediate_serial0.pem root_serial0.pem root_serial0_key.pem selfsigned_nonca_serial0.pemxmss
bc_xmss_chain_ca.der bc_xmss_chain_leaf.der bc_xmss_sha2_10_256_root.der bc_xmss_sha2_16_256_root.der bc_xmssmt_sha2_20_2_256_root.der bc_xmssmt_sha2_20_4_256_root.der bc_xmssmt_sha2_40_8_256_root.der include.amcmake
Config.cmake.in README.md config.in functions.cmake include.am options.h.in wolfssl-config-version.cmake.in wolfssl-targets.cmake.indebian
changelog.in control.in copyright include.am libwolfssl-dev.install libwolfssl.install rules.indoc
dox_comments
header_files
aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h puf.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wc_she.h wc_slhdsa.h wolfio.hheader_files-ja
aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wolfio.h
examples
async
Makefile README.md async_client.c async_server.c async_tls.c async_tls.h include.am user_settings.hconfigs
README.md include.am user_settings_EBSnet.h user_settings_all.h user_settings_arduino.h user_settings_baremetal.h user_settings_ca.h user_settings_curve25519nonblock.h user_settings_dtls13.h user_settings_eccnonblock.h user_settings_espressif.h user_settings_fipsv2.h user_settings_fipsv5.h user_settings_min_ecc.h user_settings_openssl_compat.h user_settings_pkcs7.h user_settings_platformio.h user_settings_pq.h user_settings_rsa_only.h user_settings_stm32.h user_settings_template.h user_settings_tls12.h user_settings_tls13.h user_settings_wolfboot_keytools.h user_settings_wolfssh.h user_settings_wolftpm.hechoclient
echoclient.c echoclient.h echoclient.sln echoclient.vcproj echoclient.vcxproj include.am quitlinuxkm
Kbuild Makefile README.md get_thread_size.c include.am linuxkm-fips-hash-wrapper.sh linuxkm-fips-hash.c linuxkm_memory.c linuxkm_memory.h linuxkm_wc_port.h lkcapi_aes_glue.c lkcapi_dh_glue.c lkcapi_ecdh_glue.c lkcapi_ecdsa_glue.c lkcapi_glue.c lkcapi_rsa_glue.c lkcapi_sha_glue.c module_exports.c.template module_hooks.c pie_redirect_table.c wolfcrypt.lds x86_vector_register_glue.cm4
ax_add_am_macro.m4 ax_am_jobserver.m4 ax_am_macros.m4 ax_append_compile_flags.m4 ax_append_flag.m4 ax_append_link_flags.m4 ax_append_to_file.m4 ax_atomic.m4 ax_bsdkm.m4 ax_check_compile_flag.m4 ax_check_link_flag.m4 ax_compiler_version.m4 ax_count_cpus.m4 ax_create_generic_config.m4 ax_debug.m4 ax_file_escapes.m4 ax_harden_compiler_flags.m4 ax_linuxkm.m4 ax_print_to_file.m4 ax_pthread.m4 ax_require_defined.m4 ax_tls.m4 ax_vcs_checkout.m4 hexversion.m4 lib_socket_nsl.m4 visibility.m4mqx
wolfcrypt_benchmark
ReferencedRSESystems.xml wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchwolfcrypt_test
ReferencedRSESystems.xml wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchwolfssl_client
ReferencedRSESystems.xml wolfssl_client_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchscripts
aria-cmake-build-test.sh asn1_oid_sum.pl benchmark.test benchmark_compare.sh cleanup_testfiles.sh crl-gen-openssl.test crl-revoked.test dertoc.pl dtls.test dtlscid.test external.test google.test include.am makedistsmall.sh memtest.sh ocsp-responder-openssl-interop.test ocsp-stapling-with-ca-as-responder.test ocsp-stapling-with-wolfssl-responder.test ocsp-stapling.test ocsp-stapling2.test ocsp-stapling_tls13multi.test ocsp.test openssl.test openssl_srtp.test pem.test ping.test pkcallbacks.test psk.test resume.test rsapss.test sniffer-gen.sh sniffer-ipv6.pcap sniffer-static-rsa.pcap sniffer-testsuite.test sniffer-tls12-keylog.out sniffer-tls12-keylog.pcap sniffer-tls12-keylog.sslkeylog sniffer-tls13-dh-resume.pcap sniffer-tls13-dh.pcap sniffer-tls13-ecc-resume.pcap sniffer-tls13-ecc.pcap sniffer-tls13-hrr.pcap sniffer-tls13-keylog.out sniffer-tls13-keylog.pcap sniffer-tls13-keylog.sslkeylog sniffer-tls13-x25519-resume.pcap sniffer-tls13-x25519.pcap stm32l4-v4_0_1_build.sh tls13.test trusted_peer.test unit.test.in user_settings_asm.shsrc
bio.c conf.c crl.c dtls.c dtls13.c include.am internal.c keys.c ocsp.c pk.c pk_ec.c pk_rsa.c quic.c sniffer.c ssl.c ssl_api_cert.c ssl_api_crl_ocsp.c ssl_api_pk.c ssl_asn1.c ssl_bn.c ssl_certman.c ssl_crypto.c ssl_ech.c ssl_load.c ssl_misc.c ssl_p7p12.c ssl_sess.c ssl_sk.c tls.c tls13.c wolfio.c x509.c x509_str.ctests
api
api.h api_decl.h create_ocsp_test_blobs.py include.am test_aes.c test_aes.h test_arc4.c test_arc4.h test_ascon.c test_ascon.h test_ascon_kats.h test_asn.c test_asn.h test_blake2.c test_blake2.h test_camellia.c test_camellia.h test_certman.c test_certman.h test_chacha.c test_chacha.h test_chacha20_poly1305.c test_chacha20_poly1305.h test_cmac.c test_cmac.h test_curve25519.c test_curve25519.h test_curve448.c test_curve448.h test_des3.c test_des3.h test_dh.c test_dh.h test_digest.h test_dsa.c test_dsa.h test_dtls.c test_dtls.h test_ecc.c test_ecc.h test_ed25519.c test_ed25519.h test_ed448.c test_ed448.h test_evp.c test_evp.h test_evp_cipher.c test_evp_cipher.h test_evp_digest.c test_evp_digest.h test_evp_pkey.c test_evp_pkey.h test_hash.c test_hash.h test_hmac.c test_hmac.h test_md2.c test_md2.h test_md4.c test_md4.h test_md5.c test_md5.h test_mldsa.c test_mldsa.h test_mlkem.c test_mlkem.h test_ocsp.c test_ocsp.h test_ocsp_test_blobs.h test_ossl_asn1.c test_ossl_asn1.h test_ossl_bio.c test_ossl_bio.h test_ossl_bn.c test_ossl_bn.h test_ossl_cipher.c test_ossl_cipher.h test_ossl_dgst.c test_ossl_dgst.h test_ossl_dh.c test_ossl_dh.h test_ossl_dsa.c test_ossl_dsa.h test_ossl_ec.c test_ossl_ec.h test_ossl_ecx.c test_ossl_ecx.h test_ossl_mac.c test_ossl_mac.h test_ossl_obj.c test_ossl_obj.h test_ossl_p7p12.c test_ossl_p7p12.h test_ossl_pem.c test_ossl_pem.h test_ossl_rand.c test_ossl_rand.h test_ossl_rsa.c test_ossl_rsa.h test_ossl_sk.c test_ossl_sk.h test_ossl_x509.c test_ossl_x509.h test_ossl_x509_acert.c test_ossl_x509_acert.h test_ossl_x509_crypto.c test_ossl_x509_crypto.h test_ossl_x509_ext.c test_ossl_x509_ext.h test_ossl_x509_info.c test_ossl_x509_info.h test_ossl_x509_io.c test_ossl_x509_io.h test_ossl_x509_lu.c test_ossl_x509_lu.h test_ossl_x509_name.c test_ossl_x509_name.h test_ossl_x509_pk.c test_ossl_x509_pk.h test_ossl_x509_str.c test_ossl_x509_str.h test_ossl_x509_vp.c test_ossl_x509_vp.h test_pkcs12.c test_pkcs12.h test_pkcs7.c test_pkcs7.h test_poly1305.c test_poly1305.h test_random.c test_random.h test_rc2.c test_rc2.h test_ripemd.c test_ripemd.h test_rsa.c test_rsa.h test_sha.c test_sha.h test_sha256.c test_sha256.h test_sha3.c test_sha3.h test_sha512.c test_sha512.h test_she.c test_she.h test_signature.c test_signature.h test_slhdsa.c test_slhdsa.h test_sm2.c test_sm2.h test_sm3.c test_sm3.h test_sm4.c test_sm4.h test_tls.c test_tls.h test_tls13.c test_tls13.h test_tls_ext.c test_tls_ext.h test_wc_encrypt.c test_wc_encrypt.h test_wolfmath.c test_wolfmath.h test_x509.c test_x509.hwolfcrypt
benchmark
README.md benchmark-VS2022.sln benchmark-VS2022.vcxproj benchmark-VS2022.vcxproj.user benchmark.c benchmark.h benchmark.sln benchmark.vcproj benchmark.vcxproj include.amsrc
port
Espressif
esp_crt_bundle
README.md cacrt_all.pem cacrt_deprecated.pem cacrt_local.pem esp_crt_bundle.c gen_crt_bundle.py pio_install_cryptography.pyRenesas
README.md renesas_common.c renesas_fspsm_aes.c renesas_fspsm_rsa.c renesas_fspsm_sha.c renesas_fspsm_util.c renesas_rx64_hw_sha.c renesas_rx64_hw_util.c renesas_tsip_aes.c renesas_tsip_rsa.c renesas_tsip_sha.c renesas_tsip_util.carm
armv8-32-aes-asm.S armv8-32-aes-asm_c.c armv8-32-chacha-asm.S armv8-32-chacha-asm_c.c armv8-32-curve25519.S armv8-32-curve25519_c.c armv8-32-mlkem-asm.S armv8-32-mlkem-asm_c.c armv8-32-poly1305-asm.S armv8-32-poly1305-asm_c.c armv8-32-sha256-asm.S armv8-32-sha256-asm_c.c armv8-32-sha3-asm.S armv8-32-sha3-asm_c.c armv8-32-sha512-asm.S armv8-32-sha512-asm_c.c armv8-aes-asm.S armv8-aes-asm_c.c armv8-aes.c armv8-chacha-asm.S armv8-chacha-asm_c.c armv8-curve25519.S armv8-curve25519_c.c armv8-mlkem-asm.S armv8-mlkem-asm_c.c armv8-poly1305-asm.S armv8-poly1305-asm_c.c armv8-sha256-asm.S armv8-sha256-asm_c.c armv8-sha256.c armv8-sha3-asm.S armv8-sha3-asm_c.c armv8-sha512-asm.S armv8-sha512-asm_c.c armv8-sha512.c cryptoCell.c cryptoCellHash.c thumb2-aes-asm.S thumb2-aes-asm_c.c thumb2-chacha-asm.S thumb2-chacha-asm_c.c thumb2-curve25519.S thumb2-curve25519_c.c thumb2-mlkem-asm.S thumb2-mlkem-asm_c.c thumb2-poly1305-asm.S thumb2-poly1305-asm_c.c thumb2-sha256-asm.S thumb2-sha256-asm_c.c thumb2-sha3-asm.S thumb2-sha3-asm_c.c thumb2-sha512-asm.S thumb2-sha512-asm_c.ccaam
README.md caam_aes.c caam_doc.pdf caam_driver.c caam_error.c caam_integrity.c caam_qnx.c caam_sha.c wolfcaam_aes.c wolfcaam_cmac.c wolfcaam_ecdsa.c wolfcaam_fsl_nxp.c wolfcaam_hash.c wolfcaam_hmac.c wolfcaam_init.c wolfcaam_qnx.c wolfcaam_rsa.c wolfcaam_seco.c wolfcaam_x25519.cdevcrypto
README.md devcrypto_aes.c devcrypto_ecdsa.c devcrypto_hash.c devcrypto_hmac.c devcrypto_rsa.c devcrypto_x25519.c wc_devcrypto.criscv
riscv-64-aes.c riscv-64-chacha.c riscv-64-poly1305.c riscv-64-sha256.c riscv-64-sha3.c riscv-64-sha512.cwolfssl
openssl
aes.h asn1.h asn1t.h bio.h bn.h buffer.h camellia.h cmac.h cms.h compat_types.h conf.h crypto.h des.h dh.h dsa.h ec.h ec25519.h ec448.h ecdh.h ecdsa.h ed25519.h ed448.h engine.h err.h evp.h fips_rand.h hmac.h include.am kdf.h lhash.h md4.h md5.h modes.h obj_mac.h objects.h ocsp.h opensslconf.h opensslv.h ossl_typ.h pem.h pkcs12.h pkcs7.h rand.h rc4.h ripemd.h rsa.h safestack.h sha.h sha3.h srp.h ssl.h ssl23.h stack.h tls1.h txt_db.h ui.h x509.h x509_vfy.h x509v3.hwolfcrypt
port
Renesas
renesas-fspsm-crypt.h renesas-fspsm-types.h renesas-rx64-hw-crypt.h renesas-tsip-crypt.h renesas_cmn.h renesas_fspsm_internal.h renesas_sync.h renesas_tsip_internal.h renesas_tsip_types.hcaam
caam_driver.h caam_error.h caam_qnx.h wolfcaam.h wolfcaam_aes.h wolfcaam_cmac.h wolfcaam_ecdsa.h wolfcaam_fsl_nxp.h wolfcaam_hash.h wolfcaam_qnx.h wolfcaam_rsa.h wolfcaam_seco.h wolfcaam_sha.h wolfcaam_x25519.hwrapper
Ada
examples
src
aes_verify_main.adb rsa_verify_main.adb sha256_main.adb spark_sockets.adb spark_sockets.ads spark_terminal.adb spark_terminal.ads tls_client.adb tls_client.ads tls_client_main.adb tls_server.adb tls_server.ads tls_server_main.adbtests
src
aes_bindings_tests.adb aes_bindings_tests.ads rsa_verify_bindings_tests.adb rsa_verify_bindings_tests.ads sha256_bindings_tests.adb sha256_bindings_tests.ads tests.adbCSharp
wolfSSL-Example-IOCallbacks
App.config wolfSSL-Example-IOCallbacks.cs wolfSSL-Example-IOCallbacks.csprojwolfSSL-TLS-ServerThreaded
App.config wolfSSL-TLS-ServerThreaded.cs wolfSSL-TLS-ServerThreaded.csprojrust
wolfssl-wolfcrypt
src
aes.rs blake2.rs chacha20_poly1305.rs cmac.rs cmac_mac.rs curve25519.rs dh.rs dilithium.rs ecc.rs ecdsa.rs ed25519.rs ed448.rs fips.rs hkdf.rs hmac.rs hmac_mac.rs kdf.rs lib.rs lms.rs mlkem.rs mlkem_kem.rs pbkdf2_password_hash.rs prf.rs random.rs rsa.rs rsa_pkcs1v15.rs sha.rs sha_digest.rs sys.rstests
test_aes.rs test_blake2.rs test_chacha20_poly1305.rs test_cmac.rs test_cmac_mac.rs test_curve25519.rs test_dh.rs test_dilithium.rs test_ecc.rs test_ecdsa.rs test_ed25519.rs test_ed448.rs test_hkdf.rs test_hmac.rs test_hmac_mac.rs test_kdf.rs test_lms.rs test_mlkem.rs test_mlkem_kem.rs test_pbkdf2_password_hash.rs test_prf.rs test_random.rs test_rsa.rs test_rsa_pkcs1v15.rs test_sha.rs test_sha_digest.rs test_wolfcrypt.rszephyr
samples
wolfssl_benchmark
CMakeLists.txt README install_test.sh prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.confwolfssl_test
CMakeLists.txt README install_test.sh prj-no-malloc.conf prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.conf
wolfssl/tests/api/test_ossl_x509_str.c
raw
1/* test_ossl_x509_str.c
2 *
3 * Copyright (C) 2006-2026 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22#include <tests/unit.h>
23
24#ifdef NO_INLINE
25 #include <wolfssl/wolfcrypt/misc.h>
26#else
27 #define WOLFSSL_MISC_INCLUDED
28 #include <wolfcrypt/src/misc.c>
29#endif
30
31#include <wolfssl/ssl.h>
32#ifdef OPENSSL_EXTRA
33 #include <wolfssl/openssl/x509_vfy.h>
34 #include <wolfssl/openssl/pem.h>
35#endif
36#include <tests/api/api.h>
37#include <tests/api/test_ossl_x509_str.h>
38
39#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
40 !defined(NO_ASN_TIME)
41static int last_errcodes[10];
42static int last_errdepths[10];
43static int err_index = 0;
44
45static int X509CallbackCount(int ok, X509_STORE_CTX *ctx)
46{
47 if (!ok) {
48 if (err_index < 10) {
49 last_errcodes[err_index] = X509_STORE_CTX_get_error(ctx);
50 last_errdepths[err_index] = X509_STORE_CTX_get_error_depth(ctx);
51 err_index++;
52 } else {
53 /* Should not happen in test */
54 WOLFSSL_MSG("Error index overflow in X509CallbackCount");
55 err_index = 0;
56 }
57 }
58 /* Always return OK to allow verification to continue.*/
59 return 1;
60}
61#endif
62
63int test_wolfSSL_X509_STORE_CTX_set_time(void)
64{
65 EXPECT_DECLS;
66#if defined(OPENSSL_EXTRA)
67 WOLFSSL_X509_STORE_CTX* ctx = NULL;
68 time_t c_time;
69
70 ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new());
71 c_time = 365*24*60*60;
72 wolfSSL_X509_STORE_CTX_set_time(ctx, 0, c_time);
73 ExpectTrue((ctx->param->flags & WOLFSSL_USE_CHECK_TIME) ==
74 WOLFSSL_USE_CHECK_TIME);
75 ExpectTrue(ctx->param->check_time == c_time);
76 wolfSSL_X509_STORE_CTX_free(ctx);
77#endif /* OPENSSL_EXTRA */
78 return EXPECT_RESULT();
79}
80
81int test_wolfSSL_X509_STORE_check_time(void)
82{
83 EXPECT_DECLS;
84#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
85 !defined(NO_ASN_TIME) && !defined(NO_RSA)
86 WOLFSSL_X509_STORE* store = NULL;
87 WOLFSSL_X509_STORE_CTX* ctx = NULL;
88 WOLFSSL_X509* ca = NULL;
89 WOLFSSL_X509* cert = NULL;
90 int ret;
91 time_t check_time;
92 const char* srvCertFile = "./certs/server-cert.pem";
93 const char* expiredCertFile = "./certs/test/expired/expired-cert.pem";
94
95 /* Set check_time to May 26, 2000 - should fail "not yet valid" check */
96 ExpectNotNull(store = wolfSSL_X509_STORE_new());
97 if (store != NULL) {
98 /* Load CA certificate - should validate with current time by default */
99 ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile,
100 SSL_FILETYPE_PEM));
101 ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, ca), WOLFSSL_SUCCESS);
102
103 /* Set check_time to May 26, 2000 (timestamp: 959320800) */
104 check_time = (time_t)959320800; /* May 26, 2000 00:00:00 UTC */
105 store->param->check_time = check_time;
106 wolfSSL_X509_VERIFY_PARAM_set_flags(store->param,
107 WOLFSSL_USE_CHECK_TIME);
108 ExpectTrue(store->param->check_time == check_time);
109 ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(srvCertFile,
110 SSL_FILETYPE_PEM));
111 ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new());
112 ExpectIntEQ(wolfSSL_X509_STORE_CTX_init(ctx, store, cert, NULL),
113 WOLFSSL_SUCCESS);
114
115 /* Verify that check_time was copied to context */
116 ExpectTrue((ctx->param->flags & WOLFSSL_USE_CHECK_TIME) ==
117 WOLFSSL_USE_CHECK_TIME);
118 ExpectTrue(ctx->param->check_time == check_time);
119
120 /* Verify certificate using the custom check_time - should fail because
121 * certificate is not yet valid (use before check fails) */
122 ret = wolfSSL_X509_verify_cert(ctx);
123 ExpectIntNE(ret, WOLFSSL_SUCCESS);
124 ExpectIntEQ(wolfSSL_X509_STORE_CTX_get_error(ctx),
125 WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID);
126 wolfSSL_X509_STORE_CTX_free(ctx);
127 ctx = NULL;
128 }
129 wolfSSL_X509_STORE_free(store);
130 store = NULL;
131 wolfSSL_X509_free(cert);
132 cert = NULL;
133 wolfSSL_X509_free(ca);
134 ca = NULL;
135
136 /* Verify without setting check_time - should work with current time */
137 ExpectNotNull(store = wolfSSL_X509_STORE_new());
138 if (store != NULL) {
139 ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile,
140 SSL_FILETYPE_PEM));
141 ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, ca), WOLFSSL_SUCCESS);
142 ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(srvCertFile,
143 SSL_FILETYPE_PEM));
144 ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new());
145 ExpectIntEQ(wolfSSL_X509_STORE_CTX_init(ctx, store, cert, NULL),
146 WOLFSSL_SUCCESS);
147 ret = wolfSSL_X509_verify_cert(ctx);
148 ExpectIntEQ(ret, WOLFSSL_SUCCESS);
149 wolfSSL_X509_STORE_CTX_free(ctx);
150 ctx = NULL;
151 }
152 wolfSSL_X509_STORE_free(store);
153 store = NULL;
154 wolfSSL_X509_free(cert);
155 cert = NULL;
156 wolfSSL_X509_free(ca);
157 ca = NULL;
158
159 /* Test WOLFSSL_NO_CHECK_TIME flag with expired certificate */
160 ExpectNotNull(store = wolfSSL_X509_STORE_new());
161 if (store != NULL) {
162 /* Set NO_CHECK_TIME flag to skip time validation */
163 wolfSSL_X509_VERIFY_PARAM_set_flags(store->param,
164 WOLFSSL_NO_CHECK_TIME);
165 ExpectTrue((store->param->flags & WOLFSSL_NO_CHECK_TIME) ==
166 WOLFSSL_NO_CHECK_TIME);
167
168 /* Load expired certificate (self-signed) */
169 ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(expiredCertFile,
170 SSL_FILETYPE_PEM));
171 /* Add expired certificate as trusted CA (self-signed) */
172 ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, cert), WOLFSSL_SUCCESS);
173
174 ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new());
175 ExpectIntEQ(wolfSSL_X509_STORE_CTX_init(ctx, store, cert, NULL),
176 WOLFSSL_SUCCESS);
177 /* Verify expired certificate with NO_CHECK_TIME - should succeed
178 * because time validation is skipped */
179 ret = wolfSSL_X509_verify_cert(ctx);
180 ExpectIntEQ(ret, WOLFSSL_SUCCESS);
181 }
182 wolfSSL_X509_STORE_CTX_free(ctx);
183 ctx = NULL;
184 wolfSSL_X509_STORE_free(store);
185 store = NULL;
186 wolfSSL_X509_free(cert);
187 cert = NULL;
188
189#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
190
191 err_index = 0;
192
193 ExpectNotNull(store = X509_STORE_new());
194 ExpectNotNull(ctx = X509_STORE_CTX_new());
195 ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile,
196 SSL_FILETYPE_PEM));
197 ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, ca), WOLFSSL_SUCCESS);
198
199 X509_STORE_set_verify_cb(store, X509CallbackCount);
200
201 ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(expiredCertFile,
202 SSL_FILETYPE_PEM));
203
204 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, cert, NULL), WOLFSSL_SUCCESS);
205 ExpectIntEQ(X509_verify_cert(ctx), WOLFSSL_SUCCESS);
206 /* while verifying the certificate, it should have two errors */
207 ExpectIntEQ(err_index, 2);
208 /* self-signed */
209 ExpectIntEQ(last_errcodes[err_index - 2],
210 WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT);
211 /* expired */
212 ExpectIntEQ(last_errcodes[err_index - 1],
213 WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED);
214
215 X509_STORE_CTX_free(ctx);
216 ctx = NULL;
217 X509_STORE_free(store);
218 store = NULL;
219 X509_free(cert);
220 cert = NULL;
221 X509_free(ca);
222 ca = NULL;
223
224 err_index = 0;
225
226 ExpectNotNull(store = X509_STORE_new());
227 /* Set NO_CHECK_TIME flag to skip time validation */
228 ExpectIntEQ(X509_VERIFY_PARAM_set_flags(store->param,
229 WOLFSSL_NO_CHECK_TIME), WOLFSSL_SUCCESS);
230 ExpectTrue((store->param->flags & WOLFSSL_NO_CHECK_TIME) ==
231 WOLFSSL_NO_CHECK_TIME);
232 ExpectNotNull(ctx = X509_STORE_CTX_new());
233 ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile,
234 SSL_FILETYPE_PEM));
235 ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, ca), WOLFSSL_SUCCESS);
236
237 X509_STORE_set_verify_cb(store, X509CallbackCount);
238
239 ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(expiredCertFile,
240 SSL_FILETYPE_PEM));
241
242 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, cert, NULL), WOLFSSL_SUCCESS);
243 ExpectIntEQ(X509_verify_cert(ctx), WOLFSSL_SUCCESS);
244 /* while verifying the certificate, it should have an error */
245 ExpectIntEQ(err_index, 1);
246 /* self-signed */
247 ExpectIntEQ(last_errcodes[err_index - 1],
248 WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT);
249 /* no expired because of no_check_time */
250 X509_STORE_CTX_free(ctx);
251 ctx = NULL;
252 X509_STORE_free(store);
253 store = NULL;
254 X509_free(cert);
255 cert = NULL;
256 X509_free(ca);
257 ca = NULL;
258#endif
259#endif /* OPENSSL_EXTRA && !NO_FILESYSTEM && !NO_ASN_TIME && !NO_RSA */
260 return EXPECT_RESULT();
261}
262
263int test_wolfSSL_X509_STORE_CTX_get0_store(void)
264{
265 EXPECT_DECLS;
266#if defined(OPENSSL_EXTRA)
267 X509_STORE* store = NULL;
268 X509_STORE_CTX* ctx = NULL;
269 X509_STORE_CTX* ctx_no_init = NULL;
270
271 ExpectNotNull((store = X509_STORE_new()));
272 ExpectNotNull(ctx = X509_STORE_CTX_new());
273 ExpectNotNull(ctx_no_init = X509_STORE_CTX_new());
274 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, NULL, NULL), SSL_SUCCESS);
275
276 ExpectNull(X509_STORE_CTX_get0_store(NULL));
277 /* should return NULL if ctx has not bee initialized */
278 ExpectNull(X509_STORE_CTX_get0_store(ctx_no_init));
279 ExpectNotNull(X509_STORE_CTX_get0_store(ctx));
280
281 wolfSSL_X509_STORE_CTX_free(ctx);
282 wolfSSL_X509_STORE_CTX_free(ctx_no_init);
283 X509_STORE_free(store);
284#endif /* OPENSSL_EXTRA */
285 return EXPECT_RESULT();
286}
287
288#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
289 !defined(NO_FILESYSTEM) && !defined(NO_RSA)
290static int verify_cb(int ok, X509_STORE_CTX *ctx)
291{
292 (void) ok;
293 (void) ctx;
294 fprintf(stderr, "ENTER verify_cb\n");
295 return SSL_SUCCESS;
296}
297#endif
298
299int test_wolfSSL_X509_STORE_CTX(void)
300{
301 EXPECT_DECLS;
302#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
303 !defined(NO_FILESYSTEM) && !defined(NO_RSA)
304 X509_STORE_CTX* ctx = NULL;
305 X509_STORE* str = NULL;
306 X509* x509 = NULL;
307#ifdef OPENSSL_ALL
308 X509* x5092 = NULL;
309 STACK_OF(X509) *sk = NULL;
310 STACK_OF(X509) *sk2 = NULL;
311 STACK_OF(X509) *sk3 = NULL;
312#endif
313
314 ExpectNotNull(ctx = X509_STORE_CTX_new());
315 ExpectNotNull((str = wolfSSL_X509_STORE_new()));
316 ExpectNotNull((x509 =
317 wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
318 ExpectIntEQ(X509_STORE_add_cert(str, x509), SSL_SUCCESS);
319#ifdef OPENSSL_ALL
320 /* sk_X509_new only in OPENSSL_ALL */
321 sk = sk_X509_new_null();
322 ExpectNotNull(sk);
323 ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509, sk), SSL_SUCCESS);
324#else
325 ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509, NULL), SSL_SUCCESS);
326#endif
327 ExpectIntEQ(SSL_get_ex_data_X509_STORE_CTX_idx(), 0);
328 X509_STORE_CTX_set_error(ctx, -5);
329 X509_STORE_CTX_set_error(NULL, -5);
330
331 X509_STORE_CTX_free(ctx);
332 ctx = NULL;
333#ifdef OPENSSL_ALL
334 sk_X509_pop_free(sk, NULL);
335 sk = NULL;
336#endif
337 X509_STORE_free(str);
338 str = NULL;
339 X509_free(x509);
340 x509 = NULL;
341
342 ExpectNotNull(ctx = X509_STORE_CTX_new());
343 X509_STORE_CTX_set_verify_cb(ctx, verify_cb);
344 X509_STORE_CTX_free(ctx);
345 ctx = NULL;
346
347#ifdef OPENSSL_ALL
348 /* test X509_STORE_CTX_get(1)_chain */
349 ExpectNotNull((x509 = X509_load_certificate_file(svrCertFile,
350 SSL_FILETYPE_PEM)));
351 ExpectNotNull((x5092 = X509_load_certificate_file(cliCertFile,
352 SSL_FILETYPE_PEM)));
353 ExpectNotNull((sk = sk_X509_new_null()));
354 ExpectIntEQ(sk_X509_push(sk, x509), 1);
355 if (EXPECT_FAIL()) {
356 X509_free(x509);
357 x509 = NULL;
358 }
359 ExpectNotNull((str = X509_STORE_new()));
360 ExpectNotNull((ctx = X509_STORE_CTX_new()));
361 ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1);
362 ExpectNull((sk2 = X509_STORE_CTX_get_chain(NULL)));
363 ExpectNull((sk2 = X509_STORE_CTX_get_chain(ctx)));
364 ExpectNull((sk3 = X509_STORE_CTX_get1_chain(NULL)));
365 ExpectNull((sk3 = X509_STORE_CTX_get1_chain(ctx)));
366 X509_STORE_CTX_free(ctx);
367 ctx = NULL;
368 X509_STORE_free(str);
369 str = NULL;
370 /* CTX certs not freed yet */
371 X509_free(x5092);
372 x5092 = NULL;
373 sk_X509_pop_free(sk, NULL);
374 sk = NULL;
375 /* sk3 is dup so free here */
376 sk_X509_pop_free(sk3, NULL);
377 sk3 = NULL;
378#endif
379
380 /* test X509_STORE_CTX_get/set_ex_data */
381 {
382 int i = 0, tmpData = 5;
383 void* tmpDataRet;
384 ExpectNotNull(ctx = X509_STORE_CTX_new());
385 #ifdef HAVE_EX_DATA
386 for (i = 0; i < MAX_EX_DATA; i++) {
387 ExpectIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
388 WOLFSSL_SUCCESS);
389 tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
390 ExpectNotNull(tmpDataRet);
391 ExpectIntEQ(tmpData, *(int*)tmpDataRet);
392 }
393 #else
394 ExpectIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
395 WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
396 tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
397 ExpectNull(tmpDataRet);
398 #endif
399 X509_STORE_CTX_free(ctx);
400 ctx = NULL;
401 }
402
403 /* test X509_STORE_get/set_ex_data */
404 {
405 int i = 0, tmpData = 99;
406 void* tmpDataRet;
407 ExpectNotNull(str = X509_STORE_new());
408 #ifdef HAVE_EX_DATA
409 for (i = 0; i < MAX_EX_DATA; i++) {
410 ExpectIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
411 WOLFSSL_SUCCESS);
412 tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
413 ExpectNotNull(tmpDataRet);
414 ExpectIntEQ(tmpData, *(int*)tmpDataRet);
415 }
416 #else
417 ExpectIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
418 WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
419 tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
420 ExpectNull(tmpDataRet);
421 #endif
422 X509_STORE_free(str);
423 str = NULL;
424 }
425
426#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
427 * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
428
429 return EXPECT_RESULT();
430}
431
432#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
433 !defined(NO_FILESYSTEM) && !defined(NO_RSA)
434
435typedef struct {
436 const char *caFile;
437 const char *caIntFile;
438 const char *caInt2File;
439 const char *leafFile;
440 X509 *x509Ca;
441 X509 *x509CaInt;
442 X509 *x509CaInt2;
443 X509 *x509Leaf;
444 STACK_OF(X509)* expectedChain;
445} X509_STORE_test_data;
446
447static X509 * test_wolfSSL_X509_STORE_CTX_ex_helper(const char *file)
448{
449 XFILE fp = XBADFILE;
450 X509 *x = NULL;
451
452 fp = XFOPEN(file, "rb");
453 if (fp == NULL) {
454 return NULL;
455 }
456 x = PEM_read_X509(fp, 0, 0, 0);
457 XFCLOSE(fp);
458
459 return x;
460}
461
462static int test_wolfSSL_X509_STORE_CTX_ex1(X509_STORE_test_data *testData)
463{
464 EXPECT_DECLS;
465 X509_STORE* store = NULL;
466 X509_STORE_CTX* ctx = NULL;
467 STACK_OF(X509)* chain = NULL;
468 int i = 0;
469
470 /* Test case 1, add X509 certs to store and verify */
471 ExpectNotNull(store = X509_STORE_new());
472 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1);
473 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
474 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
475 ExpectNotNull(ctx = X509_STORE_CTX_new());
476 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
477 ExpectIntEQ(X509_verify_cert(ctx), 1);
478 ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
479 ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
480 for (i = 0; i < sk_X509_num(chain); i++) {
481 ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
482 sk_X509_value(testData->expectedChain, i)), 0);
483 }
484 X509_STORE_CTX_free(ctx);
485 X509_STORE_free(store);
486 return EXPECT_RESULT();
487}
488
489static int test_wolfSSL_X509_STORE_CTX_ex2(X509_STORE_test_data *testData)
490{
491 EXPECT_DECLS;
492 X509_STORE* store = NULL;
493 X509_STORE_CTX* ctx = NULL;
494 STACK_OF(X509)* chain = NULL;
495 int i = 0;
496
497 /* Test case 2, add certs by filename to store and verify */
498 ExpectNotNull(store = X509_STORE_new());
499 ExpectIntEQ(X509_STORE_load_locations(
500 store, testData->caFile, NULL), 1);
501 ExpectIntEQ(X509_STORE_load_locations(
502 store, testData->caIntFile, NULL), 1);
503 ExpectIntEQ(X509_STORE_load_locations(
504 store, testData->caInt2File, NULL), 1);
505 ExpectNotNull(ctx = X509_STORE_CTX_new());
506 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
507 ExpectIntEQ(X509_verify_cert(ctx), 1);
508 ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
509 ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
510 for (i = 0; i < sk_X509_num(chain); i++) {
511 ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
512 sk_X509_value(testData->expectedChain, i)), 0);
513 }
514 X509_STORE_CTX_free(ctx);
515 X509_STORE_free(store);
516 return EXPECT_RESULT();
517}
518
519static int test_wolfSSL_X509_STORE_CTX_ex3(X509_STORE_test_data *testData)
520{
521 EXPECT_DECLS;
522 X509_STORE* store = NULL;
523 X509_STORE_CTX* ctx = NULL;
524 STACK_OF(X509)* chain = NULL;
525 int i = 0;
526
527 /* Test case 3, mix and match X509 with files */
528 ExpectNotNull(store = X509_STORE_new());
529 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
530 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
531 ExpectIntEQ(X509_STORE_load_locations(
532 store, testData->caFile, NULL), 1);
533 ExpectNotNull(ctx = X509_STORE_CTX_new());
534 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
535 ExpectIntEQ(X509_verify_cert(ctx), 1);
536 ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
537 ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
538 for (i = 0; i < sk_X509_num(chain); i++) {
539 ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
540 sk_X509_value(testData->expectedChain, i)), 0);
541 }
542 X509_STORE_CTX_free(ctx);
543 X509_STORE_free(store);
544 return EXPECT_RESULT();
545}
546
547static int test_wolfSSL_X509_STORE_CTX_ex4(X509_STORE_test_data *testData)
548{
549 EXPECT_DECLS;
550 X509_STORE* store = NULL;
551 X509_STORE_CTX* ctx = NULL;
552 STACK_OF(X509)* chain = NULL;
553 STACK_OF(X509)* inter = NULL;
554 int i = 0;
555
556 /* Test case 4, CA loaded by file, intermediates passed on init */
557 ExpectNotNull(store = X509_STORE_new());
558 ExpectIntEQ(X509_STORE_load_locations(
559 store, testData->caFile, NULL), 1);
560 ExpectNotNull(inter = sk_X509_new_null());
561 ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1);
562 ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1);
563 ExpectNotNull(ctx = X509_STORE_CTX_new());
564 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1);
565 ExpectIntEQ(X509_verify_cert(ctx), 1);
566 ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
567 ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
568 for (i = 0; i < sk_X509_num(chain); i++) {
569 ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
570 sk_X509_value(testData->expectedChain, i)), 0);
571 }
572 X509_STORE_CTX_free(ctx);
573 X509_STORE_free(store);
574 sk_X509_free(inter);
575 return EXPECT_RESULT();
576}
577
578static int test_wolfSSL_X509_STORE_CTX_ex5(X509_STORE_test_data *testData)
579{
580 EXPECT_DECLS;
581 X509_STORE* store = NULL;
582 X509_STORE_CTX* ctx = NULL;
583 STACK_OF(X509)* chain = NULL;
584 STACK_OF(X509)* trusted = NULL;
585 int i = 0;
586
587 /* Test case 5, manually set trusted stack */
588 ExpectNotNull(store = X509_STORE_new());
589 ExpectNotNull(trusted = sk_X509_new_null());
590 ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1);
591 ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1);
592 ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1);
593 ExpectNotNull(ctx = X509_STORE_CTX_new());
594 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
595 X509_STORE_CTX_trusted_stack(ctx, trusted);
596 ExpectIntEQ(X509_verify_cert(ctx), 1);
597 ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
598 ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
599 for (i = 0; i < sk_X509_num(chain); i++) {
600 ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
601 sk_X509_value(testData->expectedChain, i)), 0);
602 }
603 X509_STORE_CTX_free(ctx);
604 X509_STORE_free(store);
605 sk_X509_free(trusted);
606 return EXPECT_RESULT();
607}
608
609static int test_wolfSSL_X509_STORE_CTX_ex6(X509_STORE_test_data *testData)
610{
611 EXPECT_DECLS;
612 X509_STORE* store = NULL;
613 X509_STORE_CTX* ctx = NULL;
614 STACK_OF(X509)* chain = NULL;
615 STACK_OF(X509)* trusted = NULL;
616 STACK_OF(X509)* inter = NULL;
617 int i = 0;
618
619 /* Test case 6, manually set trusted stack will be unified with
620 * any intermediates provided on init */
621 ExpectNotNull(store = X509_STORE_new());
622 ExpectNotNull(trusted = sk_X509_new_null());
623 ExpectNotNull(inter = sk_X509_new_null());
624 ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1);
625 ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1);
626 ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1);
627 ExpectNotNull(ctx = X509_STORE_CTX_new());
628 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1);
629 X509_STORE_CTX_trusted_stack(ctx, trusted);
630 ExpectIntEQ(X509_verify_cert(ctx), 1);
631 ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
632 ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
633 for (i = 0; i < sk_X509_num(chain); i++) {
634 ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
635 sk_X509_value(testData->expectedChain, i)), 0);
636 }
637 X509_STORE_CTX_free(ctx);
638 X509_STORE_free(store);
639 sk_X509_free(trusted);
640 sk_X509_free(inter);
641 return EXPECT_RESULT();
642}
643
644static int test_wolfSSL_X509_STORE_CTX_ex7(X509_STORE_test_data *testData)
645{
646 EXPECT_DECLS;
647 X509_STORE* store = NULL;
648 X509_STORE_CTX* ctx = NULL;
649 STACK_OF(X509)* chain = NULL;
650 int i = 0;
651
652 /* Test case 7, certs added to store after ctx init are still used */
653 ExpectNotNull(store = X509_STORE_new());
654 ExpectNotNull(ctx = X509_STORE_CTX_new());
655 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
656 ExpectIntNE(X509_verify_cert(ctx), 1);
657 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
658 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
659 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1);
660 ExpectIntEQ(X509_verify_cert(ctx), 1);
661 ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
662 ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
663 for (i = 0; i < sk_X509_num(chain); i++) {
664 ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
665 sk_X509_value(testData->expectedChain, i)), 0);
666 }
667 X509_STORE_CTX_free(ctx);
668 X509_STORE_free(store);
669 return EXPECT_RESULT();
670}
671
672static int test_wolfSSL_X509_STORE_CTX_ex8(X509_STORE_test_data *testData)
673{
674 EXPECT_DECLS;
675 X509_STORE* store = NULL;
676 X509_STORE_CTX* ctx = NULL;
677 STACK_OF(X509)* chain = NULL;
678 int i = 0;
679
680 /* Test case 8, Only full chain verifies */
681 ExpectNotNull(store = X509_STORE_new());
682 ExpectNotNull(ctx = X509_STORE_CTX_new());
683 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
684 ExpectIntNE(X509_verify_cert(ctx), 1);
685 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
686 ExpectIntNE(X509_verify_cert(ctx), 1);
687 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
688 ExpectIntNE(X509_verify_cert(ctx), 1);
689 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1);
690 ExpectIntEQ(X509_verify_cert(ctx), 1);
691 ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
692 ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain));
693 for (i = 0; i < sk_X509_num(chain); i++) {
694 ExpectIntEQ(X509_cmp(sk_X509_value(chain, i),
695 sk_X509_value(testData->expectedChain, i)), 0);
696 }
697 X509_STORE_CTX_free(ctx);
698 X509_STORE_free(store);
699 return EXPECT_RESULT();
700}
701
702static int test_wolfSSL_X509_STORE_CTX_ex9(X509_STORE_test_data *testData)
703{
704 EXPECT_DECLS;
705 X509_STORE* store = NULL;
706 X509_STORE_CTX* ctx = NULL;
707 X509_STORE_CTX* ctx2 = NULL;
708 STACK_OF(X509)* trusted = NULL;
709
710 /* Test case 9, certs added to store should not be reflected in ctx that
711 * has been manually set with a trusted stack, but are reflected in ctx
712 * that has not set trusted stack */
713 ExpectNotNull(store = X509_STORE_new());
714 ExpectNotNull(ctx = X509_STORE_CTX_new());
715 ExpectNotNull(ctx2 = X509_STORE_CTX_new());
716 ExpectNotNull(trusted = sk_X509_new_null());
717 ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1);
718 ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1);
719 ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1);
720 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
721 ExpectIntEQ(X509_STORE_CTX_init(ctx2, store, testData->x509Leaf, NULL), 1);
722 ExpectIntNE(X509_verify_cert(ctx), 1);
723 ExpectIntNE(X509_verify_cert(ctx2), 1);
724 X509_STORE_CTX_trusted_stack(ctx, trusted);
725 /* CTX1 should now verify */
726 ExpectIntEQ(X509_verify_cert(ctx), 1);
727 ExpectIntNE(X509_verify_cert(ctx2), 1);
728 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1);
729 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
730 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
731 /* CTX2 should now verify */
732 ExpectIntEQ(X509_verify_cert(ctx2), 1);
733 X509_STORE_CTX_free(ctx);
734 X509_STORE_CTX_free(ctx2);
735 X509_STORE_free(store);
736 sk_X509_free(trusted);
737 return EXPECT_RESULT();
738}
739
740static int test_wolfSSL_X509_STORE_CTX_ex10(X509_STORE_test_data *testData)
741{
742 EXPECT_DECLS;
743 X509_STORE* store = NULL;
744 X509_STORE_CTX* ctx = NULL;
745 STACK_OF(X509)* chain = NULL;
746
747 /* Test case 10, ensure partial chain flag works */
748 ExpectNotNull(store = X509_STORE_new());
749 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
750 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
751 ExpectNotNull(ctx = X509_STORE_CTX_new());
752 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
753 /* Fails because chain is incomplete */
754 ExpectIntNE(X509_verify_cert(ctx), 1);
755 ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN), 1);
756 /* Partial chain now OK */
757 ExpectIntEQ(X509_verify_cert(ctx), 1);
758 ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
759 X509_STORE_CTX_free(ctx);
760 X509_STORE_free(store);
761 return EXPECT_RESULT();
762}
763
764static int test_wolfSSL_X509_STORE_CTX_ex11(X509_STORE_test_data *testData)
765{
766 EXPECT_DECLS;
767 X509_STORE* store = NULL;
768 X509_STORE_CTX* ctx = NULL;
769 STACK_OF(X509)* chain = NULL;
770
771 /* Test case 11, test partial chain flag on ctx itself */
772 ExpectNotNull(store = X509_STORE_new());
773 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1);
774 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
775 ExpectNotNull(ctx = X509_STORE_CTX_new());
776 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1);
777 /* Fails because chain is incomplete */
778 ExpectIntNE(X509_verify_cert(ctx), 1);
779 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_PARTIAL_CHAIN);
780 /* Partial chain now OK */
781 ExpectIntEQ(X509_verify_cert(ctx), 1);
782 ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
783 X509_STORE_CTX_free(ctx);
784 X509_STORE_free(store);
785 return EXPECT_RESULT();
786}
787
788static int test_wolfSSL_X509_STORE_CTX_ex_partial_chain_neg(
789 X509_STORE_test_data *testData)
790{
791 EXPECT_DECLS;
792 X509_STORE* store = NULL;
793 X509_STORE_CTX* ctx = NULL;
794 STACK_OF(X509)* untrusted = NULL;
795
796 /* Negative partial-chain test: with X509_V_FLAG_PARTIAL_CHAIN set, the
797 * intermediates are supplied ONLY as untrusted (passed through the
798 * X509_STORE_CTX_init "chain" argument and never added to the store).
799 * No certificate in the chain is in the store, so verification must
800 * fail. Pre-fix, wolfSSL_X509_verify_cert would incorrectly accept
801 * this chain because its partial-chain fallback only checked that some
802 * intermediate had been temporarily loaded into the CertManager, not
803 * that any chain certificate was actually trusted. */
804 ExpectNotNull(store = X509_STORE_new());
805 /* Intentionally do NOT add x509CaInt, x509CaInt2, or x509Ca. */
806 ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN), 1);
807
808 ExpectNotNull(untrusted = sk_X509_new_null());
809 ExpectIntGT(sk_X509_push(untrusted, testData->x509CaInt2), 0);
810 ExpectIntGT(sk_X509_push(untrusted, testData->x509CaInt), 0);
811
812 ExpectNotNull(ctx = X509_STORE_CTX_new());
813 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, untrusted),
814 1);
815 /* Must NOT verify: partial-chain does not relax the trust requirement. */
816 ExpectIntNE(X509_verify_cert(ctx), 1);
817 /* Verify the failure is specifically due to missing trust anchor, not
818 * some unrelated error. */
819 ExpectIntEQ(X509_STORE_CTX_get_error(ctx),
820 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY);
821
822 X509_STORE_CTX_free(ctx);
823 X509_STORE_free(store);
824 sk_X509_free(untrusted);
825 return EXPECT_RESULT();
826}
827
828static int test_wolfSSL_X509_STORE_CTX_ex_partial_chain_mixed(
829 X509_STORE_test_data *testData)
830{
831 EXPECT_DECLS;
832 X509_STORE* store = NULL;
833 X509_STORE_CTX* ctx = NULL;
834 STACK_OF(X509)* untrusted = NULL;
835
836 /* Mixed trusted-store + untrusted-chain partial-chain test: the store
837 * trusts an intermediate (x509CaInt2, the leaf's direct issuer), while
838 * an additional intermediate (x509CaInt) is supplied only as untrusted
839 * via the chain argument. With X509_V_FLAG_PARTIAL_CHAIN, verification
840 * must succeed by terminating at the trusted intermediate. This test
841 * exercises the snapshot-based trust check in X509StoreCertIsTrusted:
842 * the untrusted intermediate injected during verification must not be
843 * treated as a trust anchor, but the intermediate already in the store
844 * must be. */
845 ExpectNotNull(store = X509_STORE_new());
846 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1);
847 ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN), 1);
848
849 ExpectNotNull(untrusted = sk_X509_new_null());
850 ExpectIntGT(sk_X509_push(untrusted, testData->x509CaInt), 0);
851
852 ExpectNotNull(ctx = X509_STORE_CTX_new());
853 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, untrusted),
854 1);
855 /* Must verify: chain terminates at trusted intermediate in the store. */
856 ExpectIntEQ(X509_verify_cert(ctx), 1);
857 ExpectIntEQ(X509_STORE_CTX_get_error(ctx), X509_V_OK);
858
859 X509_STORE_CTX_free(ctx);
860 X509_STORE_free(store);
861 sk_X509_free(untrusted);
862 return EXPECT_RESULT();
863}
864
865static int test_wolfSSL_X509_STORE_CTX_ex_partial_chain_untrusted_terminal(
866 X509_STORE_test_data *testData)
867{
868 EXPECT_DECLS;
869 X509_STORE* store = NULL;
870 X509_STORE_CTX* ctx = NULL;
871 STACK_OF(X509)* untrusted = NULL;
872
873 /* Partial-chain boundary test: the store trusts a CA (x509Ca) that is
874 * NOT reachable from the leaf given the supplied untrusted intermediates,
875 * and an untrusted intermediate (x509CaInt2) IS the terminal of the
876 * (truncated) chain. With X509_V_FLAG_PARTIAL_CHAIN set, verification
877 * must FAIL because the chain terminates at an untrusted certificate.
878 *
879 * This test specifically targets the snapshot-based trust check in
880 * X509StoreCertIsTrusted. Before addAllButSelfSigned injects
881 * x509CaInt2, origTrustedSk is snapshotted from the caller-trusted set
882 * and contains only x509Ca. When the chain terminates at x509CaInt2,
883 * the trust check consults origTrustedSk (not the mutated working
884 * stack) and correctly finds no match. A regression that consulted
885 * the post-injection working stack instead of the snapshot would
886 * incorrectly mark x509CaInt2 as trusted and cause verification to
887 * succeed. */
888 ExpectNotNull(store = X509_STORE_new());
889 ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1);
890 ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN), 1);
891
892 /* Only x509CaInt2 supplied as untrusted; x509CaInt is intentionally
893 * withheld so the chain cannot actually reach the trusted x509Ca. */
894 ExpectNotNull(untrusted = sk_X509_new_null());
895 ExpectIntGT(sk_X509_push(untrusted, testData->x509CaInt2), 0);
896
897 ExpectNotNull(ctx = X509_STORE_CTX_new());
898 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, untrusted),
899 1);
900 /* Must NOT verify: the chain terminal (x509CaInt2) is not in the
901 * original trust set, even though the store is non-empty. */
902 ExpectIntNE(X509_verify_cert(ctx), 1);
903 ExpectIntEQ(X509_STORE_CTX_get_error(ctx),
904 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY);
905
906 X509_STORE_CTX_free(ctx);
907 X509_STORE_free(store);
908 sk_X509_free(untrusted);
909 return EXPECT_RESULT();
910}
911
912#ifdef HAVE_ECC
913static int test_wolfSSL_X509_STORE_CTX_ex12(void)
914{
915 EXPECT_DECLS;
916 X509_STORE* store = NULL;
917 X509_STORE_CTX* ctx = NULL;
918 STACK_OF(X509)* chain = NULL;
919 X509* rootEccX509 = NULL;
920 X509* badAkiX509 = NULL;
921 X509* ca1X509 = NULL;
922
923 const char* intCARootECCFile = "./certs/ca-ecc-cert.pem";
924 const char* intCA1ECCFile = "./certs/intermediate/ca-int-ecc-cert.pem";
925 const char* intCABadAKIECCFile = "./certs/intermediate/ca-ecc-bad-aki.pem";
926
927 /* Test case 12, multiple CAs with the same SKI including 1 with
928 intentionally bad/unregistered AKI. x509_verify_cert should still form a
929 valid chain using the valid CA, ignoring the bad CA. Developed from
930 customer provided reproducer. */
931
932 ExpectNotNull(store = X509_STORE_new());
933 ExpectNotNull(rootEccX509 = test_wolfSSL_X509_STORE_CTX_ex_helper(
934 intCARootECCFile));
935 ExpectIntEQ(X509_STORE_add_cert(store, rootEccX509), 1);
936 ExpectNotNull(badAkiX509 = test_wolfSSL_X509_STORE_CTX_ex_helper(
937 intCABadAKIECCFile));
938 ExpectNotNull(ctx = X509_STORE_CTX_new());
939 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, badAkiX509, NULL), 1);
940 ExpectIntEQ(X509_verify_cert(ctx), 0);
941 X509_STORE_CTX_cleanup(ctx);
942
943 ExpectIntEQ(X509_STORE_add_cert(store, badAkiX509), 1);
944 ExpectNotNull(ca1X509 = test_wolfSSL_X509_STORE_CTX_ex_helper(
945 intCA1ECCFile));
946 ExpectIntEQ(X509_STORE_CTX_init(ctx, store, ca1X509, NULL), 1);
947 ExpectIntEQ(X509_verify_cert(ctx), 1);
948 ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
949
950 X509_STORE_CTX_free(ctx);
951 X509_STORE_free(store);
952 X509_free(rootEccX509);
953 X509_free(badAkiX509);
954 X509_free(ca1X509);
955 return EXPECT_RESULT();
956}
957#endif
958#endif
959
960int test_wolfSSL_X509_STORE_CTX_ex(void)
961{
962 EXPECT_DECLS;
963#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
964 !defined(NO_FILESYSTEM) && !defined(NO_RSA)
965 X509_STORE_test_data testData;
966 XMEMSET((void *)&testData, 0, sizeof(X509_STORE_test_data));
967 testData.caFile = "./certs/ca-cert.pem";
968 testData.caIntFile = "./certs/intermediate/ca-int-cert.pem";
969 testData.caInt2File = "./certs/intermediate/ca-int2-cert.pem";
970 testData.leafFile = "./certs/intermediate/server-chain.pem";
971
972 ExpectNotNull(testData.x509Ca = \
973 test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caFile));
974 ExpectNotNull(testData.x509CaInt = \
975 test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caIntFile));
976 ExpectNotNull(testData.x509CaInt2 = \
977 test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caInt2File));
978 ExpectNotNull(testData.x509Leaf = \
979 test_wolfSSL_X509_STORE_CTX_ex_helper(testData.leafFile));
980 ExpectNotNull(testData.expectedChain = sk_X509_new_null());
981 ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Leaf), 1);
982 ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt2), 1);
983 ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt), 1);
984 ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Ca), 1);
985
986 ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex1(&testData), 1);
987 ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex2(&testData), 1);
988 ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex3(&testData), 1);
989 ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex4(&testData), 1);
990 ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex5(&testData), 1);
991 ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex6(&testData), 1);
992 ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex7(&testData), 1);
993 ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex8(&testData), 1);
994 ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex9(&testData), 1);
995 ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex10(&testData), 1);
996 ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex11(&testData), 1);
997 ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex_partial_chain_neg(&testData), 1);
998 ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex_partial_chain_mixed(&testData),
999 1);
1000 ExpectIntEQ(
1001 test_wolfSSL_X509_STORE_CTX_ex_partial_chain_untrusted_terminal(
1002 &testData), 1);
1003#ifdef HAVE_ECC
1004 ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex12(), 1);
1005#endif
1006
1007 if(testData.x509Ca) {
1008 X509_free(testData.x509Ca);
1009 }
1010 if(testData.x509CaInt) {
1011 X509_free(testData.x509CaInt);
1012 }
1013 if(testData.x509CaInt2) {
1014 X509_free(testData.x509CaInt2);
1015 }
1016 if(testData.x509Leaf) {
1017 X509_free(testData.x509Leaf);
1018 }
1019 if (testData.expectedChain) {
1020 sk_X509_free(testData.expectedChain);
1021 }
1022
1023#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
1024 * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
1025
1026 return EXPECT_RESULT();
1027}
1028
1029#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
1030static int test_X509_STORE_untrusted_load_cert_to_stack(const char* filename,
1031 STACK_OF(X509)* chain)
1032{
1033 EXPECT_DECLS;
1034 XFILE fp = XBADFILE;
1035 X509* cert = NULL;
1036
1037 ExpectTrue((fp = XFOPEN(filename, "rb"))
1038 != XBADFILE);
1039 ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 ));
1040 if (fp != XBADFILE) {
1041 XFCLOSE(fp);
1042 fp = XBADFILE;
1043 }
1044 ExpectIntGT(sk_X509_push(chain, cert), 0);
1045 if (EXPECT_FAIL())
1046 X509_free(cert);
1047
1048 return EXPECT_RESULT();
1049}
1050
1051static int test_X509_STORE_untrusted_certs(const char** filenames, int ret,
1052 int err, int loadCA)
1053{
1054 EXPECT_DECLS;
1055 X509_STORE_CTX* ctx = NULL;
1056 X509_STORE* str = NULL;
1057 XFILE fp = XBADFILE;
1058 X509* cert = NULL;
1059 STACK_OF(X509)* untrusted = NULL;
1060
1061 ExpectTrue((fp = XFOPEN("./certs/intermediate/server-int-cert.pem", "rb"))
1062 != XBADFILE);
1063 ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 ));
1064 if (fp != XBADFILE) {
1065 XFCLOSE(fp);
1066 fp = XBADFILE;
1067 }
1068
1069 ExpectNotNull(str = X509_STORE_new());
1070 ExpectNotNull(ctx = X509_STORE_CTX_new());
1071 ExpectNotNull(untrusted = sk_X509_new_null());
1072
1073 ExpectIntEQ(X509_STORE_set_flags(str, 0), 1);
1074 if (loadCA) {
1075 ExpectIntEQ(X509_STORE_load_locations(str, "./certs/ca-cert.pem", NULL),
1076 1);
1077 }
1078 for (; *filenames; filenames++) {
1079 ExpectIntEQ(test_X509_STORE_untrusted_load_cert_to_stack(*filenames,
1080 untrusted), TEST_SUCCESS);
1081 }
1082
1083 ExpectIntEQ(X509_STORE_CTX_init(ctx, str, cert, untrusted), 1);
1084 ExpectIntEQ(X509_verify_cert(ctx), ret);
1085 ExpectIntEQ(X509_STORE_CTX_get_error(ctx), err);
1086
1087 X509_free(cert);
1088 X509_STORE_free(str);
1089 X509_STORE_CTX_free(ctx);
1090 sk_X509_pop_free(untrusted, NULL);
1091
1092 return EXPECT_RESULT();
1093}
1094#endif
1095
1096int test_X509_STORE_untrusted(void)
1097{
1098 EXPECT_DECLS;
1099#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
1100 const char* untrusted1[] = {
1101 "./certs/intermediate/ca-int2-cert.pem",
1102 NULL
1103 };
1104 const char* untrusted2[] = {
1105 "./certs/intermediate/ca-int-cert.pem",
1106 "./certs/intermediate/ca-int2-cert.pem",
1107 NULL
1108 };
1109 const char* untrusted3[] = {
1110 "./certs/intermediate/ca-int-cert.pem",
1111 "./certs/intermediate/ca-int2-cert.pem",
1112 "./certs/ca-cert.pem",
1113 NULL
1114 };
1115 /* Adding unrelated certs that should be ignored */
1116 const char* untrusted4[] = {
1117 "./certs/client-ca.pem",
1118 "./certs/intermediate/ca-int-cert.pem",
1119 "./certs/server-cert.pem",
1120 "./certs/intermediate/ca-int2-cert.pem",
1121 NULL
1122 };
1123
1124 /* Only immediate issuer in untrusted chain. Fails since can't build chain
1125 * to loaded CA. */
1126 ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted1, 0,
1127 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 1), TEST_SUCCESS);
1128 /* Succeeds because path to loaded CA is available. */
1129 ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted2, 1, 0, 1),
1130 TEST_SUCCESS);
1131 /* Root CA in untrusted chain is OK so long as CA has been loaded
1132 * properly */
1133 ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 1),
1134 TEST_SUCCESS);
1135 /* Still needs properly loaded CA, while including it in untrusted
1136 * list is not an error, it also doesn't count for verify */
1137 ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 0,
1138 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 0),
1139 TEST_SUCCESS);
1140 /* Succeeds because path to loaded CA is available. */
1141 ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted4, 1, 0, 1),
1142 TEST_SUCCESS);
1143#endif
1144 return EXPECT_RESULT();
1145}
1146
1147#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
1148 !defined(WOLFSSL_X509_STORE_ALLOW_NON_CA_INTERMEDIATE)
1149
1150static int last_errcode;
1151static int last_errdepth;
1152
1153static int X509Callback(int ok, X509_STORE_CTX *ctx)
1154{
1155
1156 if (!ok) {
1157 last_errcode = X509_STORE_CTX_get_error(ctx);
1158 last_errdepth = X509_STORE_CTX_get_error_depth(ctx);
1159 }
1160 /* Always return OK to allow verification to continue.*/
1161 return 1;
1162}
1163
1164#endif
1165
1166int test_X509_STORE_InvalidCa(void)
1167{
1168 EXPECT_DECLS;
1169#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
1170 !defined(WOLFSSL_X509_STORE_ALLOW_NON_CA_INTERMEDIATE)
1171 const char* filename = "./certs/intermediate/ca_false_intermediate/"
1172 "test_int_not_cacert.pem";
1173 const char* srvfile = "./certs/intermediate/ca_false_intermediate/"
1174 "test_sign_bynoca_srv.pem";
1175 X509_STORE_CTX* ctx = NULL;
1176 X509_STORE* str = NULL;
1177 XFILE fp = XBADFILE;
1178 X509* cert = NULL;
1179 STACK_OF(X509)* untrusted = NULL;
1180
1181 last_errcode = 0;
1182 last_errdepth = 0;
1183
1184 ExpectTrue((fp = XFOPEN(srvfile, "rb"))
1185 != XBADFILE);
1186 ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 ));
1187 if (fp != XBADFILE) {
1188 XFCLOSE(fp);
1189 fp = XBADFILE;
1190 }
1191
1192 ExpectNotNull(str = X509_STORE_new());
1193 ExpectNotNull(ctx = X509_STORE_CTX_new());
1194 ExpectNotNull(untrusted = sk_X509_new_null());
1195
1196 /* create cert chain stack */
1197 ExpectIntEQ(test_X509_STORE_untrusted_load_cert_to_stack(filename,
1198 untrusted), TEST_SUCCESS);
1199
1200 X509_STORE_set_verify_cb(str, X509Callback);
1201
1202 ExpectIntEQ(X509_STORE_load_locations(str,
1203 "./certs/intermediate/ca_false_intermediate/test_ca.pem",
1204 NULL), 1);
1205
1206 ExpectIntEQ(X509_STORE_CTX_init(ctx, str, cert, untrusted), 1);
1207 ExpectIntEQ(X509_verify_cert(ctx), 1);
1208 ExpectIntEQ(last_errcode, X509_V_ERR_INVALID_CA);
1209 (void)last_errdepth;
1210 /* Defense in depth: ctx->error must not be clobbered back to X509_V_OK
1211 * by the later successful verification of the intermediate against the
1212 * trusted root. The worst-seen error must persist. */
1213 ExpectIntEQ(X509_STORE_CTX_get_error(ctx), X509_V_ERR_INVALID_CA);
1214
1215 X509_free(cert);
1216 X509_STORE_free(str);
1217 X509_STORE_CTX_free(ctx);
1218 sk_X509_pop_free(untrusted, NULL);
1219#endif
1220 return EXPECT_RESULT();
1221}
1222
1223int test_X509_STORE_InvalidCa_NoCallback(void)
1224{
1225 EXPECT_DECLS;
1226#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
1227 !defined(WOLFSSL_X509_STORE_ALLOW_NON_CA_INTERMEDIATE)
1228 const char* filename = "./certs/intermediate/ca_false_intermediate/"
1229 "test_int_not_cacert.pem";
1230 const char* srvfile = "./certs/intermediate/ca_false_intermediate/"
1231 "test_sign_bynoca_srv.pem";
1232 X509_STORE_CTX* ctx = NULL;
1233 X509_STORE* str = NULL;
1234 XFILE fp = XBADFILE;
1235 X509* cert = NULL;
1236 STACK_OF(X509)* untrusted = NULL;
1237
1238 ExpectTrue((fp = XFOPEN(srvfile, "rb"))
1239 != XBADFILE);
1240 ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 ));
1241 if (fp != XBADFILE) {
1242 XFCLOSE(fp);
1243 fp = XBADFILE;
1244 }
1245
1246 ExpectNotNull(str = X509_STORE_new());
1247 ExpectNotNull(ctx = X509_STORE_CTX_new());
1248 ExpectNotNull(untrusted = sk_X509_new_null());
1249
1250 /* Create cert chain stack with an intermediate that is CA:FALSE. */
1251 ExpectIntEQ(test_X509_STORE_untrusted_load_cert_to_stack(filename,
1252 untrusted), TEST_SUCCESS);
1253
1254 ExpectIntEQ(X509_STORE_load_locations(str,
1255 "./certs/intermediate/ca_false_intermediate/test_ca.pem",
1256 NULL), 1);
1257 ExpectIntEQ(X509_STORE_CTX_init(ctx, str, cert, untrusted), 1);
1258 /* No verify callback: verification must fail on CA:FALSE issuer. */
1259 ExpectIntNE(X509_verify_cert(ctx), 1);
1260 ExpectIntEQ(X509_STORE_CTX_get_error(ctx), X509_V_ERR_INVALID_CA);
1261
1262 X509_free(cert);
1263 X509_STORE_free(str);
1264 X509_STORE_CTX_free(ctx);
1265 sk_X509_pop_free(untrusted, NULL);
1266#endif
1267 return EXPECT_RESULT();
1268}
1269
1270int test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void)
1271{
1272 int res = TEST_SKIPPED;
1273#if defined(OPENSSL_EXTRA)
1274 X509_STORE_CTX_cleanup(NULL);
1275 X509_STORE_CTX_trusted_stack(NULL, NULL);
1276
1277 res = TEST_SUCCESS;
1278#endif
1279 return res;
1280}
1281
1282int test_wolfSSL_X509_STORE_CTX_get_issuer(void)
1283{
1284 EXPECT_DECLS;
1285#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
1286 X509_STORE_CTX* ctx = NULL;
1287 X509_STORE* str = NULL;
1288 X509* x509Ca = NULL;
1289 X509* x509Svr = NULL;
1290 X509* issuer = NULL;
1291 X509_NAME* caName = NULL;
1292 X509_NAME* issuerName = NULL;
1293
1294 ExpectNotNull(ctx = X509_STORE_CTX_new());
1295 ExpectNotNull((str = wolfSSL_X509_STORE_new()));
1296 ExpectNotNull((x509Ca =
1297 wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM)));
1298 ExpectIntEQ(X509_STORE_add_cert(str, x509Ca), SSL_SUCCESS);
1299 ExpectNotNull((x509Svr =
1300 wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
1301
1302 ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);
1303
1304 /* Issuer0 is not set until chain is built for verification */
1305 ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL));
1306 ExpectNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx));
1307
1308 /* Issuer1 will use the store to make a new issuer */
1309 ExpectIntEQ(X509_STORE_CTX_get1_issuer(&issuer, ctx, x509Svr), 1);
1310 ExpectNotNull(issuer);
1311 X509_free(issuer);
1312
1313 ExpectIntEQ(X509_verify_cert(ctx), 1);
1314 ExpectNotNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx));
1315 ExpectNotNull(caName = X509_get_subject_name(x509Ca));
1316 ExpectNotNull(issuerName = X509_get_subject_name(issuer));
1317#ifdef WOLFSSL_SIGNER_DER_CERT
1318 ExpectIntEQ(X509_NAME_cmp(caName, issuerName), 0);
1319#endif
1320
1321 X509_STORE_CTX_free(ctx);
1322 X509_free(x509Svr);
1323 X509_STORE_free(str);
1324 X509_free(x509Ca);
1325#endif
1326 return EXPECT_RESULT();
1327}
1328
1329int test_wolfSSL_X509_STORE_set_flags(void)
1330{
1331 EXPECT_DECLS;
1332#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
1333 !defined(NO_FILESYSTEM) && !defined(NO_RSA)
1334 X509_STORE* store = NULL;
1335 X509* x509 = NULL;
1336
1337 ExpectNotNull((store = wolfSSL_X509_STORE_new()));
1338 ExpectNotNull((x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
1339 WOLFSSL_FILETYPE_PEM)));
1340 ExpectIntEQ(X509_STORE_add_cert(store, x509), WOLFSSL_SUCCESS);
1341
1342#ifdef HAVE_CRL
1343 ExpectIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL),
1344 WOLFSSL_SUCCESS);
1345#else
1346 ExpectIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL),
1347 WC_NO_ERR_TRACE(NOT_COMPILED_IN));
1348#endif
1349
1350 wolfSSL_X509_free(x509);
1351 wolfSSL_X509_STORE_free(store);
1352#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) &&
1353 * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
1354 return EXPECT_RESULT();
1355}
1356
1357int test_wolfSSL_X509_STORE(void)
1358{
1359 EXPECT_DECLS;
1360#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \
1361 !defined(NO_FILESYSTEM)
1362 X509_STORE *store = NULL;
1363
1364#ifdef HAVE_CRL
1365 X509_STORE_CTX *storeCtx = NULL;
1366 X509 *ca = NULL;
1367 X509 *cert = NULL;
1368 const char srvCert[] = "./certs/server-revoked-cert.pem";
1369 const char caCert[] = "./certs/ca-cert.pem";
1370#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP
1371 X509_CRL *crl = NULL;
1372 const char crlPem[] = "./certs/crl/crl.revoked";
1373 XFILE fp = XBADFILE;
1374#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */
1375
1376 ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
1377 ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
1378 SSL_FILETYPE_PEM)));
1379 ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
1380 ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
1381 SSL_FILETYPE_PEM)));
1382 ExpectNotNull((storeCtx = X509_STORE_CTX_new()));
1383 ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
1384 ExpectIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS);
1385 X509_STORE_free(store);
1386 store = NULL;
1387 X509_STORE_CTX_free(storeCtx);
1388 storeCtx = NULL;
1389 X509_free(cert);
1390 cert = NULL;
1391 X509_free(ca);
1392 ca = NULL;
1393
1394#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP
1395 /* should fail to verify now after adding in CRL */
1396 ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
1397 ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
1398 SSL_FILETYPE_PEM)));
1399 ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
1400 ExpectTrue((fp = XFOPEN(crlPem, "rb")) != XBADFILE);
1401 ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
1402 NULL, NULL));
1403 if (fp != XBADFILE)
1404 XFCLOSE(fp);
1405 ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
1406 ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS);
1407 ExpectNotNull((storeCtx = X509_STORE_CTX_new()));
1408 ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
1409 SSL_FILETYPE_PEM)));
1410 ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
1411 ExpectIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS);
1412 ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx),
1413 WOLFSSL_X509_V_ERR_CERT_REVOKED);
1414 X509_CRL_free(crl);
1415 crl = NULL;
1416 X509_STORE_free(store);
1417 store = NULL;
1418 X509_STORE_CTX_free(storeCtx);
1419 storeCtx = NULL;
1420 X509_free(cert);
1421 cert = NULL;
1422 X509_free(ca);
1423 ca = NULL;
1424#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */
1425#endif /* HAVE_CRL */
1426
1427#if !defined(WOLFCRYPT_ONLY) && !defined(NO_FILESYSTEM)
1428 {
1429 #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
1430 SSL_CTX* ctx = NULL;
1431 SSL* ssl = NULL;
1432 int i;
1433 for (i = 0; i < 2; i++) {
1434 #ifndef NO_WOLFSSL_SERVER
1435 ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
1436 #else
1437 ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
1438 #endif
1439 ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
1440 SSL_CTX_set_cert_store(ctx, store);
1441 ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
1442 SSL_CTX_set_cert_store(ctx, store);
1443 ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
1444 ExpectIntEQ(SSL_CTX_use_certificate_file(ctx, svrCertFile,
1445 SSL_FILETYPE_PEM), SSL_SUCCESS);
1446 ExpectIntEQ(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
1447 SSL_FILETYPE_PEM), SSL_SUCCESS);
1448 ExpectNotNull(ssl = SSL_new(ctx));
1449 if (i == 0) {
1450 ExpectIntEQ(SSL_set0_verify_cert_store(ssl, store),
1451 SSL_SUCCESS);
1452 }
1453 else {
1454 ExpectIntEQ(SSL_set1_verify_cert_store(ssl, store),
1455 SSL_SUCCESS);
1456 #ifdef OPENSSL_ALL
1457 ExpectIntEQ(SSL_CTX_set1_verify_cert_store(ctx, store),
1458 SSL_SUCCESS);
1459 #endif
1460 }
1461 if (EXPECT_FAIL() || (i == 1)) {
1462 X509_STORE_free(store);
1463 store = NULL;
1464 }
1465 SSL_free(ssl);
1466 ssl = NULL;
1467 SSL_CTX_free(ctx);
1468 ctx = NULL;
1469 }
1470 #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */
1471 }
1472#endif
1473#endif
1474 return EXPECT_RESULT();
1475}
1476
1477int test_wolfSSL_X509_STORE_load_locations(void)
1478{
1479 EXPECT_DECLS;
1480#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
1481 !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA) && \
1482 !defined(NO_TLS)
1483 SSL_CTX *ctx = NULL;
1484 X509_STORE *store = NULL;
1485
1486 const char ca_file[] = "./certs/ca-cert.pem";
1487 const char client_pem_file[] = "./certs/client-cert.pem";
1488 const char client_der_file[] = "./certs/client-cert.der";
1489 const char ecc_file[] = "./certs/ecc-key.pem";
1490 const char certs_path[] = "./certs/";
1491 const char bad_path[] = "./bad-path/";
1492#ifdef HAVE_CRL
1493 const char crl_path[] = "./certs/crl/";
1494 const char crl_file[] = "./certs/crl/crl.pem";
1495#endif
1496
1497#ifndef NO_WOLFSSL_SERVER
1498 ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
1499#else
1500 ExpectNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
1501#endif
1502 ExpectNotNull(store = SSL_CTX_get_cert_store(ctx));
1503 ExpectIntEQ(wolfSSL_CertManagerLoadCA(store->cm, ca_file, NULL),
1504 WOLFSSL_SUCCESS);
1505
1506 /* Test bad arguments */
1507 ExpectIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL),
1508 WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
1509 ExpectIntEQ(X509_STORE_load_locations(store, NULL, NULL),
1510 WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
1511 ExpectIntEQ(X509_STORE_load_locations(store, client_der_file, NULL),
1512 WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
1513 ExpectIntEQ(X509_STORE_load_locations(store, ecc_file, NULL),
1514 WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
1515 ExpectIntEQ(X509_STORE_load_locations(store, NULL, bad_path),
1516 WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
1517
1518#ifdef HAVE_CRL
1519 /* Test with CRL */
1520 ExpectIntEQ(X509_STORE_load_locations(store, crl_file, NULL),
1521 WOLFSSL_SUCCESS);
1522 ExpectIntEQ(X509_STORE_load_locations(store, NULL, crl_path),
1523 WOLFSSL_SUCCESS);
1524#endif
1525
1526 /* Test with CA */
1527 ExpectIntEQ(X509_STORE_load_locations(store, ca_file, NULL),
1528 WOLFSSL_SUCCESS);
1529
1530 /* Test with client_cert and certs path */
1531 ExpectIntEQ(X509_STORE_load_locations(store, client_pem_file, NULL),
1532 WOLFSSL_SUCCESS);
1533 ExpectIntEQ(X509_STORE_load_locations(store, NULL, certs_path),
1534 WOLFSSL_SUCCESS);
1535
1536#if defined(XGETENV) && !defined(NO_GETENV) && defined(_POSIX_C_SOURCE) && \
1537 _POSIX_C_SOURCE >= 200112L
1538 ExpectIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS);
1539 /* Test with env vars */
1540 ExpectIntEQ(setenv("SSL_CERT_FILE", client_pem_file, 1), 0);
1541 ExpectIntEQ(setenv("SSL_CERT_DIR", certs_path, 1), 0);
1542 ExpectIntEQ(X509_STORE_set_default_paths(store), WOLFSSL_SUCCESS);
1543#endif
1544
1545#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
1546 /* Clear nodes */
1547 ERR_clear_error();
1548#endif
1549
1550 SSL_CTX_free(ctx);
1551#endif
1552 return EXPECT_RESULT();
1553}
1554
1555int test_X509_STORE_get0_objects(void)
1556{
1557 EXPECT_DECLS;
1558#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_TLS) && \
1559 !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA)
1560 X509_STORE *store = NULL;
1561 X509_STORE *store_cpy = NULL;
1562 SSL_CTX *ctx = NULL;
1563 X509_OBJECT *obj = NULL;
1564#ifdef HAVE_CRL
1565 X509_OBJECT *objCopy = NULL;
1566#endif
1567 STACK_OF(X509_OBJECT) *objs = NULL;
1568 STACK_OF(X509_OBJECT) *objsCopy = NULL;
1569 int i;
1570
1571 /* Setup store */
1572#ifndef NO_WOLFSSL_SERVER
1573 ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
1574#else
1575 ExpectNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
1576#endif
1577 ExpectNotNull(store_cpy = X509_STORE_new());
1578 ExpectNotNull(store = SSL_CTX_get_cert_store(ctx));
1579 ExpectIntEQ(X509_STORE_load_locations(store, cliCertFile, NULL),
1580 WOLFSSL_SUCCESS);
1581 ExpectIntEQ(X509_STORE_load_locations(store, caCertFile, NULL),
1582 WOLFSSL_SUCCESS);
1583 ExpectIntEQ(X509_STORE_load_locations(store, svrCertFile, NULL),
1584 WOLFSSL_SUCCESS);
1585#ifdef HAVE_CRL
1586 ExpectIntEQ(X509_STORE_load_locations(store, NULL, crlPemDir),
1587 WOLFSSL_SUCCESS);
1588#endif
1589 /* Store ready */
1590
1591 /* Similar to HaProxy ssl_set_cert_crl_file use case */
1592 ExpectNotNull(objs = X509_STORE_get0_objects(store));
1593#ifdef HAVE_CRL
1594#ifdef WOLFSSL_SIGNER_DER_CERT
1595 ExpectIntEQ(sk_X509_OBJECT_num(objs), 4);
1596#else
1597 ExpectIntEQ(sk_X509_OBJECT_num(objs), 1);
1598#endif
1599#else
1600#ifdef WOLFSSL_SIGNER_DER_CERT
1601 ExpectIntEQ(sk_X509_OBJECT_num(objs), 3);
1602#else
1603 ExpectIntEQ(sk_X509_OBJECT_num(objs), 0);
1604#endif
1605#endif
1606 ExpectIntEQ(sk_X509_OBJECT_num(NULL), 0);
1607 ExpectNull(sk_X509_OBJECT_value(NULL, 0));
1608 ExpectNull(sk_X509_OBJECT_value(NULL, 1));
1609 ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs)));
1610 ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs) + 1));
1611#ifndef NO_WOLFSSL_STUB
1612 ExpectNull(sk_X509_OBJECT_delete(objs, 0));
1613#endif
1614 ExpectNotNull(objsCopy = sk_X509_OBJECT_deep_copy(objs, NULL, NULL));
1615 ExpectIntEQ(sk_X509_OBJECT_num(objs), sk_X509_OBJECT_num(objsCopy));
1616 for (i = 0; i < sk_X509_OBJECT_num(objs) && EXPECT_SUCCESS(); i++) {
1617 obj = (X509_OBJECT*)sk_X509_OBJECT_value(objs, i);
1618 #ifdef HAVE_CRL
1619 objCopy = (X509_OBJECT*)sk_X509_OBJECT_value(objsCopy, i);
1620 #endif
1621 switch (X509_OBJECT_get_type(obj)) {
1622 case X509_LU_X509:
1623 {
1624 X509* x509 = NULL;
1625 X509_NAME *subj_name = NULL;
1626 ExpectNull(X509_OBJECT_get0_X509_CRL(NULL));
1627 ExpectNull(X509_OBJECT_get0_X509_CRL(obj));
1628 ExpectNotNull(x509 = X509_OBJECT_get0_X509(obj));
1629 ExpectIntEQ(X509_STORE_add_cert(store_cpy, x509), WOLFSSL_SUCCESS);
1630 ExpectNotNull(subj_name = X509_get_subject_name(x509));
1631 ExpectPtrEq(obj, X509_OBJECT_retrieve_by_subject(objs, X509_LU_X509,
1632 subj_name));
1633
1634 break;
1635 }
1636 case X509_LU_CRL:
1637#ifdef HAVE_CRL
1638 {
1639 X509_CRL* crl = NULL;
1640 ExpectNull(X509_OBJECT_get0_X509(NULL));
1641 ExpectNull(X509_OBJECT_get0_X509(obj));
1642 ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(obj));
1643 ExpectIntEQ(X509_STORE_add_crl(store_cpy, crl), WOLFSSL_SUCCESS);
1644 ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(objCopy));
1645 break;
1646 }
1647#endif
1648 case X509_LU_NONE:
1649 default:
1650 Fail(("X509_OBJECT_get_type should return x509 or crl "
1651 "(when built with crl support)"),
1652 ("Unrecognized X509_OBJECT type or none"));
1653 }
1654 }
1655
1656 X509_STORE_free(store_cpy);
1657 SSL_CTX_free(ctx);
1658
1659 wolfSSL_sk_X509_OBJECT_free(NULL);
1660 objs = NULL;
1661 wolfSSL_sk_pop_free(objsCopy, NULL);
1662 objsCopy = NULL;
1663 ExpectNotNull(objs = wolfSSL_sk_X509_OBJECT_new());
1664 ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, NULL), WOLFSSL_FAILURE);
1665 ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(objs, NULL), WOLFSSL_FAILURE);
1666 ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, obj), WOLFSSL_FAILURE);
1667 ExpectNotNull(objsCopy = sk_X509_OBJECT_deep_copy(objs, NULL, NULL));
1668 wolfSSL_sk_X509_OBJECT_free(objsCopy);
1669 wolfSSL_sk_X509_OBJECT_free(objs);
1670#endif
1671 return EXPECT_RESULT();
1672}
1673
1674int test_wolfSSL_X509_STORE_get1_certs(void)
1675{
1676 EXPECT_DECLS;
1677#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \
1678 !defined(NO_FILESYSTEM) && !defined(NO_RSA)
1679 X509_STORE_CTX *storeCtx = NULL;
1680 X509_STORE *store = NULL;
1681 X509 *caX509 = NULL;
1682 X509 *svrX509 = NULL;
1683 X509_NAME *subject = NULL;
1684 WOLF_STACK_OF(WOLFSSL_X509) *certs = NULL;
1685
1686 ExpectNotNull(caX509 = X509_load_certificate_file(caCertFile,
1687 SSL_FILETYPE_PEM));
1688 ExpectNotNull((svrX509 = wolfSSL_X509_load_certificate_file(svrCertFile,
1689 SSL_FILETYPE_PEM)));
1690 ExpectNotNull(storeCtx = X509_STORE_CTX_new());
1691 ExpectNotNull(store = X509_STORE_new());
1692 ExpectNotNull(subject = X509_get_subject_name(caX509));
1693
1694 /* Errors */
1695 ExpectNull(X509_STORE_get1_certs(storeCtx, subject));
1696 ExpectNull(X509_STORE_get1_certs(NULL, subject));
1697 ExpectNull(X509_STORE_get1_certs(storeCtx, NULL));
1698
1699 ExpectIntEQ(X509_STORE_add_cert(store, caX509), SSL_SUCCESS);
1700 ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, caX509, NULL),
1701 SSL_SUCCESS);
1702
1703 /* Should find the cert */
1704 ExpectNotNull(certs = X509_STORE_get1_certs(storeCtx, subject));
1705 ExpectIntEQ(1, wolfSSL_sk_X509_num(certs));
1706
1707 sk_X509_pop_free(certs, NULL);
1708 certs = NULL;
1709
1710 /* Should not find the cert */
1711 ExpectNotNull(subject = X509_get_subject_name(svrX509));
1712 ExpectNotNull(certs = X509_STORE_get1_certs(storeCtx, subject));
1713 ExpectIntEQ(0, wolfSSL_sk_X509_num(certs));
1714
1715 sk_X509_pop_free(certs, NULL);
1716 certs = NULL;
1717
1718 X509_STORE_free(store);
1719 X509_STORE_CTX_free(storeCtx);
1720 X509_free(svrX509);
1721 X509_free(caX509);
1722#endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */
1723 return EXPECT_RESULT();
1724}
1725
1726#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
1727 defined(WOLFSSL_LOCAL_X509_STORE) && \
1728 (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL)
1729static int test_wolfSSL_X509_STORE_set_get_crl_provider(X509_STORE_CTX* ctx,
1730 X509_CRL** crl_out, X509* cert) {
1731 X509_CRL *crl = NULL;
1732 XFILE fp = XBADFILE;
1733 char* cert_issuer = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
1734 int ret = 0;
1735
1736 (void)ctx;
1737
1738 if (cert_issuer == NULL)
1739 return 0;
1740
1741 if ((fp = XFOPEN("certs/crl/crl.pem", "rb")) != XBADFILE) {
1742 PEM_read_X509_CRL(fp, &crl, NULL, NULL);
1743 XFCLOSE(fp);
1744 if (crl != NULL) {
1745 char* crl_issuer = X509_NAME_oneline(
1746 X509_CRL_get_issuer(crl), NULL, 0);
1747 if ((crl_issuer != NULL) &&
1748 (XSTRCMP(cert_issuer, crl_issuer) == 0)) {
1749 *crl_out = X509_CRL_dup(crl);
1750 if (*crl_out != NULL)
1751 ret = 1;
1752 }
1753 OPENSSL_free(crl_issuer);
1754 }
1755 }
1756
1757 X509_CRL_free(crl);
1758 OPENSSL_free(cert_issuer);
1759 return ret;
1760}
1761
1762static int test_wolfSSL_X509_STORE_set_get_crl_provider2(X509_STORE_CTX* ctx,
1763 X509_CRL** crl_out, X509* cert) {
1764 (void)ctx;
1765 (void)cert;
1766 *crl_out = NULL;
1767 return 1;
1768}
1769
1770#ifndef NO_WOLFSSL_STUB
1771static int test_wolfSSL_X509_STORE_set_get_crl_check(X509_STORE_CTX* ctx,
1772 X509_CRL* crl) {
1773 (void)ctx;
1774 (void)crl;
1775 return 1;
1776}
1777#endif
1778
1779static int test_wolfSSL_X509_STORE_set_get_crl_verify(int ok,
1780 X509_STORE_CTX* ctx) {
1781 int cert_error = X509_STORE_CTX_get_error(ctx);
1782 X509_VERIFY_PARAM* param = X509_STORE_CTX_get0_param(ctx);
1783 int flags = X509_VERIFY_PARAM_get_flags(param);
1784 if ((flags & (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) !=
1785 (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) {
1786 /* Make sure the flags are set */
1787 return 0;
1788 }
1789 /* Ignore CRL missing error */
1790#ifndef OPENSSL_COMPATIBLE_DEFAULTS
1791 if (cert_error == WC_NO_ERR_TRACE(CRL_MISSING))
1792#else
1793 if (cert_error == X509_V_ERR_UNABLE_TO_GET_CRL)
1794#endif
1795 return 1;
1796 return ok;
1797}
1798
1799static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready(WOLFSSL_CTX* ctx)
1800{
1801 EXPECT_DECLS;
1802 X509_STORE* cert_store = NULL;
1803
1804 ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL),
1805 WOLFSSL_SUCCESS);
1806 ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx));
1807 X509_STORE_set_get_crl(cert_store,
1808 test_wolfSSL_X509_STORE_set_get_crl_provider);
1809#ifndef NO_WOLFSSL_STUB
1810 X509_STORE_set_check_crl(cert_store,
1811 test_wolfSSL_X509_STORE_set_get_crl_check);
1812#endif
1813
1814 return EXPECT_RESULT();
1815}
1816
1817static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2(WOLFSSL_CTX* ctx)
1818{
1819 EXPECT_DECLS;
1820 X509_STORE* cert_store = NULL;
1821 X509_VERIFY_PARAM* param = NULL;
1822
1823 SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
1824 ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL),
1825 WOLFSSL_SUCCESS);
1826 ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx));
1827 X509_STORE_set_get_crl(cert_store,
1828 test_wolfSSL_X509_STORE_set_get_crl_provider2);
1829#ifndef NO_WOLFSSL_STUB
1830 X509_STORE_set_check_crl(cert_store,
1831 test_wolfSSL_X509_STORE_set_get_crl_check);
1832#endif
1833 X509_STORE_set_verify_cb(cert_store,
1834 test_wolfSSL_X509_STORE_set_get_crl_verify);
1835 ExpectNotNull(X509_STORE_get0_param(cert_store));
1836 ExpectNotNull(param = X509_VERIFY_PARAM_new());
1837 ExpectIntEQ(X509_VERIFY_PARAM_inherit(NULL, NULL) , WOLFSSL_SUCCESS);
1838 ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, NULL) , WOLFSSL_SUCCESS);
1839 ExpectIntEQ(X509_VERIFY_PARAM_inherit(param,
1840 X509_STORE_get0_param(cert_store)), WOLFSSL_SUCCESS);
1841 ExpectIntEQ(X509_VERIFY_PARAM_inherit(param,
1842 X509_STORE_get0_param(cert_store)), 1);
1843 ExpectIntEQ(X509_VERIFY_PARAM_set_flags(
1844 param, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1);
1845 ExpectIntEQ(X509_STORE_set1_param(cert_store, param), 1);
1846 ExpectIntEQ(X509_STORE_set_flags(cert_store,
1847 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1);
1848
1849
1850 X509_VERIFY_PARAM_free(param);
1851 return EXPECT_RESULT();
1852}
1853#endif
1854
1855/* This test mimics the usage of the CRL provider in gRPC */
1856int test_wolfSSL_X509_STORE_set_get_crl(void)
1857{
1858 EXPECT_DECLS;
1859#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
1860 defined(WOLFSSL_LOCAL_X509_STORE) && \
1861 (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL)
1862 test_ssl_cbf func_cb_client;
1863 test_ssl_cbf func_cb_server;
1864
1865 XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
1866 XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
1867
1868 func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready;
1869
1870 ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
1871 &func_cb_server, NULL), TEST_SUCCESS);
1872
1873 XMEMSET(&func_cb_client, 0, sizeof(func_cb_client));
1874 XMEMSET(&func_cb_server, 0, sizeof(func_cb_server));
1875
1876 func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2;
1877
1878 ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
1879 &func_cb_server, NULL), TEST_SUCCESS);
1880#endif
1881 return EXPECT_RESULT();
1882}
1883
1884int test_wolfSSL_X509_CA_num(void)
1885{
1886 EXPECT_DECLS;
1887#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
1888 defined(HAVE_ECC) && !defined(NO_RSA)
1889 WOLFSSL_X509_STORE *store = NULL;
1890 WOLFSSL_X509 *x509_1 = NULL;
1891 WOLFSSL_X509 *x509_2 = NULL;
1892 int ca_num = 0;
1893
1894 ExpectNotNull(store = wolfSSL_X509_STORE_new());
1895 ExpectNotNull(x509_1 = wolfSSL_X509_load_certificate_file(svrCertFile,
1896 WOLFSSL_FILETYPE_PEM));
1897 ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, x509_1), 1);
1898 ExpectIntEQ(ca_num = wolfSSL_X509_CA_num(store), 1);
1899
1900 ExpectNotNull(x509_2 = wolfSSL_X509_load_certificate_file(eccCertFile,
1901 WOLFSSL_FILETYPE_PEM));
1902 ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, x509_2), 1);
1903 ExpectIntEQ(ca_num = wolfSSL_X509_CA_num(store), 2);
1904
1905 wolfSSL_X509_free(x509_1);
1906 wolfSSL_X509_free(x509_2);
1907 wolfSSL_X509_STORE_free(store);
1908#endif
1909 return EXPECT_RESULT();
1910}
1911
1912/* Test of X509 store use outside of SSL context w/ CRL lookup (ALWAYS
1913 * returns 0) */
1914int test_X509_STORE_No_SSL_CTX(void)
1915{
1916 EXPECT_DECLS;
1917#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
1918 (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
1919 !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \
1920 (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \
1921 defined(HAVE_CRL) && !defined(NO_RSA)
1922
1923 X509_STORE * store = NULL;
1924 X509_STORE_CTX * storeCtx = NULL;
1925 X509_CRL * crl = NULL;
1926 X509 * ca = NULL;
1927 X509 * cert = NULL;
1928 const char cliCrlPem[] = "./certs/crl/cliCrl.pem";
1929 const char srvCert[] = "./certs/server-cert.pem";
1930 const char caCert[] = "./certs/ca-cert.pem";
1931 const char caDir[] = "./certs/crl/hash_pem";
1932 XFILE fp = XBADFILE;
1933 X509_LOOKUP * lookup = NULL;
1934
1935 ExpectNotNull(store = (X509_STORE *)X509_STORE_new());
1936
1937 /* Set up store with CA */
1938 ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
1939 SSL_FILETYPE_PEM)));
1940 ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
1941
1942 /* Add CRL lookup directory to store
1943 * NOTE: test uses ./certs/crl/hash_pem/0fdb2da4.r0, which is a copy
1944 * of crl.pem */
1945 ExpectNotNull((lookup = X509_STORE_add_lookup(store,
1946 X509_LOOKUP_hash_dir())));
1947 ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, caDir,
1948 X509_FILETYPE_PEM, NULL), SSL_SUCCESS);
1949
1950 ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),
1951 SSL_SUCCESS);
1952
1953 /* Add CRL to store NOT containing the verified certificate, which
1954 * forces use of the CRL lookup directory */
1955 ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE);
1956 ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
1957 NULL, NULL));
1958 if (fp != XBADFILE)
1959 XFCLOSE(fp);
1960 ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
1961
1962 /* Create verification context outside of an SSL session */
1963 ExpectNotNull((storeCtx = X509_STORE_CTX_new()));
1964 ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
1965 SSL_FILETYPE_PEM)));
1966 ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
1967
1968 /* Perform verification, which should NOT indicate CRL missing due to the
1969 * store CM's X509 store pointer being NULL */
1970 ExpectIntNE(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(CRL_MISSING));
1971
1972 X509_CRL_free(crl);
1973 X509_STORE_free(store);
1974 X509_STORE_CTX_free(storeCtx);
1975 X509_free(cert);
1976 X509_free(ca);
1977#endif
1978 return EXPECT_RESULT();
1979}
1980
1981/* Test that SSL_CTX_set_cert_store propagates certificates (including
1982 * non-self-signed intermediates) into the CertManager, and that certs
1983 * added to the store after set_cert_store also reach the CertManager.
1984 * Regression test for ZD 19760 / GitHub PR #8708.
1985 */
1986int test_wolfSSL_CTX_set_cert_store(void)
1987{
1988 EXPECT_DECLS;
1989#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
1990 !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
1991 SSL_CTX* ctx = NULL;
1992 X509_STORE* store = NULL;
1993 X509* rootCa = NULL;
1994 X509* intCa = NULL;
1995 X509* int2Ca = NULL;
1996 X509_STORE_CTX* storeCtx = NULL;
1997 X509* svrCert = NULL;
1998
1999 const char caCert[] = "./certs/ca-cert.pem";
2000 const char intCaCert[] = "./certs/intermediate/ca-int-cert.pem";
2001 const char int2CaCert[] = "./certs/intermediate/ca-int2-cert.pem";
2002 const char svrIntCert[] = "./certs/intermediate/server-int-cert.pem";
2003
2004 /* --- Part 1: Add certs to store BEFORE set_cert_store ---
2005 * Non-self-signed intermediates should be pushed into the CertManager
2006 * when set_cert_store is called. */
2007 ExpectNotNull(store = X509_STORE_new());
2008 ExpectNotNull(rootCa = wolfSSL_X509_load_certificate_file(caCert,
2009 SSL_FILETYPE_PEM));
2010 ExpectNotNull(intCa = wolfSSL_X509_load_certificate_file(intCaCert,
2011 SSL_FILETYPE_PEM));
2012 ExpectNotNull(int2Ca = wolfSSL_X509_load_certificate_file(int2CaCert,
2013 SSL_FILETYPE_PEM));
2014
2015 ExpectIntEQ(X509_STORE_add_cert(store, rootCa), SSL_SUCCESS);
2016 ExpectIntEQ(X509_STORE_add_cert(store, intCa), SSL_SUCCESS);
2017 ExpectIntEQ(X509_STORE_add_cert(store, int2Ca), SSL_SUCCESS);
2018
2019 ExpectNotNull(ctx = SSL_CTX_new(TLS_client_method()));
2020
2021 /* This should push intermediates from store->certs into the CM */
2022 SSL_CTX_set_cert_store(ctx, store);
2023
2024 /* After set_cert_store, store->certs and store->trusted should be NULLed
2025 * to signal CTX ownership */
2026 if (EXPECT_SUCCESS()) {
2027 ExpectNull(store->certs);
2028 ExpectNull(store->trusted);
2029 }
2030
2031 /* Verify using CertManagerVerify - this only checks the CM, not the
2032 * store's certs stack, so it proves the intermediates were pushed */
2033 ExpectIntEQ(wolfSSL_CertManagerVerify(wolfSSL_CTX_GetCertManager(ctx),
2034 svrIntCert, SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
2035
2036 /* Also verify using X509_verify_cert for completeness */
2037 ExpectNotNull(svrCert = wolfSSL_X509_load_certificate_file(svrIntCert,
2038 SSL_FILETYPE_PEM));
2039 ExpectNotNull(storeCtx = X509_STORE_CTX_new());
2040 if (EXPECT_SUCCESS()) {
2041 ExpectIntEQ(X509_STORE_CTX_init(storeCtx,
2042 SSL_CTX_get_cert_store(ctx), svrCert, NULL), SSL_SUCCESS);
2043 ExpectIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS);
2044 }
2045
2046 X509_STORE_CTX_free(storeCtx);
2047 storeCtx = NULL;
2048 X509_free(svrCert);
2049 svrCert = NULL;
2050 SSL_CTX_free(ctx);
2051 ctx = NULL;
2052 /* store is freed by SSL_CTX_free */
2053 store = NULL;
2054
2055 X509_free(rootCa);
2056 rootCa = NULL;
2057 X509_free(intCa);
2058 intCa = NULL;
2059 X509_free(int2Ca);
2060 int2Ca = NULL;
2061
2062 /* --- Part 2: Add certs to store AFTER set_cert_store ---
2063 * When store->certs is NULL (CTX-owned), X509_STORE_add_cert should
2064 * route non-self-signed certs directly to the CertManager. */
2065 ExpectNotNull(store = X509_STORE_new());
2066 ExpectNotNull(ctx = SSL_CTX_new(TLS_client_method()));
2067
2068 /* Attach empty store first */
2069 SSL_CTX_set_cert_store(ctx, store);
2070
2071 /* Now add certs after ownership transfer */
2072 ExpectNotNull(rootCa = wolfSSL_X509_load_certificate_file(caCert,
2073 SSL_FILETYPE_PEM));
2074 ExpectNotNull(intCa = wolfSSL_X509_load_certificate_file(intCaCert,
2075 SSL_FILETYPE_PEM));
2076 ExpectNotNull(int2Ca = wolfSSL_X509_load_certificate_file(int2CaCert,
2077 SSL_FILETYPE_PEM));
2078
2079 ExpectIntEQ(X509_STORE_add_cert(store, rootCa), SSL_SUCCESS);
2080 ExpectIntEQ(X509_STORE_add_cert(store, intCa), SSL_SUCCESS);
2081 ExpectIntEQ(X509_STORE_add_cert(store, int2Ca), SSL_SUCCESS);
2082
2083 /* Verify that certs added after set_cert_store are in the CM */
2084 ExpectIntEQ(wolfSSL_CertManagerVerify(wolfSSL_CTX_GetCertManager(ctx),
2085 svrIntCert, SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
2086
2087 SSL_CTX_free(ctx);
2088 /* store freed by SSL_CTX_free */
2089 X509_free(rootCa);
2090 X509_free(intCa);
2091 X509_free(int2Ca);
2092#endif
2093 return EXPECT_RESULT();
2094}
2095