Missing compatibility layer functionality #10518
Conversation
wolfSSL_SSL_CIPHER_find - find cipher by 2 bytes in wired like openssl wolfSSL_sk_SSL_CIPHER_delete - remove cipher at given index SSL_clear_chain_certs
|
@julek-wolfssl adding PR for the 3 functions i've seen problems with (missing functionality) lmk what you think |
|
Can one of the admins verify this patch? |
|
Hey @julek-wolfssl before I fix anything here since I wasn't 100% sure this is correct implementation I'd like if you can verify on your end if it's fine or not before I continue editing this |
dgarske
left a comment
dgarske
left a comment
There was a problem hiding this comment.
@Roy-Carter looks like issue with --enable-asynccrypt "FAIL: scripts/unit.test"
julek-wolfssl
left a comment
julek-wolfssl
left a comment
There was a problem hiding this comment.
I would like a test to check that the connection still completes after a call to SSL_clear_chain_certs.
| /* Locate a cipher in the SSL's cipher list by 2-byte wire-format suite id. | ||
| * | ||
| * Mirrors OpenSSL's SSL_CIPHER_find(ssl, ptr). The two bytes pointed to by | ||
| * ptr are the on-the-wire cipher suite identifier (ptr[0] is the high byte, | ||
| * ptr[1] is the low byte). Lookup is restricted to ciphers in ssl's cipher | ||
| * list, matching OpenSSL semantics. | ||
| * | ||
| * Returned pointer references storage owned by the SSL object's internal | ||
| * cipher list; callers must not free it. It remains valid until SSL_free. |
There was a problem hiding this comment.
This entire comment except maybe the first line is redundant.
| num = wolfSSL_sk_SSL_CIPHER_num(sk); | ||
| if (idx >= num) | ||
| return NULL; | ||
|
|
||
| /* Walk to the node so we can capture its inline cipher value before the | ||
| * pop_node call frees the underlying memory. */ | ||
| node = sk; | ||
| { | ||
| int i; | ||
| for (i = 0; i < idx && node != NULL; i++) | ||
| node = node->next; | ||
| } | ||
| if (node == NULL) | ||
| return NULL; |
There was a problem hiding this comment.
Just use wolfSSL_sk_SSL_CIPHER_value.
4 participants
Description
Implement needed as part of migrating from OpenSSL -> WolfSSL
wolfSSL_SSL_CIPHER_find - find cipher by 2 bytes in wired like openssl
wolfSSL_sk_SSL_CIPHER_delete - remove cipher at given index
SSL_clear_chain_certs
Testing
created unitests .
Checklist