wolfSSL
diff --git a/‎.github/workflows/os-check.yml‎
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/os-check.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎examples/client/client.c‎
Lines changed: 4 additions & 0 deletions b/‎examples/client/client.c‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎examples/echoserver/echoserver.c‎
Lines changed: 7 additions & 7 deletions b/‎examples/echoserver/echoserver.c‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎examples/server/server.c‎
Lines changed: 13 additions & 2 deletions b/‎examples/server/server.c‎
Lines changed: 13 additions & 2 deletions
diff --git a/‎src/ssl_certman.c‎
Lines changed: 4 additions & 0 deletions b/‎src/ssl_certman.c‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/ssl_load.c‎
Lines changed: 30 additions & 0 deletions b/‎src/ssl_load.c‎
Lines changed: 30 additions & 0 deletions
@@ -60,6 +60,7 @@ jobs:
           '--disable-sys-ca-certs',
           '--enable-all CPPFLAGS=-DWOLFSSL_DEBUG_CERTS ',
           '--enable-all CFLAGS="-DWOLFSSL_CHECK_MEM_ZERO"',
+          '--enable-coding=no',
         ]
     name: make check
     if: github.repository_owner == 'wolfssl'
 
@@ -2221,7 +2221,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #ifdef HAVE_RPK
     int useRPK = 0;
 #endif /* HAVE_RPK */
+#ifdef WOLFSSL_PEM_TO_DER
     int fileFormat = WOLFSSL_FILETYPE_PEM;
+#else
+    int fileFormat = WOLFSSL_FILETYPE_ASN1;
+#endif
 #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
     const char * policy = NULL;
 #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 
@@ -180,12 +180,12 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
     if (doPSK == 0) {
     #if defined(HAVE_ECC) && !defined(WOLFSSL_SNIFFER)
         /* ecc */
-        if (wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, CERT_FILETYPE)
                 != WOLFSSL_SUCCESS)
             err_sys("can't load server cert file, "
                     "Please run from wolfSSL home dir");
 
-        if (wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, CERT_FILETYPE)
                 != WOLFSSL_SUCCESS)
             err_sys("can't load server key file, "
                     "Please run from wolfSSL home dir");
@@ -196,7 +196,7 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
             err_sys("can't load server cert file, "
                     "Please run from wolfSSL home dir");
 
-        if (wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, CERT_FILETYPE)
                 != WOLFSSL_SUCCESS)
             err_sys("can't load server key file, "
                     "Please run from wolfSSL home dir");
@@ -208,19 +208,19 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
                     "Please run from wolfSSL home dir");
 
         if (wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
-                WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
+                CERT_FILETYPE) != WOLFSSL_SUCCESS)
             err_sys("can't load server key file, "
                     "Please run from wolfSSL home dir");
     #elif defined(NO_CERTS)
         /* do nothing, just don't load cert files */
     #else
         /* normal */
-        if (wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, CERT_FILETYPE)
                 != WOLFSSL_SUCCESS)
             err_sys("can't load server cert file, "
                     "Please run from wolfSSL home dir");
 
-        if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, CERT_FILETYPE)
                 != WOLFSSL_SUCCESS)
             err_sys("can't load server key file, "
                     "Please run from wolfSSL home dir");
@@ -309,7 +309,7 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
         if (ssl == NULL) err_sys("SSL_new failed");
         wolfSSL_set_fd(ssl, clientfd);
         #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
-            wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
+            wolfSSL_SetTmpDH_file(ssl, dhParamFile, CERT_FILETYPE);
         #elif !defined(NO_DH)
             SetDH(ssl);  /* will repick suites with DHE, higher than PSK */
         #endif
 
@@ -2771,7 +2771,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
     wolfSSL_CTX_set_TicketEncCtx(ctx, &myTicketCtx);
 #endif
 
-#if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_STATIC_EPHEMERAL)
+#if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_STATIC_EPHEMERAL) && \
+    defined(WOLFSSL_PEM_TO_DER)
     /* used for testing only to set a static/fixed ephemeral key
         for use with the sniffer */
 #if defined(HAVE_ECC) && !defined(NO_ECC_SECP) && \
@@ -2804,7 +2805,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         err_sys_ex(runWithErrors, "error loading static X25519 key");
     }
 #endif
-#endif /* WOLFSSL_SNIFFER && WOLFSSL_STATIC_EPHEMERAL */
+#endif /* WOLFSSL_SNIFFER && WOLFSSL_STATIC_EPHEMERAL && WOLFSSL_PEM_TO_DER */
 
     if (cipherList && !useDefCipherList) {
         if (SSL_CTX_set_cipher_list(ctx, cipherList) != WOLFSSL_SUCCESS)
@@ -2849,8 +2850,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
             err_sys_ex(catastrophic, "can't load server cert buffer");
     #elif !defined(TEST_LOAD_BUFFER)
+        #if defined(WOLFSSL_PEM_TO_DER)
         if (SSL_CTX_use_certificate_chain_file(ctx, ourCert)
                                          != WOLFSSL_SUCCESS)
+        #else
+        if (wolfSSL_CTX_use_certificate_chain_file_format(ctx, ourCert,
+                WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
+        #endif
             err_sys_ex(catastrophic, "can't load server cert file, check file "
                        "and run from wolfSSL home dir");
     #else
@@ -2892,8 +2898,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
             sizeof_server_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
             err_sys_ex(catastrophic, "can't load server private key buffer");
     #elif !defined(TEST_LOAD_BUFFER)
+        #if defined(WOLFSSL_PEM_TO_DER)
         if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM)
                                          != WOLFSSL_SUCCESS)
+        #else
+        if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_ASN1)
+                                         != WOLFSSL_SUCCESS)
+        #endif
             err_sys_ex(catastrophic, "can't load server private key file, "
                        "check file and run from wolfSSL home dir");
         #ifdef WOLFSSL_DUAL_ALG_CERTS
 
@@ -600,6 +600,9 @@ int wolfSSL_CertManagerLoadCABufferType(WOLFSSL_CERT_MANAGER* cm,
             ret = WOLFSSL_FATAL_ERROR;
         } else {
             if (format == WOLFSSL_FILETYPE_PEM) {
+            #ifndef WOLFSSL_PEM_TO_DER
+                ret = NOT_COMPILED_IN;
+            #else
                 ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, NULL, NULL);
                 if (!ret) {
                     /* Replace buffer pointer and size with DER buffer. */
@@ -610,6 +613,7 @@ int wolfSSL_CertManagerLoadCABufferType(WOLFSSL_CERT_MANAGER* cm,
                     WOLFSSL_ERROR(ret);
                     ret = WOLFSSL_FATAL_ERROR;
                 }
+            #endif
             }
 
             if (ret == WOLFSSL_SUCCESS) {
 
@@ -3018,9 +3018,15 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
         }
 
         if (file != NULL) {
+#ifdef WOLFSSL_PEM_TO_DER
             /* Load the PEM formatted CA file */
             ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CA_TYPE, NULL, 0,
                 NULL, verify);
+#else
+            /* Load the DER formatted CA file */
+            ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CA_TYPE, NULL, 0,
+                NULL, verify);
+#endif
 #ifndef NO_WOLFSSL_DIR
             if (ret == 1) {
                 /* Include success in overall count. */
@@ -3029,7 +3035,11 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
 #endif
 #if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS)
             /* Load CA as a trusted peer certificate. */
+#ifdef WOLFSSL_PEM_TO_DER
             ret = wolfSSL_CTX_trust_peer_cert(ctx, file, WOLFSSL_FILETYPE_PEM);
+#else
+            ret = wolfSSL_CTX_trust_peer_cert(ctx, file, WOLFSSL_FILETYPE_ASN1);
+#endif
             if (ret != 1) {
                 WOLFSSL_MSG("wolfSSL_CTX_trust_peer_cert error");
             }
@@ -3592,8 +3602,13 @@ int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file)
     /* process up to MAX_CHAIN_DEPTH plus subject cert */
     WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file");
 
+#ifdef WOLFSSL_PEM_TO_DER
     ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, NULL, 1, NULL,
         GET_VERIFY_SETTING_CTX(ctx));
+#else
+    ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, NULL, 1, NULL,
+        GET_VERIFY_SETTING_CTX(ctx));
+#endif
 
     /* Return 1 on success or 0 on failure. */
     return WS_RC(ret);
@@ -3895,8 +3910,13 @@ int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file)
         ret = BAD_FUNC_ARG;
     }
     else {
+#ifdef WOLFSSL_PEM_TO_DER
         ret = ProcessFile(ssl->ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, ssl,
             1, NULL, GET_VERIFY_SETTING_SSL(ssl));
+#else
+        ret = ProcessFile(ssl->ctx, file, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl,
+            1, NULL, GET_VERIFY_SETTING_SSL(ssl));
+#endif
         /* Return 1 on success or 0 on failure. */
         ret = WS_RC(ret);
     }
@@ -4483,8 +4503,13 @@ int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx,
 int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
     const unsigned char* in, long sz)
 {
+#ifdef WOLFSSL_PEM_TO_DER
     return wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, in, sz,
         WOLFSSL_FILETYPE_PEM);
+#else
+    return wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, in, sz,
+        WOLFSSL_FILETYPE_ASN1);
+#endif
 }
 
 /* Load a user certificate in a buffer into SSL.
@@ -4823,8 +4848,13 @@ int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl,
 int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl, const unsigned char* in,
     long sz)
 {
+#ifdef WOLFSSL_PEM_TO_DER
     return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz,
         WOLFSSL_FILETYPE_PEM);
+#else
+    return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz,
+        WOLFSSL_FILETYPE_ASN1);
+#endif
 }
 
 #if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \
Original file line number	Diff line number	Diff line change
`@@ -60,6 +60,7 @@ jobs:`
`60`	`60`	`'--disable-sys-ca-certs',`
`61`	`61`	`'--enable-all CPPFLAGS=-DWOLFSSL_DEBUG_CERTS ',`
`62`	`62`	`'--enable-all CFLAGS="-DWOLFSSL_CHECK_MEM_ZERO"',`
	`63`	`+ '--enable-coding=no',`
`63`	`64`	`]`
`64`	`65`	`name: make check`
`65`	`66`	`if: github.repository_owner == 'wolfssl'`