Fix tests

Author: mattia-moffa

src/internal.c

@@ -6669,9 +6669,11 @@ int InitSSL_Suites(WOLFSSL* ssl)
     byte haveAnon = 0;
     byte haveRSA = 0;
     byte haveMcast = 0;
+    byte haveCertSetupCb = 0;
 
     (void)haveAnon; /* Squash unused var warnings */
     (void)haveMcast;
+    (void)haveCertSetupCb;
 
     if (!ssl)
         return BAD_FUNC_ARG;
@@ -6690,6 +6692,10 @@ int InitSSL_Suites(WOLFSSL* ssl)
     haveMcast = (byte)ssl->options.haveMcast;
 #endif /* WOLFSSL_MULTICAST */
 #endif /* !NO_CERTS && !WOLFSSL_SESSION_EXPORT */
+#if defined(WOLFSSL_TLS13) && !defined(NO_CERTS) && defined(OPENSSL_EXTRA)
+    if (ssl->ctx->certSetupCb != NULL)
+        haveCertSetupCb = 1;
+#endif /* WOLFSSL_TLS13 && !NO_CERTS && OPENSSL_EXTRA */
 
 #ifdef WOLFSSL_EARLY_DATA
     if (ssl->options.side == WOLFSSL_SERVER_END)
@@ -6717,10 +6723,11 @@ int InitSSL_Suites(WOLFSSL* ssl)
     }
 
 #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
-    /* make sure server has cert and key unless using PSK, Anon, or
-     * Multicast. This should be true even if just switching ssl ctx */
+    /* make sure server has cert and key unless using PSK, Anon,
+     * Multicast or cert setup callback. This should be true even if just
+     * switching ssl ctx */
     if (ssl->options.side == WOLFSSL_SERVER_END &&
-            !havePSK && !haveAnon && !haveMcast) {
+            !havePSK && !haveAnon && !haveMcast && !haveCertSetupCb) {
 
         /* server certificate must be loaded */
         if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer) {

tests/api/test_tls_ext.c

@@ -129,6 +129,13 @@ int test_wolfSSL_DisableExtendedMasterSecret(void)
 }
 
 
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
+    !defined(WOLFSSL_NO_CA_NAMES) && !defined(NO_BIO) && \
+    !defined(NO_CERTS) && !defined(NO_TLS) && (defined(OPENSSL_EXTRA) || \
+            defined(OPENSSL_EXTRA_X509_SMALL)) && (defined(WOLFSSL_TLS13) || \
+            (!defined(WOLFSSL_NO_TLS12) && (defined(OPENSSL_ALL) || \
+            defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)))) && \
+    !defined(SINGLE_THREADED) && defined(SESSION_CERTS)
 struct client_cb_arg {
     WOLF_STACK_OF(X509_NAME) *names1;
     WOLF_STACK_OF(X509_NAME) *names2;
@@ -145,13 +152,16 @@ static int certificate_authorities_client_cb(WOLFSSL *ssl, void *_arg) {
         return 0;
     return 1;
 }
+#endif
 
 int test_certificate_authorities_certificate_request(void) {
     EXPECT_DECLS;
 #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
     !defined(WOLFSSL_NO_CA_NAMES) && !defined(NO_BIO) && \
-    !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \
-            defined(OPENSSL_EXTRA_SMALL))
+    !defined(NO_CERTS) && !defined(NO_TLS) && (defined(OPENSSL_EXTRA) || \
+            defined(OPENSSL_EXTRA_X509_SMALL)) && (defined(WOLFSSL_TLS13) || \
+            (!defined(WOLFSSL_NO_TLS12) && (defined(OPENSSL_ALL) || \
+                defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY))))
     struct test_params {
         method_provider client_meth;
         method_provider server_meth;
@@ -161,24 +171,29 @@ int test_certificate_authorities_certificate_request(void) {
         /* TLS 1.3 uses certificate_authorities extension */
         {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, 0},
 #endif
-#ifndef WOLFSSL_NO_TLS12
+#if !defined(WOLFSSL_NO_TLS12) && (defined(OPENSSL_ALL) || \
+            defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY))
         /* TLS 1.2 directly embeds CA names in CertificateRequest */
         {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, 0},
 #endif
 #ifdef WOLFSSL_DTLS13
         {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, 1},
 #endif
-#ifdef WOLFSSL_DTLS
+#if defined(WOLFSSL_DTLS) && (defined(OPENSSL_ALL) || \
+            defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY))
         {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, 1},
 #endif
     };
     size_t i;
 
     for (i = 0; i < sizeof(params) / sizeof(*params); i++) {
-        WOLFSSL_CTX *ctx;
-        WOLFSSL *ssl;
+        WOLFSSL_CTX *ctx = NULL;
+        WOLFSSL *ssl = NULL;
         WOLF_STACK_OF(X509_NAME) *names1 = NULL, *names2 = NULL;
-        X509_NAME *name;
+        X509_NAME *name = NULL;
+
+        if (EXPECT_FAIL())
+            break;
 
         ExpectNotNull(ctx = wolfSSL_CTX_new(params[i].server_meth()));
 
@@ -192,6 +207,7 @@ int test_certificate_authorities_certificate_request(void) {
             wolfSSL_X509_NAME_free(name);
             name = NULL;
         }
+        wolfSSL_sk_X509_NAME_free(names2);
         names2 = wolfSSL_load_client_CA_file(caCertFile);
         ExpectNotNull(names2);
 
@@ -228,6 +244,7 @@ int test_certificate_authorities_certificate_request(void) {
             wolfSSL_X509_NAME_free(name);
             name = NULL;
         }
+        wolfSSL_sk_X509_NAME_free(names2);
         names2 = wolfSSL_load_client_CA_file(caCertFile);
         ExpectNotNull(names2);
 
@@ -265,12 +282,6 @@ int test_certificate_authorities_certificate_request(void) {
                         cliCertFile, NULL));
 
             start_thread(test_server_nofail, &server_args, &server_thread);
-            wait_tcp_ready(&server_args);
-
-            tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port,
-                    params[i].doUdp, 0, NULL);
-            if (params[i].doUdp)
-                udp_connect(&sockfd, wolfSSLIP, server_args.signal->port);
 
             ExpectNotNull(ctx_client = wolfSSL_CTX_new(
                         params[i].client_meth()));
@@ -281,6 +292,11 @@ int test_certificate_authorities_certificate_request(void) {
                     certificate_authorities_client_cb, &client_cb_arg);
 
             ExpectNotNull(ssl_client = wolfSSL_new(ctx_client));
+
+            wait_tcp_ready(&server_args);
+            tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port,
+                    params[i].doUdp, 0, ssl_client);
+
             ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl_client, sockfd));
             ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_connect(ssl_client));
 
@@ -307,6 +323,11 @@ int test_certificate_authorities_certificate_request(void) {
 }
 
 
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
+    !defined(WOLFSSL_NO_CA_NAMES) && !defined(NO_BIO) && \
+    !defined(NO_CERTS) && defined(WOLFSSL_TLS13) && (defined(OPENSSL_EXTRA) || \
+            defined(OPENSSL_EXTRA_X509_SMALL)) && \
+    !defined(SINGLE_THREADED) && defined(SESSION_CERTS)
 static int certificate_authorities_server_cb(WOLFSSL *ssl, void *_arg) {
     int *names_num = (int *)_arg;
     WOLF_STACK_OF(X509_NAME) *names = wolfSSL_get0_peer_CA_list(ssl);
@@ -317,13 +338,15 @@ static int certificate_authorities_server_cb(WOLFSSL *ssl, void *_arg) {
         return 0;
     return 1;
 }
+#endif
 
 int test_certificate_authorities_client_hello(void) {
     EXPECT_DECLS;
 #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
     !defined(WOLFSSL_NO_CA_NAMES) && !defined(NO_BIO) && \
-    !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \
-            defined(OPENSSL_EXTRA_SMALL))
+    !defined(NO_CERTS) && defined(WOLFSSL_TLS13) && (defined(OPENSSL_EXTRA) || \
+            defined(OPENSSL_EXTRA_X509_SMALL)) && \
+    !defined(SINGLE_THREADED) && defined(SESSION_CERTS)
 
     struct test_params {
         method_provider client_meth;
@@ -341,88 +364,84 @@ int test_certificate_authorities_client_hello(void) {
     size_t i;
 
     for (i = 0; i < sizeof(params) / sizeof(*params); i++) {
-        WOLFSSL_CTX *ctx;
+        WOLFSSL_CTX *ctx = NULL;
         int server_cb_arg;
+        tcp_ready ready;
+        func_args server_args;
+        callback_functions server_cb;
+        THREAD_TYPE server_thread;
+        WOLFSSL *ssl_client = NULL;
+        WOLFSSL_CTX *ctx_client = NULL;
+        SOCKET_T sockfd = 0;
+        WOLF_STACK_OF(X509_NAME) *names1 = NULL, *names2 = NULL;
+        X509_NAME *name = NULL;
+
+        if (EXPECT_FAIL())
+            break;
 
         ExpectNotNull(ctx = wolfSSL_CTX_new(params[i].server_meth()));
         wolfSSL_CTX_set_cert_cb(ctx, certificate_authorities_server_cb,
                 &server_cb_arg);
 
-#if !defined(SINGLE_THREADED) && defined(SESSION_CERTS)
-        {
-            tcp_ready ready;
-            func_args server_args;
-            callback_functions server_cb;
-            THREAD_TYPE server_thread;
-            WOLFSSL *ssl_client = NULL;
-            WOLFSSL_CTX *ctx_client = NULL;
-            SOCKET_T sockfd = 0;
-            WOLF_STACK_OF(X509_NAME) *names1 = NULL, *names2 = NULL;
-            X509_NAME *name;
-
-            StartTCP();
-            InitTcpReady(&ready);
-            XMEMSET(&server_args, 0, sizeof(func_args));
-            XMEMSET(&server_cb, 0, sizeof(callback_functions));
+        StartTCP();
+        InitTcpReady(&ready);
+        XMEMSET(&server_args, 0, sizeof(func_args));
+        XMEMSET(&server_cb, 0, sizeof(callback_functions));
 
+        server_args.signal = &ready;
+        server_args.callbacks = &server_cb;
 
-            server_args.signal = &ready;
-            server_args.callbacks = &server_cb;
+        server_cb.ctx = ctx;
+        server_cb.isSharedCtx = 1;
+        server_cb.doUdp = params[i].doUdp;
 
-            server_cb.ctx = ctx;
-            server_cb.isSharedCtx = 1;
-            server_cb.doUdp = params[i].doUdp;
+        start_thread(test_server_nofail, &server_args, &server_thread);
 
-            start_thread(test_server_nofail, &server_args, &server_thread);
-            wait_tcp_ready(&server_args);
+        ExpectNotNull(ctx_client = wolfSSL_CTX_new(
+                    params[i].client_meth()));
+        ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(
+                    ctx_client, caCertFile, NULL));
 
-            tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port,
-                    params[i].doUdp, 0, NULL);
-            if (params[i].doUdp)
-                udp_connect(&sockfd, wolfSSLIP, server_args.signal->port);
+        ExpectNotNull(ssl_client = wolfSSL_new(ctx_client));
 
-            ExpectNotNull(ctx_client = wolfSSL_CTX_new(
-                        params[i].client_meth()));
-            ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(
-                        ctx_client, caCertFile, NULL));
+        AssertTrue(wolfSSL_use_certificate_file(ssl_client, cliCertFile,
+                SSL_FILETYPE_PEM));
+        AssertTrue(wolfSSL_use_PrivateKey_file(ssl_client, cliKeyFile,
+                SSL_FILETYPE_PEM));
 
-            ExpectNotNull(ssl_client = wolfSSL_new(ctx_client));
+        names1 = wolfSSL_load_client_CA_file(caCertFile);
+        ExpectNotNull(names1);
+        names2 = wolfSSL_load_client_CA_file(cliCertFile);
+        ExpectNotNull(names2);
+        ExpectNotNull(name = wolfSSL_sk_X509_NAME_value(names2, 0));
+        ExpectIntEQ(2, wolfSSL_sk_X509_NAME_push(names1, name));
+        if (EXPECT_FAIL()) {
+            wolfSSL_X509_NAME_free(name);
+            name = NULL;
+        }
+        wolfSSL_sk_X509_NAME_free(names2);
+        names2 = wolfSSL_load_client_CA_file(cliCertFile);
+        ExpectNotNull(names2);
 
-            AssertTrue(wolfSSL_use_certificate_file(ssl_client, cliCertFile,
-                    SSL_FILETYPE_PEM));
-            AssertTrue(wolfSSL_use_PrivateKey_file(ssl_client, cliKeyFile,
-                    SSL_FILETYPE_PEM));
+        /* verify that set0_CA_list takes precedence */
+        wolfSSL_set0_CA_list(ssl_client, names1);
+        wolfSSL_CTX_set0_CA_list(ctx_client, names2);
 
-            names1 = wolfSSL_load_client_CA_file(caCertFile);
-            ExpectNotNull(names1);
-            names2 = wolfSSL_load_client_CA_file(cliCertFile);
-            ExpectNotNull(names2);
-            ExpectNotNull(name = wolfSSL_sk_X509_NAME_value(names2, 0));
-            ExpectIntEQ(2, wolfSSL_sk_X509_NAME_push(names1, name));
-            if (EXPECT_FAIL()) {
-                wolfSSL_X509_NAME_free(name);
-                name = NULL;
-            }
-            names2 = wolfSSL_load_client_CA_file(cliCertFile);
-            ExpectNotNull(names2);
-
-            /* verify that set0_CA_list takes precedence */
-            wolfSSL_set0_CA_list(ssl_client, names1);
-            wolfSSL_CTX_set0_CA_list(ctx_client, names2);
+        wait_tcp_ready(&server_args);
+        tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port,
+                params[i].doUdp, 0, ssl_client);
 
-            ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl_client, sockfd));
-            ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_connect(ssl_client));
+        ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl_client, sockfd));
+        ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_connect(ssl_client));
 
-            wolfSSL_shutdown(ssl_client);
-            wolfSSL_free(ssl_client);
-            wolfSSL_CTX_free(ctx_client);
+        wolfSSL_shutdown(ssl_client);
+        wolfSSL_free(ssl_client);
+        wolfSSL_CTX_free(ctx_client);
 
-            CloseSocket(sockfd);
+        CloseSocket(sockfd);
 
-            join_thread(server_thread);
-            FreeTcpReady(&ready);
-        }
-#endif
+        join_thread(server_thread);
+        FreeTcpReady(&ready);
         ExpectIntEQ(2, server_cb_arg);
         wolfSSL_CTX_free(ctx);
     }