Skip to content

refactor to WOLFSSL_SET_CERT_TYPE #9208

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
SparkiDev merged 1 commit into from
Sep 24, 2025
Merged

refactor to WOLFSSL_SET_CERT_TYPE #9208

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
149 changes: 38 additions & 111 deletions src/ssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8806,148 +8806,75 @@ static int isArrayUnique(const char* buf, size_t len)
return 1;
}

/* Set user preference for the client_cert_type exetnsion.
/* Set user preference for the {client,server}_cert_type extension.
* Takes byte array containing cert types the caller can provide to its peer.
* Cert types are in preferred order in the array.
*/
int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx,
const char* buf, int bufLen)
static int set_cert_type(RpkConfig* cfg,
int client, const char* buf, int bufLen)
{
int i;
byte* certTypeCnt;
byte* certTypes;

if (ctx == NULL || bufLen > MAX_CLIENT_CERT_TYPE_CNT) {
if (cfg == NULL || bufLen > (client ? MAX_CLIENT_CERT_TYPE_CNT :
MAX_SERVER_CERT_TYPE_CNT)) {
return BAD_FUNC_ARG;
}

/* if buf is set to NULL or bufLen is set to zero, it defaults the setting*/
if (buf == NULL || bufLen == 0) {
ctx->rpkConfig.preferred_ClientCertTypeCnt = 1;
ctx->rpkConfig.preferred_ClientCertTypes[0]= WOLFSSL_CERT_TYPE_X509;
ctx->rpkConfig.preferred_ClientCertTypes[1]= WOLFSSL_CERT_TYPE_X509;
return WOLFSSL_SUCCESS;
if (client) {
certTypeCnt = &cfg->preferred_ClientCertTypeCnt;
certTypes = cfg->preferred_ClientCertTypes;
}

if (!isArrayUnique(buf, (size_t)bufLen))
return BAD_FUNC_ARG;

for (i = 0; i < bufLen; i++){
if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509)
return BAD_FUNC_ARG;

ctx->rpkConfig.preferred_ClientCertTypes[i] = (byte)buf[i];
}
ctx->rpkConfig.preferred_ClientCertTypeCnt = bufLen;

return WOLFSSL_SUCCESS;
}

/* Set user preference for the server_cert_type exetnsion.
* Takes byte array containing cert types the caller can provide to its peer.
* Cert types are in preferred order in the array.
*/
int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx,
const char* buf, int bufLen)
{
int i;

if (ctx == NULL || bufLen > MAX_SERVER_CERT_TYPE_CNT) {
return BAD_FUNC_ARG;
else {
certTypeCnt = &cfg->preferred_ServerCertTypeCnt;
certTypes = cfg->preferred_ServerCertTypes;
}

/* if buf is set to NULL or bufLen is set to zero, it defaults the setting*/
/* if buf is set to NULL or bufLen is zero, it defaults the setting*/
if (buf == NULL || bufLen == 0) {
ctx->rpkConfig.preferred_ServerCertTypeCnt = 1;
ctx->rpkConfig.preferred_ServerCertTypes[0]= WOLFSSL_CERT_TYPE_X509;
ctx->rpkConfig.preferred_ServerCertTypes[1]= WOLFSSL_CERT_TYPE_X509;
*certTypeCnt = 1;
for (i = 0; i < 2; i++)
certTypes[i] = WOLFSSL_CERT_TYPE_X509;
return WOLFSSL_SUCCESS;
}

if (!isArrayUnique(buf, (size_t)bufLen))
return BAD_FUNC_ARG;

for (i = 0; i < bufLen; i++){
for (i = 0; i < bufLen; i++) {
if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509)
return BAD_FUNC_ARG;

ctx->rpkConfig.preferred_ServerCertTypes[i] = (byte)buf[i];
certTypes[i] = (byte)buf[i];
}
ctx->rpkConfig.preferred_ServerCertTypeCnt = bufLen;
*certTypeCnt = bufLen;

return WOLFSSL_SUCCESS;
}

/* Set user preference for the client_cert_type exetnsion.
* Takes byte array containing cert types the caller can provide to its peer.
* Cert types are in preferred order in the array.
*/
int wolfSSL_set_client_cert_type(WOLFSSL* ssl,
const char* buf, int bufLen)
int wolfSSL_set_client_cert_type(WOLFSSL* ssl, const char* buf, int buflen)
{
int i;

if (ssl == NULL || bufLen > MAX_CLIENT_CERT_TYPE_CNT) {
if (ssl == NULL)
return BAD_FUNC_ARG;
}

/* if buf is set to NULL or bufLen is set to zero, it defaults the setting*/
if (buf == NULL || bufLen == 0) {
ssl->options.rpkConfig.preferred_ClientCertTypeCnt = 1;
ssl->options.rpkConfig.preferred_ClientCertTypes[0]
= WOLFSSL_CERT_TYPE_X509;
ssl->options.rpkConfig.preferred_ClientCertTypes[1]
= WOLFSSL_CERT_TYPE_X509;
return WOLFSSL_SUCCESS;
}

if (!isArrayUnique(buf, (size_t)bufLen))
return set_cert_type(&ssl->options.rpkConfig, 1, buf, buflen);
}
int wolfSSL_set_server_cert_type(WOLFSSL* ssl, const char* buf, int buflen)
{
if (ssl == NULL)
return BAD_FUNC_ARG;

for (i = 0; i < bufLen; i++){
if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509)
return BAD_FUNC_ARG;

ssl->options.rpkConfig.preferred_ClientCertTypes[i] = (byte)buf[i];
}
ssl->options.rpkConfig.preferred_ClientCertTypeCnt = bufLen;

return WOLFSSL_SUCCESS;
return set_cert_type(&ssl->options.rpkConfig, 0, buf, buflen);
}

/* Set user preference for the server_cert_type exetnsion.
* Takes byte array containing cert types the caller can provide to its peer.
* Cert types are in preferred order in the array.
*/
int wolfSSL_set_server_cert_type(WOLFSSL* ssl,
const char* buf, int bufLen)
int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx,
const char* buf, int buflen)
{
int i;

if (ssl == NULL || bufLen > MAX_SERVER_CERT_TYPE_CNT) {
if (ctx == NULL)
return BAD_FUNC_ARG;
}

/* if buf is set to NULL or bufLen is set to zero, it defaults the setting*/
if (buf == NULL || bufLen == 0) {
ssl->options.rpkConfig.preferred_ServerCertTypeCnt = 1;
ssl->options.rpkConfig.preferred_ServerCertTypes[0]
= WOLFSSL_CERT_TYPE_X509;
ssl->options.rpkConfig.preferred_ServerCertTypes[1]
= WOLFSSL_CERT_TYPE_X509;
return WOLFSSL_SUCCESS;
}

if (!isArrayUnique(buf, (size_t)bufLen))
return set_cert_type(&ctx->rpkConfig, 1, buf, buflen);
}
int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx,
const char* buf, int buflen)
{
if (ctx == NULL)
return BAD_FUNC_ARG;

for (i = 0; i < bufLen; i++){
if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509)
return BAD_FUNC_ARG;

ssl->options.rpkConfig.preferred_ServerCertTypes[i] = (byte)buf[i];
}
ssl->options.rpkConfig.preferred_ServerCertTypeCnt = bufLen;

return WOLFSSL_SUCCESS;
return set_cert_type(&ctx->rpkConfig, 0, buf, buflen);
}

/* get negotiated certificate type value and return it to the second parameter.
Expand Down
Loading