diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml index 6b4c2f0c5f..a960dafbc1 100644 --- a/.github/workflows/mosquitto.yml +++ b/.github/workflows/mosquitto.yml @@ -24,7 +24,7 @@ jobs: uses: wolfSSL/actions-build-autotools-project@v1 with: path: wolfssl - configure: --enable-mosquitto + configure: --enable-mosquitto CFLAGS="-DALLOW_INVALID_CERTSIGN" install: true - name: Upload built lib @@ -75,9 +75,9 @@ jobs: run: | cd $GITHUB_WORKSPACE/mosquitto/ patch -p1 < $GITHUB_WORKSPACE/osp/mosquitto/${{ matrix.ref }}.patch - make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir -j + make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir - - name: Run mosquitto tests, skipping ignored tests + - name: Run mosquitto tests working-directory: ./mosquitto run: | - make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest -j \ No newline at end of file + make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest \ No newline at end of file diff --git a/tests/api.c b/tests/api.c index eafa8bbcc1..7f615162dc 100644 --- a/tests/api.c +++ b/tests/api.c @@ -3709,6 +3709,7 @@ static int test_wolfSSL_CertManagerCRL(void) wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0)); wolfSSL_CertManagerFreeCRL(cm); +#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0)); ExpectIntEQ(WOLFSSL_SUCCESS, @@ -3717,6 +3718,7 @@ static int test_wolfSSL_CertManagerCRL(void) sizeof_server_cert_der_2048), CRL_MISSING); ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, server_cert_der_2048, sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1), CRL_MISSING); +#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_buff, sizeof(crl_buff), WOLFSSL_FILETYPE_ASN1), 1); @@ -48722,13 +48724,15 @@ static int test_wolfSSL_X509_STORE(void) #ifdef HAVE_CRL X509_STORE_CTX *storeCtx = NULL; - X509_CRL *crl = NULL; X509 *ca = NULL; X509 *cert = NULL; - const char crlPem[] = "./certs/crl/crl.revoked"; const char srvCert[] = "./certs/server-revoked-cert.pem"; const char caCert[] = "./certs/ca-cert.pem"; +#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP + X509_CRL *crl = NULL; + const char crlPem[] = "./certs/crl/crl.revoked"; XFILE fp = XBADFILE; +#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, @@ -48748,6 +48752,7 @@ static int test_wolfSSL_X509_STORE(void) X509_free(ca); ca = NULL; +#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP /* should fail to verify now after adding in CRL */ ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, @@ -48777,6 +48782,7 @@ static int test_wolfSSL_X509_STORE(void) cert = NULL; X509_free(ca); ca = NULL; +#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ #endif /* HAVE_CRL */ @@ -66996,7 +67002,8 @@ static int test_wolfSSL_X509_load_crl_file(void) { EXPECT_DECLS; #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ - !defined(NO_STDIO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) + !defined(NO_STDIO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) && \ + !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP) int i; char pem[][100] = { "./certs/crl/crl.pem", @@ -73682,7 +73689,8 @@ static int test_wolfSSL_CTX_LoadCRL(void) return EXPECT_RESULT(); } -#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL) +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL) && \ + !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP) static int test_multiple_crls_same_issuer_ctx_ready(WOLFSSL_CTX* ctx) { EXPECT_DECLS; @@ -73696,7 +73704,8 @@ static int test_multiple_crls_same_issuer_ctx_ready(WOLFSSL_CTX* ctx) static int test_multiple_crls_same_issuer(void) { EXPECT_DECLS; -#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL) +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_CRL) && \ + !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP) test_ssl_cbf client_cbs, server_cbs; struct { const char* server_cert; @@ -81299,7 +81308,8 @@ static int test_certreq_sighash_algos(void) return EXPECT_RESULT(); } -#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP) static int test_revoked_loaded_int_cert_ctx_ready1(WOLFSSL_CTX* ctx) { EXPECT_DECLS; @@ -81349,7 +81359,8 @@ static int test_revoked_loaded_int_cert_ctx_ready2(WOLFSSL_CTX* ctx) static int test_revoked_loaded_int_cert(void) { EXPECT_DECLS; -#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP) test_ssl_cbf client_cbf; test_ssl_cbf server_cbf; struct { @@ -81389,7 +81400,6 @@ static int test_revoked_loaded_int_cert(void) break; printf("\t%s passed\n", test_params[i].certPemFile); } - #endif return EXPECT_RESULT(); }