-
Notifications
You must be signed in to change notification settings - Fork 822
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hitch #6235
Hitch #6235
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a github action test for hitch.
229c5a0
to
cf0e1b4
Compare
Changes since last review: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Almost there. Last round of comments.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 Just need to fix merge conflicts.
Add support for cipher aliases DHE, EDH and EECDH. Add define SSL_CTRL_GET_CHAIN_CERTS to help hitch and other programs detect SSL_CTX_get0_chain_certs is supported. Add wolfSSL_get_locking_callback. Allow using ECDHE+RSA cipher suites when ECDHE alias is used while in OpenSSL compatibility mode. Add more alerts for hitch. SSL_CM should use the CTX's x509_store_pt if available. Add support for SSL_CERT_FILE and SSL_CERT_DIR. Load default OpenSSL TLS 1.3 ciphers when using OPENSSL_COMPATIBLE_DEFAULTS. Use wolfSSL_sk_X509_new_null to allocate WOLFSSL_STACK in wolfSSL_CTX_get_extra_chain_certs. Previous approach of malloc'ing without setting type/memsetting was leading to a segfault. Add --enable-hitch. hitch: Add unit tests for new APIs, fix a couple of issues uncovered by unit testing. Correct behavior of wolfSSL_BIO_set_mem_buf for BIO_CLOSE/NOCLOSE and update unit test accordingly. Add Github action test for hitch.
Description
Add support for hitch to wolfSSL.
Testing
Tested using hitch's test suite. All but three tests passing. Three tests have known issues which will not be fixed for this support (missing NPN support, not outputting certs as "TRUSTED CERTIFICATE", not supporting TLS 1.3 ciphersuites by default without explicitly enabling them).
Checklist