Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL Compat Layer: OCSP response improvments #8408

Merged
merged 22 commits into from
Feb 19, 2025
Merged

OpenSSL Compat Layer: OCSP response improvments #8408

merged 22 commits into from
Feb 19, 2025

Conversation

rizlik
Copy link
Contributor

@rizlik rizlik commented Feb 1, 2025

Improves of OCSP response handling.

Aligns wolfSSL_OCSP_basic_verify and wolfSSL_d2i_OCSP_RESPONSE to OpenSSL behavior.

Replaces #8036

@rizlik rizlik requested a review from julek-wolfssl February 1, 2025 00:15
@rizlik rizlik self-assigned this Feb 1, 2025
@rizlik rizlik force-pushed the ocsp-resp-refactor branch 3 times, most recently from 3b89ce4 to f96acbb Compare February 1, 2025 02:34
@rizlik rizlik closed this Feb 1, 2025
@rizlik rizlik reopened this Feb 1, 2025
@rizlik rizlik force-pushed the ocsp-resp-refactor branch 3 times, most recently from 43964c1 to 2816d92 Compare February 3, 2025 11:06
@rizlik rizlik assigned julek-wolfssl and unassigned rizlik Feb 3, 2025
@rizlik rizlik force-pushed the ocsp-resp-refactor branch from 2816d92 to a635189 Compare February 3, 2025 11:57
@rizlik
Copy link
Contributor Author

rizlik commented Feb 3, 2025

retest this please

julek-wolfssl
julek-wolfssl requested changes Feb 4, 2025
View reviewed changes
Copy link
Member

@julek-wolfssl julek-wolfssl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still need to review tests/.

julek-wolfssl
julek-wolfssl requested changes Feb 4, 2025
View reviewed changes
julek-wolfssl
julek-wolfssl requested changes Feb 4, 2025
View reviewed changes
julek-wolfssl
julek-wolfssl requested changes Feb 4, 2025
View reviewed changes
@julek-wolfssl julek-wolfssl removed their assignment Feb 4, 2025
@rizlik
Copy link
Contributor Author

rizlik commented Feb 5, 2025

retest this please

@rizlik rizlik force-pushed the ocsp-resp-refactor branch from a92d921 to b02a263 Compare February 5, 2025 07:20
@rizlik
Copy link
Contributor Author

rizlik commented Feb 5, 2025

retest this please

@rizlik rizlik assigned julek-wolfssl and unassigned rizlik Feb 5, 2025
julek-wolfssl
julek-wolfssl requested changes Feb 5, 2025
View reviewed changes
@julek-wolfssl julek-wolfssl assigned rizlik and unassigned julek-wolfssl Feb 5, 2025
@rizlik
Copy link
Contributor Author

rizlik commented Feb 6, 2025
edited by julek-wolfssl
Loading

retest this please

@rizlik rizlik closed this Feb 6, 2025
rizlik added 10 commits February 17, 2025 08:59
@rizlik
ocsp-resp-refactor: fix tests
ae3177c
@rizlik
tests: bind test_wolfSSL_client_server_nofail_memio HAVE_SSL_MEMIO_TE…
3e50c79 
…STS_DEP
@rizlik
ocsp: improve OCSP response signature validation
2c2eb2a 
- search for the signer in the CertificateManager if the embedded cert
  verification fails in original asn template.
@rizlik
ocsp: add test for response with unusable internal cert
3724094 
- Added a new test case `resp_bad_embedded_cert` in
  `create_ocsp_test_blobs.py` to test OCSP response with an unusable
  internal cert that can be verified in Cert Manager.
- Updated `test_ocsp_response_parsing` in `ocsp.c` to include the new
  test case.
- Ensured the new test case checks for proper handling of OCSP responses
  with incorrect internal certificates.
@rizlik
minor: improve indentation of guards
c1c9af5
@rizlik
ocsp/tests: update blobs and add license header
69116eb
@rizlik
ocsp/test: better test assertions
4351a5d
@rizlik
ocsp: minors
a06a8b5
@rizlik
ocsp: minors
0af092e
@rizlik
ocsp: use ocspReponse->heap in OcspFindSigner + minors
1eecf32
@rizlik rizlik force-pushed the ocsp-resp-refactor branch from da504fa to 1eecf32 Compare February 17, 2025 09:10
@rizlik
Copy link
Contributor Author

rizlik commented Feb 17, 2025

retest this please

@rizlik rizlik assigned dgarske and unassigned rizlik Feb 17, 2025
@rizlik rizlik requested a review from dgarske February 17, 2025 16:33
dgarske
dgarske requested changes Feb 17, 2025
View reviewed changes
@dgarske dgarske assigned rizlik and unassigned dgarske Feb 17, 2025
@rizlik rizlik requested a review from dgarske February 19, 2025 06:07
@rizlik rizlik assigned dgarske and unassigned rizlik Feb 19, 2025
@dgarske dgarske merged commit 268326d into wolfSSL:master Feb 19, 2025
178 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgarske dgarske dgarske approved these changes

@julek-wolfssl julek-wolfssl Awaiting requested review from julek-wolfssl

@JacobBarthelmeh JacobBarthelmeh Awaiting requested review from JacobBarthelmeh

@SparkiDev SparkiDev Awaiting requested review from SparkiDev

Assignees

@dgarske dgarske

@wolfSSL-Bot wolfSSL-Bot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rizlik @dgarske @julek-wolfssl @wolfSSL-Bot