1 (edited by rpzrpzrpz 2012-11-16 09:43:11)

Topic: wolfSSL_connect PATCH

I have posted topics related to certificate validation and wolfSSL was written to have a callback in VERIFY_PEER function allow for handling certificate errors and allowing the connection to continue.

But I wanted a mechanism that is always going to return GOOD on wolfSSL_connect
and then allow me to analyze the failure and take action

so I patched wolfSSL.2.4.0

internal.h - struct wolfSSL - Added two integer members

        int validcert ;
        int certerr ;

ssl.h - Added 2 functions

WOLFSSL_API int  wolfSSL_validcert(WOLFSSL*);
WOLFSSL_API int  wolfSSL_certerr(WOLFSSL*);

ssl.c - Added 2 functions

int wolfSSL_validcert(WOLFSSL* ssl)
    return (ssl->validcert) ;
int  wolfSSL_certerr(WOLFSSL* ssl)
    return (ssl->certerr) ;

internal.c - wherever verifyCallback is called, commented that code out

if (ssl->verifyCallback) {  changed to: fatal = 0 ;

        if (ret == 0 && ssl->options.side == CLIENT_END)
                ssl->options.serverState = SERVER_CERT_COMPLETE;

        //Code addition - we intercept the layer that
        //handles the verify callback
        //and replace it with just setting error flags
        ssl->certerr = ret ;
        ssl->validcert = -22 ;
        if (ret == 0) ssl->validcert = 22 ;
                ret = 0 ;


        if (ret != 0)
                if (!ssl->options.verifyNone) {
                        int why = bad_certificate;

COMMENT all of the verifycallback code block

Maybe wolfSSL could add a choice whether you want a callback or some function calls and maybe a #define NO_VERIFY_CALLBACK, #define WANT_CERT_ERRORS or something to that effect to allow for clients to connect to ANY HTTPS server regardless of CA cert validation and
then allow them to continue or stop based on security requirements

I never liked to have a mixture of callbacks and member functions, straight function calls are more readable and more

But some may want callbacks because it may give greater flexibility the the CTX_509_STORE structure, but I will not use it.


Re: wolfSSL_connect PATCH


Thanks for the suggestions.  As you saw, wolfSSL embedded SSL does provide a verify callback that allows the user to override verification then return GOOD if they want in that callback.  Is there a reason you would prefer not to use callbacks (other than personal preference)?

Always returning GOOD after wolfSSL_connect() may not be the safest thing to do.  It seems like it could make it easier for users to mis-use or mis-understand what is really happening.  We'll have to give it some thought.

Do you mind me asking what kind of project you are working on?