Extend AIA interface

Author: padelsbach

certs/aia/ca-issuers-cert.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUDCCAjigAwIBAgIUQy4lyOzJcvFVekNsQWuUegW0kGgwDQYJKoZIhvcNAQEL
+BQAwGzEZMBcGA1UEAwwQd29sZnNzbC1haWEtdGVzdDAeFw0yNjAxMjYyMzE1NTZa
+Fw0yNzAxMjYyMzE1NTZaMBsxGTAXBgNVBAMMEHdvbGZzc2wtYWlhLXRlc3QwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM1vUyiX+qtPFhhEqZq3bCUKpd
+6QtswO7YWj+us79yh99mIGE7EZlSfTv0n3rn2//m5bQ7a+TSYMkDyNjPEH6Z+ub2
+qW4EJyc4J9DfC+T9gJM4dvsij+F8TUne/o5iCwFdiZEycEj0vtyYh53du3oqlZTY
+yt8q4k5INoTl+ELCX/L0YqR/+Fl2qaloK7YHUb3EdSqBEGoa/IEfnxHMreZWhVYd
+pSdDnT9rfNqT5Kb2e+eZbZZSouEmebhx9ioRfIXDadSCCa1JNp4fO3YlcDmmEahx
+6TcjEmhUt80+hjhJhqrh4vPlxI24qHmfOe+k2qSimpJse/AUuz7wGRjx6ktfAgMB
+AAGjgYswgYgwHQYDVR0OBBYEFMvT3KE5dvI6t3KNrcuctkm6wvXMMB8GA1UdIwQY
+MBaAFMvT3KE5dvI6t3KNrcuctkm6wvXMMA8GA1UdEwEB/wQFMAMBAf8wNQYIKwYB
+BQUHAQEEKTAnMCUGCCsGAQUFBzAChhlodHRwOi8vZXhhbXBsZS5jb20vY2EucGVt
+MA0GCSqGSIb3DQEBCwUAA4IBAQCjxEHOlxVfmE8xgcQCnr1b4IK5EBuIMUaS7lko
+AHmHvj7z9rr2cxbJhGYQxcttZ4/SQldRqpmiB0cUmko4LbD9yos4FKlyGe3xWvKa
+W17SdpJU2PREShGLLqP7bwiWV6wVyo6puwDHLYSjH5vYr+IcSNNc0GuMZg1OhTWt
+2PYG2vGbHoNR0/UyNibGmaPBimg0nb2GTizY7yWm+N/yXnWa6Wc5yyiF1zExw/GO
+8O/rF0Lg/Gy/v6LnnNmhSOr9ENPKgQEAHFmJRXBXqDYUNhcm2U3PzlfBa06SHFcr
+b59n5jgJmcNSwYDJAYKEhMvjBL40DmiWaRfol2DPoIZ7YtRf
+-----END CERTIFICATE-----

src/x509.c

@@ -15021,6 +15021,34 @@ WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x)
     return list;
 }
 
+#ifdef WOLFSSL_ASN_CA_ISSUER
+WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ca_issuers(WOLFSSL_X509 *x)
+{
+    WOLFSSL_STACK* list = NULL;
+    char*          url;
+
+    if (x == NULL || x->authInfoCaIssuerSz == 0)
+        return NULL;
+
+    list = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK) +
+                                   x->authInfoCaIssuerSz + 1,
+                                   NULL, DYNAMIC_TYPE_OPENSSL);
+    if (list == NULL)
+        return NULL;
+
+    url = (char*)list;
+    url += sizeof(WOLFSSL_STACK);
+    XMEMCPY(url, x->authInfoCaIssuer, x->authInfoCaIssuerSz);
+    url[x->authInfoCaIssuerSz] = '\0';
+
+    list->data.string = url;
+    list->next = NULL;
+    list->num = 1;
+
+    return list;
+}
+#endif /* WOLFSSL_ASN_CA_ISSUER */
+
 int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject)
 {
     WOLFSSL_X509_NAME *issuerName = wolfSSL_X509_get_issuer_name(subject);

tests/api.c

@@ -19199,6 +19199,31 @@ static int test_wolfSSL_OCSP_REQ_CTX(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_X509_get1_ca_issuers(void)
+{
+    EXPECT_DECLS;
+#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \
+    defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) && \
+    defined(WOLFSSL_ASN_CA_ISSUER) && !defined(NO_FILESYSTEM)
+    X509* cert = NULL;
+    STACK_OF(WOLFSSL_STRING) *skStr = NULL;
+    WOLFSSL_STRING url = NULL;
+    const char* expected = "http://example.com/ca.pem";
+
+    ExpectNull(wolfSSL_X509_get1_ca_issuers(NULL));
+    ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(
+            "certs/aia/ca-issuers-cert.pem", WOLFSSL_FILETYPE_PEM));
+    ExpectNotNull(skStr = wolfSSL_X509_get1_ca_issuers(cert));
+    ExpectIntEQ(wolfSSL_sk_WOLFSSL_STRING_num(skStr), 1);
+    ExpectNotNull(url = wolfSSL_sk_WOLFSSL_STRING_value(skStr, 0));
+    ExpectIntEQ(XSTRCMP(url, expected), 0);
+
+    wolfSSL_X509_email_free(skStr);
+    wolfSSL_X509_free(cert);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_no_op_functions(void)
 {
     EXPECT_DECLS;
@@ -31666,6 +31691,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_OCSP_resp_get0),
     TEST_DECL(test_wolfSSL_OCSP_parse_url),
     TEST_DECL(test_wolfSSL_OCSP_REQ_CTX),
+    TEST_DECL(test_wolfSSL_X509_get1_ca_issuers),
 
     TEST_DECL(test_wolfSSL_PEM_read),
 

wolfssl/openssl/ssl.h

@@ -565,6 +565,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_get_ex_data                wolfSSL_X509_get_ex_data
 #define X509_set_ex_data                wolfSSL_X509_set_ex_data
 #define X509_get1_ocsp                  wolfSSL_X509_get1_ocsp
+#ifdef WOLFSSL_ASN_CA_ISSUER
+#define X509_get1_ca_issuers            wolfSSL_X509_get1_ca_issuers
+#endif /* WOLFSSL_ASN_CA_ISSUER */
 #define X509_get_version                wolfSSL_X509_get_version
 #define X509_get_signature_nid          wolfSSL_X509_get_signature_nid
 #define X509_set_subject_name           wolfSSL_X509_set_subject_name

wolfssl/openssl/x509v3.h

@@ -224,6 +224,10 @@ typedef struct WOLFSSL_NAME_CONSTRAINTS NAME_CONSTRAINTS;
 #define X509V3_EXT_print          wolfSSL_X509V3_EXT_print
 #define X509V3_EXT_conf_nid       wolfSSL_X509V3_EXT_conf_nid
 #define X509V3_set_ctx            wolfSSL_X509V3_set_ctx
+#define X509_get1_ocsp            wolfSSL_X509_get1_ocsp
+#ifdef WOLFSSL_ASN_CA_ISSUER
+#define X509_get1_ca_issuers      wolfSSL_X509_get1_ca_issuers
+#endif /* WOLFSSL_ASN_CA_ISSUER */
 #ifndef NO_WOLFSSL_STUB
 #define X509V3_set_nconf(ctx, conf) WC_DO_NOTHING
 #define X509V3_EXT_cleanup()      WC_DO_NOTHING

wolfssl/ssl.h

@@ -5796,6 +5796,10 @@ WOLFSSL_API int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
 
 WOLFSSL_API void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk);
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x);
+#ifdef WOLFSSL_ASN_CA_ISSUER
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ca_issuers(
+    WOLFSSL_X509 *x);
+#endif /* WOLFSSL_ASN_CA_ISSUER */
 
 WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer,
     WOLFSSL_X509 *subject);