In wolfSSL_CTX_set_cert_store, send certificates into the CertMgr

Author: anhu

src/ssl.c

@@ -12904,6 +12904,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
     void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str)
     {
+        WOLFSSL_X509 *x = NULL;
         WOLFSSL_ENTER("wolfSSL_CTX_set_cert_store");
         if (ctx == NULL || str == NULL || ctx->cm == str->cm) {
             return;
@@ -12920,6 +12921,20 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         ctx->cm               = str->cm;
         ctx->x509_store.cm    = str->cm;
 
+        /* wolfSSL_CTX_set_cert_store() (this function) associates str with the
+         * wolfSSL_CTX. It is clear that this is a TLS use case which means we
+         * should move all the certs, if any, into the CertMgr and set
+         * str->certs to NULL as that will allow the certs to be properly
+         * processed. */
+        if (str->certs != NULL) {
+            while (wolfSSL_sk_X509_num(str->certs) > 0) {
+                x = wolfSSL_sk_X509_pop(str->certs);
+                X509StoreAddCa(str, x, WOLFSSL_USER_CA);
+            }
+            wolfSSL_sk_X509_pop_free(str->certs, NULL);
+            str->certs = NULL;
+        }
+
         /* free existing store if it exists */
         wolfSSL_X509_STORE_free(ctx->x509_store_pt);
         ctx->x509_store.cache = str->cache;

src/x509_str.c

@@ -34,8 +34,6 @@
 #ifdef OPENSSL_EXTRA
 static int X509StoreGetIssuerEx(WOLFSSL_X509 **issuer,
                             WOLFSSL_STACK *certs, WOLFSSL_X509 *x);
-static int X509StoreAddCa(WOLFSSL_X509_STORE* store,
-                                          WOLFSSL_X509* x509, int type);
 #endif
 
 /* Based on OpenSSL default max depth */
@@ -1361,8 +1359,7 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
     return &store->lookup;
 }
 
-static int X509StoreAddCa(WOLFSSL_X509_STORE* store,
-                                          WOLFSSL_X509* x509, int type)
+int X509StoreAddCa(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, int type)
 {
     int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
     DerBuffer* derCert = NULL;

wolfssl/internal.h

@@ -2780,6 +2780,11 @@ WOLFSSL_LOCAL int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str,
                                         byte *buf, word32 bufLen, int type);
 #endif /* !defined NO_CERTS */
 
+#ifdef OPENSSL_EXTRA
+WOLFSSL_LOCAL int X509StoreAddCa(WOLFSSL_X509_STORE* store,
+                                 WOLFSSL_X509* x509, int type);
+#endif
+
 /* wolfSSL Sock Addr */
 struct WOLFSSL_SOCKADDR {
     unsigned int sz; /* sockaddr size */