Add cert/CRL capabilities: skid, akid, dist point, netscape

Author: padelsbach

compile_commands.json

@@ -0,0 +1,288 @@
+[
+  {
+    "arguments": [
+      "/usr/bin/gcc",
+      "-Wall",
+      "-c",
+      "-fPIC",
+      "-DWOLFSSL_PR7430_PATCH_APPLIED",
+      "-DWOLFSSL_PR9631_PATCH_APPLIED",
+      "-DWOLFSSL_PR9705_PATCH_APPLIED",
+      "-DWOLFSSL_PR9713_PATCH_APPLIED",
+      "-DWOLFSSL_PR9728_PATCH_APPLIED",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include/linux",
+      "-I/usr/local/include",
+      "-o",
+      "./native/com_wolfssl_WolfSSL.o",
+      "./native/com_wolfssl_WolfSSL.c"
+    ],
+    "directory": "/git/wolfssljni",
+    "file": "/git/wolfssljni/native/com_wolfssl_WolfSSL.c",
+    "output": "/git/wolfssljni/native/com_wolfssl_WolfSSL.o"
+  },
+  {
+    "arguments": [
+      "/usr/bin/gcc",
+      "-Wall",
+      "-c",
+      "-fPIC",
+      "-DWOLFSSL_PR7430_PATCH_APPLIED",
+      "-DWOLFSSL_PR9631_PATCH_APPLIED",
+      "-DWOLFSSL_PR9705_PATCH_APPLIED",
+      "-DWOLFSSL_PR9713_PATCH_APPLIED",
+      "-DWOLFSSL_PR9728_PATCH_APPLIED",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include/linux",
+      "-I/usr/local/include",
+      "-o",
+      "./native/com_wolfssl_WolfSSLSession.o",
+      "./native/com_wolfssl_WolfSSLSession.c"
+    ],
+    "directory": "/git/wolfssljni",
+    "file": "/git/wolfssljni/native/com_wolfssl_WolfSSLSession.c",
+    "output": "/git/wolfssljni/native/com_wolfssl_WolfSSLSession.o"
+  },
+  {
+    "arguments": [
+      "/usr/bin/gcc",
+      "-Wall",
+      "-c",
+      "-fPIC",
+      "-DWOLFSSL_PR7430_PATCH_APPLIED",
+      "-DWOLFSSL_PR9631_PATCH_APPLIED",
+      "-DWOLFSSL_PR9705_PATCH_APPLIED",
+      "-DWOLFSSL_PR9713_PATCH_APPLIED",
+      "-DWOLFSSL_PR9728_PATCH_APPLIED",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include/linux",
+      "-I/usr/local/include",
+      "-o",
+      "./native/com_wolfssl_WolfSSLContext.o",
+      "./native/com_wolfssl_WolfSSLContext.c"
+    ],
+    "directory": "/git/wolfssljni",
+    "file": "/git/wolfssljni/native/com_wolfssl_WolfSSLContext.c",
+    "output": "/git/wolfssljni/native/com_wolfssl_WolfSSLContext.o"
+  },
+  {
+    "arguments": [
+      "/usr/bin/gcc",
+      "-Wall",
+      "-c",
+      "-fPIC",
+      "-DWOLFSSL_PR7430_PATCH_APPLIED",
+      "-DWOLFSSL_PR9631_PATCH_APPLIED",
+      "-DWOLFSSL_PR9705_PATCH_APPLIED",
+      "-DWOLFSSL_PR9713_PATCH_APPLIED",
+      "-DWOLFSSL_PR9728_PATCH_APPLIED",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include/linux",
+      "-I/usr/local/include",
+      "-o",
+      "./native/com_wolfssl_WolfCryptRSA.o",
+      "./native/com_wolfssl_WolfCryptRSA.c"
+    ],
+    "directory": "/git/wolfssljni",
+    "file": "/git/wolfssljni/native/com_wolfssl_WolfCryptRSA.c",
+    "output": "/git/wolfssljni/native/com_wolfssl_WolfCryptRSA.o"
+  },
+  {
+    "arguments": [
+      "/usr/bin/gcc",
+      "-Wall",
+      "-c",
+      "-fPIC",
+      "-DWOLFSSL_PR7430_PATCH_APPLIED",
+      "-DWOLFSSL_PR9631_PATCH_APPLIED",
+      "-DWOLFSSL_PR9705_PATCH_APPLIED",
+      "-DWOLFSSL_PR9713_PATCH_APPLIED",
+      "-DWOLFSSL_PR9728_PATCH_APPLIED",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include/linux",
+      "-I/usr/local/include",
+      "-o",
+      "./native/com_wolfssl_WolfCryptECC.o",
+      "./native/com_wolfssl_WolfCryptECC.c"
+    ],
+    "directory": "/git/wolfssljni",
+    "file": "/git/wolfssljni/native/com_wolfssl_WolfCryptECC.c",
+    "output": "/git/wolfssljni/native/com_wolfssl_WolfCryptECC.o"
+  },
+  {
+    "arguments": [
+      "/usr/bin/gcc",
+      "-Wall",
+      "-c",
+      "-fPIC",
+      "-DWOLFSSL_PR7430_PATCH_APPLIED",
+      "-DWOLFSSL_PR9631_PATCH_APPLIED",
+      "-DWOLFSSL_PR9705_PATCH_APPLIED",
+      "-DWOLFSSL_PR9713_PATCH_APPLIED",
+      "-DWOLFSSL_PR9728_PATCH_APPLIED",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include/linux",
+      "-I/usr/local/include",
+      "-o",
+      "./native/com_wolfssl_WolfCryptEccKey.o",
+      "./native/com_wolfssl_WolfCryptEccKey.c"
+    ],
+    "directory": "/git/wolfssljni",
+    "file": "/git/wolfssljni/native/com_wolfssl_WolfCryptEccKey.c",
+    "output": "/git/wolfssljni/native/com_wolfssl_WolfCryptEccKey.o"
+  },
+  {
+    "arguments": [
+      "/usr/bin/gcc",
+      "-Wall",
+      "-c",
+      "-fPIC",
+      "-DWOLFSSL_PR7430_PATCH_APPLIED",
+      "-DWOLFSSL_PR9631_PATCH_APPLIED",
+      "-DWOLFSSL_PR9705_PATCH_APPLIED",
+      "-DWOLFSSL_PR9713_PATCH_APPLIED",
+      "-DWOLFSSL_PR9728_PATCH_APPLIED",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include/linux",
+      "-I/usr/local/include",
+      "-o",
+      "./native/com_wolfssl_WolfSSLCertManager.o",
+      "./native/com_wolfssl_WolfSSLCertManager.c"
+    ],
+    "directory": "/git/wolfssljni",
+    "file": "/git/wolfssljni/native/com_wolfssl_WolfSSLCertManager.c",
+    "output": "/git/wolfssljni/native/com_wolfssl_WolfSSLCertManager.o"
+  },
+  {
+    "arguments": [
+      "/usr/bin/gcc",
+      "-Wall",
+      "-c",
+      "-fPIC",
+      "-DWOLFSSL_PR7430_PATCH_APPLIED",
+      "-DWOLFSSL_PR9631_PATCH_APPLIED",
+      "-DWOLFSSL_PR9705_PATCH_APPLIED",
+      "-DWOLFSSL_PR9713_PATCH_APPLIED",
+      "-DWOLFSSL_PR9728_PATCH_APPLIED",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include/linux",
+      "-I/usr/local/include",
+      "-o",
+      "./native/com_wolfssl_WolfSSLCertRequest.o",
+      "./native/com_wolfssl_WolfSSLCertRequest.c"
+    ],
+    "directory": "/git/wolfssljni",
+    "file": "/git/wolfssljni/native/com_wolfssl_WolfSSLCertRequest.c",
+    "output": "/git/wolfssljni/native/com_wolfssl_WolfSSLCertRequest.o"
+  },
+  {
+    "arguments": [
+      "/usr/bin/gcc",
+      "-Wall",
+      "-c",
+      "-fPIC",
+      "-DWOLFSSL_PR7430_PATCH_APPLIED",
+      "-DWOLFSSL_PR9631_PATCH_APPLIED",
+      "-DWOLFSSL_PR9705_PATCH_APPLIED",
+      "-DWOLFSSL_PR9713_PATCH_APPLIED",
+      "-DWOLFSSL_PR9728_PATCH_APPLIED",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include/linux",
+      "-I/usr/local/include",
+      "-o",
+      "./native/com_wolfssl_WolfSSLCertificate.o",
+      "./native/com_wolfssl_WolfSSLCertificate.c"
+    ],
+    "directory": "/git/wolfssljni",
+    "file": "/git/wolfssljni/native/com_wolfssl_WolfSSLCertificate.c",
+    "output": "/git/wolfssljni/native/com_wolfssl_WolfSSLCertificate.o"
+  },
+  {
+    "arguments": [
+      "/usr/bin/gcc",
+      "-Wall",
+      "-c",
+      "-fPIC",
+      "-DWOLFSSL_PR7430_PATCH_APPLIED",
+      "-DWOLFSSL_PR9631_PATCH_APPLIED",
+      "-DWOLFSSL_PR9705_PATCH_APPLIED",
+      "-DWOLFSSL_PR9713_PATCH_APPLIED",
+      "-DWOLFSSL_PR9728_PATCH_APPLIED",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include/linux",
+      "-I/usr/local/include",
+      "-o",
+      "./native/com_wolfssl_WolfSSLCRL.o",
+      "./native/com_wolfssl_WolfSSLCRL.c"
+    ],
+    "directory": "/git/wolfssljni",
+    "file": "/git/wolfssljni/native/com_wolfssl_WolfSSLCRL.c",
+    "output": "/git/wolfssljni/native/com_wolfssl_WolfSSLCRL.o"
+  },
+  {
+    "arguments": [
+      "/usr/bin/gcc",
+      "-Wall",
+      "-c",
+      "-fPIC",
+      "-DWOLFSSL_PR7430_PATCH_APPLIED",
+      "-DWOLFSSL_PR9631_PATCH_APPLIED",
+      "-DWOLFSSL_PR9705_PATCH_APPLIED",
+      "-DWOLFSSL_PR9713_PATCH_APPLIED",
+      "-DWOLFSSL_PR9728_PATCH_APPLIED",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include/linux",
+      "-I/usr/local/include",
+      "-o",
+      "./native/com_wolfssl_WolfSSLX509Name.o",
+      "./native/com_wolfssl_WolfSSLX509Name.c"
+    ],
+    "directory": "/git/wolfssljni",
+    "file": "/git/wolfssljni/native/com_wolfssl_WolfSSLX509Name.c",
+    "output": "/git/wolfssljni/native/com_wolfssl_WolfSSLX509Name.o"
+  },
+  {
+    "arguments": [
+      "/usr/bin/gcc",
+      "-Wall",
+      "-c",
+      "-fPIC",
+      "-DWOLFSSL_PR7430_PATCH_APPLIED",
+      "-DWOLFSSL_PR9631_PATCH_APPLIED",
+      "-DWOLFSSL_PR9705_PATCH_APPLIED",
+      "-DWOLFSSL_PR9713_PATCH_APPLIED",
+      "-DWOLFSSL_PR9728_PATCH_APPLIED",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include/linux",
+      "-I/usr/local/include",
+      "-o",
+      "./native/com_wolfssl_WolfSSLX509StoreCtx.o",
+      "./native/com_wolfssl_WolfSSLX509StoreCtx.c"
+    ],
+    "directory": "/git/wolfssljni",
+    "file": "/git/wolfssljni/native/com_wolfssl_WolfSSLX509StoreCtx.c",
+    "output": "/git/wolfssljni/native/com_wolfssl_WolfSSLX509StoreCtx.o"
+  },
+  {
+    "arguments": [
+      "/usr/bin/gcc",
+      "-Wall",
+      "-c",
+      "-fPIC",
+      "-DWOLFSSL_PR7430_PATCH_APPLIED",
+      "-DWOLFSSL_PR9631_PATCH_APPLIED",
+      "-DWOLFSSL_PR9705_PATCH_APPLIED",
+      "-DWOLFSSL_PR9713_PATCH_APPLIED",
+      "-DWOLFSSL_PR9728_PATCH_APPLIED",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include",
+      "-I/usr/lib/jvm/java-21-openjdk-arm64/include/linux",
+      "-I/usr/local/include",
+      "-o",
+      "./native/com_wolfssl_WolfSSLNameConstraints.o",
+      "./native/com_wolfssl_WolfSSLNameConstraints.c"
+    ],
+    "directory": "/git/wolfssljni",
+    "file": "/git/wolfssljni/native/com_wolfssl_WolfSSLNameConstraints.c",
+    "output": "/git/wolfssljni/native/com_wolfssl_WolfSSLNameConstraints.o"
+  }
+]

examples/certs/test/crl-dp-cert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIUZqjaWzuAIDjJjqQW/x9Lyn5H2McwDQYJKoZIhvcNAQEL
+BQAwOjEUMBIGA1UEAwwLVGVzdCBDUkwgRFAxFTATBgNVBAoMDHdvbGZTU0wgVGVz
+dDELMAkGA1UEBhMCVVMwHhcNMjYwMjA5MTgxMTQzWhcNMjcwMjA5MTgxMTQzWjA6
+MRQwEgYDVQQDDAtUZXN0IENSTCBEUDEVMBMGA1UECgwMd29sZlNTTCBUZXN0MQsw
+CQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALP/1lo5
+T10/LJAck3ImKvrinzS1oubA/YP/w2NTJLzlZQtbvNPW4WhY2LcuUWOSv/VmMSpq
+J/mEqEn8P9CfIgtRo0z39+HJJ3aE3ClioH6fTpj284nHZnJdYQFy/9+T4DTLcuiJ
+VILqRotqH06JRU4mhR2hqiw7YHI76BlPJAB9pVwGbit6BKWbF5vJRy440AYNCWjs
+t/NEhrKnCJugaPqvyhH9ByWI8/wPeyFNXUpuEiZVg+rSYwPr0w4kVBRUVWnDxEam
+WKEEPSM1CdY2LJGDT6Qjm6WyVQbWppu1mz6Dg+nvw+h125PyW4Cyim6HAFj3IJcI
+6YcDC2lGep7PNmECAwEAAaNrMGkwCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwMAYD
+VR0fBCkwJzAloCOgIYYfaHR0cDovL2NybC5leGFtcGxlLmNvbS90ZXN0LmNybDAd
+BgNVHQ4EFgQUXEABbBfseiUjqacQWYMRluxQV+kwDQYJKoZIhvcNAQELBQADggEB
+AF21pa2SQXeqmDtYLvhwNWpwpt814nRfejAzlLBLpJB8nf1NE89a53U7ELbZMPNj
+tQC/ADNoNGFQmSaPNytXtHNslPM17kSWN+6/JFhKGcWHXgPPM4E5VOZ94H1BK4fh
+PMCfMMh+826Y+RK/nsi4NnlmeJy5/QdRgbDfGY4ZZECssHSIbKPP7pgxH/YzDUd/
+HIzf5vXeiUG7PXXJhzA38k1HRhuyxOYnsrLMYw/FsDOl/knhH9dF8f+XFVHuFfQv
+GH9cm+btX0gM1EaBi1huQcYYNRp2BSa2qSjIeDRg5Bs4i5BENh7wVtZDheGD0SpE
+3jhznnX5L4CwmLzlfQkARuU=
+-----END CERTIFICATE-----

examples/certs/update-certs.sh

@@ -98,6 +98,37 @@ if [ $? -ne 0 ]; then
 fi
 printf "Generated ca-keyPkcs8.der\n"
 
+# Generate CRL Distribution Points test cert
+printf "Generating test/crl-dp-cert.pem\n"
+mkdir -p test
+TMP_DIR="$(mktemp -d)"
+cat > "${TMP_DIR}/openssl.cnf" <<EOF
+[ req ]
+distinguished_name = dn
+x509_extensions = v3_req
+prompt = no
+
+[ dn ]
+CN = Test CRL DP
+O = wolfSSL Test
+C = US
+
+[ v3_req ]
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature
+crlDistributionPoints = URI:http://crl.example.com/test.crl
+EOF
+
+openssl req -new -newkey rsa:2048 -nodes -x509 -days 365 \
+  -keyout "${TMP_DIR}/crl-dp-key.pem" -out test/crl-dp-cert.pem \
+  -config "${TMP_DIR}/openssl.cnf" >/dev/null 2>&1
+if [ $? -ne 0 ]; then
+    printf "Failed to generate test/crl-dp-cert.pem\n"
+    rm -rf "${TMP_DIR}"
+    exit 1
+fi
+rm -rf "${TMP_DIR}"
+
 # Remove text info from intermediate certs, causes issues on Android (WRONG TAG)
 printf "Removing text info from intermediate certs\n"
 sed -i.bak -n '/-----BEGIN CERTIFICATE-----/,$p' ca-cert.pem
@@ -131,4 +162,3 @@ else
 fi
 
 printf "\nFinished successfully\n"
-