Skip to content

TLS 1.3 PHA with OCSP Stapling#10421

Open
kojo1 wants to merge 3 commits into
wolfSSL:masterfrom
kojo1:pha
Open

TLS 1.3 PHA with OCSP Stapling#10421
kojo1 wants to merge 3 commits into
wolfSSL:masterfrom
kojo1:pha

Conversation

@kojo1

@kojo1 kojo1 commented May 7, 2026

Copy link
Copy Markdown
Contributor

Description

  1. CertificateRequest is missing the status_request extension.
    When the server triggers PHA via wolfSSL_request_certificate(),
    the status_request extension is suppressed, so the server cannot
    ask the client to staple OCSP information for its certificate
    (RFC 8446 §4.2 / §4.4.2.1).

  2. The PHA-side client Certificate is not subject to the
    server's OCSP-status check.
    ProcessPeerCerts() only entered the
    OCSP path for WOLFSSL_CLIENT_END, so the OCSP staple supplied by
    the client was never validated.

  3. fix Multiple PSA

Fixes zd#21555, zd#21814

Testing

added test_tls13_pha_status_request

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@kojo1

kojo1 commented May 7, 2026

Copy link
Copy Markdown
Contributor Author

retest this please

@kojo1

kojo1 commented May 9, 2026

Copy link
Copy Markdown
Contributor Author

retest this please

@kojo1

kojo1 commented May 12, 2026

Copy link
Copy Markdown
Contributor Author

Retest this please.

@kojo1 kojo1 force-pushed the pha branch 2 times, most recently from f8e2aaa to 665fb81 Compare May 21, 2026 22:42
@kojo1 kojo1 requested a review from wolfSSL-Bot May 22, 2026 20:51

@dgarske dgarske left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please resolve merge conflicts

@dgarske dgarske removed the request for review from wolfSSL-Bot June 9, 2026 16:30
@dgarske

dgarske commented Jun 11, 2026

Copy link
Copy Markdown
Member

Jenkins retest this please: "Build 'wolfSSL/PRB-fips-repo-and-harness-test-v3-part2' failed with result: FAILURE"

@kojo1

kojo1 commented Jun 27, 2026

Copy link
Copy Markdown
Contributor Author

Merge conflicts resolved.
Added fix for repeated PHA over write_dup (zd#21814).

Thank you for your review in advance.

@dgarske

dgarske commented Jul 9, 2026

Copy link
Copy Markdown
Member

Jenkins retest this please. History lost

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes TLS 1.3 Post-Handshake Authentication (PHA) interoperability and OCSP stapling behavior by ensuring status_request is correctly carried on PHA CertificateRequest and that the server performs OCSP-status checking on the client certificate received during PHA.

Changes:

  • Emit TLS 1.3 status_request in CertificateRequest during PHA with the correct empty extension body, and ensure size/write paths agree.
  • Extend OCSP validation logic to apply to client certificates received post-handshake (PHA) while tolerating missing staples unless “must-staple” is enforced.
  • Add a regression test covering TLS 1.3 PHA + status_request flow and transcript synchronization across read/write dup sides.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
wolfssl/internal.h Adds write-dup state to publish post-PHA transcript hash to keep read/write sides synchronized across PHA rounds.
src/ssl.c Publishes post-PHA transcript hash from write side to read side; frees new synced-hash state during cleanup.
src/tls13.c Recreates/initializes OCSP CSR state for client-side PHA, reuses request slots, frees prior response buffers, and enables OCSP response setup on client during PHA.
src/tls.c Ensures status_request is present in TLS 1.3 CertificateRequest and encoded with empty body; adds NULL-guarding for CSR size/write helpers.
src/internal.c Runs OCSP leaf revocation logic for server-side PHA and treats missing/empty client staple as non-fatal unless must-staple is required.
tests/api/test_tls13.h Registers new TLS 1.3 API test declaration.
tests/api/test_tls13.c Adds test_tls13_pha_status_request regression test for PHA + status_request + empty-staple tolerance.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/ssl.c
Comment thread src/tls.c Outdated
Comment thread src/tls.c Outdated
Comment thread src/tls13.c Outdated
Comment thread tests/api/test_tls13.c Outdated
@kojo1 kojo1 force-pushed the pha branch 2 times, most recently from 5bddfa9 to 9f85d0c Compare July 14, 2026 00:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants