TLS 1.3 PHA with OCSP Stapling#10421
Conversation
|
|
retest this please |
|
retest this please |
|
Retest this please. |
f8e2aaa to
665fb81
Compare
dgarske
left a comment
There was a problem hiding this comment.
Please resolve merge conflicts
|
Jenkins retest this please: "Build 'wolfSSL/PRB-fips-repo-and-harness-test-v3-part2' failed with result: FAILURE" |
|
Merge conflicts resolved. Thank you for your review in advance. |
|
Jenkins retest this please. History lost |
There was a problem hiding this comment.
Pull request overview
This PR fixes TLS 1.3 Post-Handshake Authentication (PHA) interoperability and OCSP stapling behavior by ensuring status_request is correctly carried on PHA CertificateRequest and that the server performs OCSP-status checking on the client certificate received during PHA.
Changes:
- Emit TLS 1.3
status_requestinCertificateRequestduring PHA with the correct empty extension body, and ensure size/write paths agree. - Extend OCSP validation logic to apply to client certificates received post-handshake (PHA) while tolerating missing staples unless “must-staple” is enforced.
- Add a regression test covering TLS 1.3 PHA +
status_requestflow and transcript synchronization across read/write dup sides.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
wolfssl/internal.h |
Adds write-dup state to publish post-PHA transcript hash to keep read/write sides synchronized across PHA rounds. |
src/ssl.c |
Publishes post-PHA transcript hash from write side to read side; frees new synced-hash state during cleanup. |
src/tls13.c |
Recreates/initializes OCSP CSR state for client-side PHA, reuses request slots, frees prior response buffers, and enables OCSP response setup on client during PHA. |
src/tls.c |
Ensures status_request is present in TLS 1.3 CertificateRequest and encoded with empty body; adds NULL-guarding for CSR size/write helpers. |
src/internal.c |
Runs OCSP leaf revocation logic for server-side PHA and treats missing/empty client staple as non-fatal unless must-staple is required. |
tests/api/test_tls13.h |
Registers new TLS 1.3 API test declaration. |
tests/api/test_tls13.c |
Adds test_tls13_pha_status_request regression test for PHA + status_request + empty-staple tolerance. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
5bddfa9 to
9f85d0c
Compare
Description
CertificateRequest is missing the
status_requestextension.When the server triggers PHA via
wolfSSL_request_certificate(),the
status_requestextension is suppressed, so the server cannotask the client to staple OCSP information for its certificate
(RFC 8446 §4.2 / §4.4.2.1).
The PHA-side client Certificate is not subject to the
server's OCSP-status check.
ProcessPeerCerts()only entered theOCSP path for
WOLFSSL_CLIENT_END, so the OCSP staple supplied bythe client was never validated.
fix Multiple PSA
Fixes zd#21555, zd#21814
Testing
added test_tls13_pha_status_request
Checklist