fix examples to follow options.h config#10037
fix examples to follow options.h config#10037JacobBarthelmeh wants to merge 2 commits intowolfSSL:masterfrom
Conversation
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10037
No scan targets match the changed files in this PR. Review skipped.
There was a problem hiding this comment.
Pull request overview
Updates the example client/server (and shared test helpers) to stop overriding build-time configuration macros (from options.h / settings.h) and instead compile cleanly against the wolfSSL API surface as configured.
Changes:
- Removed example-level
#undef/forced-define blocks related toOPENSSL_COEXISTand OpenSSL-compat headers. - Migrated
examples/server/server.coff OpenSSL-compatSSL_*names toWOLFSSL*/wolfSSL_*APIs. - Added
!OPENSSL_COEXISTpreprocessor guards around OpenSSL-extra-only printing paths inwolfssl/test.h.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
wolfssl/test.h |
Avoids OpenSSL-extra helper paths when OPENSSL_COEXIST is set. |
examples/server/server.c |
Switches example server from SSL_* APIs/types to wolfSSL_*/WOLFSSL_*. |
examples/client/client.c |
Stops undefining coexist macros; aligns buffer filetype constants with wolfSSL API. |
Comments suppressed due to low confidence (4)
examples/server/server.c:640
- In
ServerWrite(), afterwolfSSL_write()returns<= 0, the code callswolfSSL_get_error(ssl, 0).wolfSSL_get_error()should be given the return value from the preceding call, otherwise the async/WANT_WRITE loop can behave incorrectly. UsewolfSSL_get_error(ssl, ret)here.
do {
err = 0; /* reset error */
ret = wolfSSL_write(ssl, output, len);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
examples/server/server.c:3665
- In the early-data loop, when
wolfSSL_read_early_data()returns<= 0, the code callswolfSSL_get_error(ssl, 0)instead of passing theretvalue fromwolfSSL_read_early_data(). This can misreport WC_PENDING_E/WANT_READ/WANT_WRITE and break the loop logic. PassrettowolfSSL_get_error()here.
ret = wolfSSL_read_early_data(ssl, input, sizeof(input)-1,
&len);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
/* returns the number of polled items or <0 for
* error */
ret = wolfSSL_AsyncPoll(ssl,
WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
examples/server/server.c:456
- In
ServerEchoData(), whenwolfSSL_read()returns<= 0, the code callswolfSSL_get_error(ssl, 0)instead of passing theretvalue fromwolfSSL_read(). This can produce an incorrect error code and break the WANT_READ/WANT_WRITE handling. PassrettowolfSSL_get_error()here.
/* Read data */
while (rx_pos < len) {
ret = wolfSSL_read(ssl, &buffer[rx_pos], len - rx_pos);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
examples/server/server.c:492
- In
ServerEchoData(), the write error path logserrwhenwolfSSL_write()returns a short write, buterris not set based on the write result (and may still be uninitialized if the preceding reads succeeded). Capture the error from the write call (e.g., viawolfSSL_get_error(ssl, ret)whenret <= 0, or set a deterministic value for short writes) before logging/handling it.
WOLFSSL_ASYNC_WHILE_PENDING(
ret = wolfSSL_write(ssl, buffer, (int)min((word32)len, (word32)rx_pos)),
ret <= 0);
if (ret != (int)min((word32)len, (word32)rx_pos)) {
LOG_ERROR("SSL_write echo error %d\n", err);
err_sys_ex(runWithErrors, "SSL_write failed");
}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| #endif | ||
| if (ret != WOLFSSL_SUCCESS) { | ||
| err = SSL_get_error(ssl, 0); | ||
| err = wolfSSL_get_error(ssl, 0); |
There was a problem hiding this comment.
After wolfSSL_accept()/NonBlockingSSL_Accept() fails, the code calls wolfSSL_get_error(ssl, 0) even though ret holds the actual return code from the accept call. Pass ret to wolfSSL_get_error() so the reported error and subsequent handling are accurate.
| err = wolfSSL_get_error(ssl, 0); | |
| err = wolfSSL_get_error(ssl, ret); |
| XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); | ||
| #if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) | ||
| #if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) \ | ||
| && !defined(OPENSSL_COEXIST) | ||
| /* avoid printing duplicate certs */ |
There was a problem hiding this comment.
In myVerify(), the new !defined(OPENSSL_COEXIST) guard was added only around the use of BIO/STACK/X509 printing, but the variables are still declared under #if defined(OPENSSL_EXTRA) && ... using the unprefixed X509* type. When OPENSSL_COEXIST is enabled, wolfSSL intentionally does not typedef X509 (see wolfssl/openssl/ssl.h), so this will fail to compile. Extend the earlier #if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) to also exclude OPENSSL_COEXIST, or switch the declarations to WOLFSSL_X509*/wolfSSL-prefixed types throughout that block.
| srvHandShakeCB, srvTimeoutCB, srvTo); | ||
| #endif | ||
| error = SSL_get_error(ssl, 0); | ||
| error = wolfSSL_get_error(ssl, 0); |
There was a problem hiding this comment.
NonBlockingSSL_Accept() calls wolfSSL_get_error(ssl, 0) immediately after wolfSSL_accept() and again in the loop, but wolfSSL_get_error() is intended to be passed the return value from the preceding I/O call. Passing 0 can cause the WANT_READ/WANT_WRITE checks to misbehave. Use wolfSSL_get_error(ssl, ret) each time after calling wolfSSL_accept()/wolfSSL_accept_ex().
| error = wolfSSL_get_error(ssl, 0); | |
| error = wolfSSL_get_error(ssl, ret); |
The example server/client should not be modifying macro defines that come from how the wolfSSL library is configured when built.