Implement CRL monitor for Windows#6437
Conversation
julek-wolfssl
force-pushed
the
windows-crl-monitor
branch
3 times, most recently
from
19062be to
35283e2
Compare
julek-wolfssl
force-pushed
the
windows-crl-monitor
branch
12 times, most recently
from
ff9262c to
1bc3f9c
Compare
|
retest this please |
julek-wolfssl
assigned
julek-wolfssl and
dgarske and unassigned
dgarske and
julek-wolfssl
There was a problem hiding this comment.
Can we avoid these 1 second sleep? Notice the testsuite/testsuite.test his this 6 times, so adds 6 seconds to the run...
There was a problem hiding this comment.
Adding a way to shortcut this wait. Let's try to remove the file for two seconds. If we succeed then we continue with the test.
There was a problem hiding this comment.
Not a fan of hard coded 2500 size.
I think it is to accommodate these:
ls -la certs/crl/crl.pem
-rw-r--r-- 1 davidgarske staff 2229 Feb 1 09:03 certs/crl/crl.pem
davidgarske@Davids-MBP-2 wolfssl % ls -la certs/crl/crl.revoked
-rw-r--r-- 1 davidgarske staff 2330 Feb 1 09:03 certs/crl/crl.revoked
Why not just use heap?
There was a problem hiding this comment.
There is no cross-platform way to check the file size (that I could find). I'll see if there is a better way to do this.
There was a problem hiding this comment.
Changed to reading/writing in 100 byte chunks. That should be fine for stack size.
There was a problem hiding this comment.
Wow, thread helpers!
Note: We have some API's for this already in async here. Feel free to pull over and leverage any of it: https://github.com/wolfSSL/wolfAsyncCrypt/blob/master/wolfcrypt/src/async.c#L865
There was a problem hiding this comment.
Can we make it VERY clear this is only required for CRL monitor? We don't normally need to port threading, but this will be very handy. I'd also like to see this for WOLFSSL_CMSIS_RTOSv2 eventually.
There was a problem hiding this comment.
Ideally I would like to use this threading interface in our unit tests. This will make them easier to port to new platforms and allow us to test TLS on more platforms.
I kept this threading interface extremely simple to make it easier to port. The async code make much more advanced usage of threading. I think it makes sense to keep them separate for now. Maybe in the future it would make sense to have an additional THREAD_OPTIONS parameter to allow for setting all of the advanced options being consumed by async. For now I want to keep it simple and port the tests to this common interface.
There was a problem hiding this comment.
Should WOLFSSL_CRL_MONITORS_LEN be overridable? Seems like the existing CRL monitor code only support .der and .pem?
There was a problem hiding this comment.
I didn't like having the magic number 2 all around the code. There is no benefit of having this variable be overridable by the user so I didn't guard it with a #ifndef.
|
By the way @julek-wolfssl very nice work on this. It all tests out perfectly on Linux and Windows. |
julek-wolfssl
force-pushed
the
windows-crl-monitor
branch
4 times, most recently
from
e0b4f8b to
0b974b1
Compare
julek-wolfssl
force-pushed
the
windows-crl-monitor
branch
from
0b974b1 to
ee64b83
Compare
julek-wolfssl
force-pushed
the
windows-crl-monitor
branch
from
ee64b83 to
7af1f0c
Compare
…ge situations. Added better signal support on MacOS. Issue created in PR wolfSSL#6437.
2 participants
wolfSSL_CTX_LoadCRL()now returnsNOT_COMPILED_INwhen monitoring is requested but it is not compiled in