Tweaks to access certificate expiry date while OPENSSL_EXTRA doesn't …

…work for ESP32. See: wolfSSL#6028

IDE/WIN/user_settings.h

@@ -40,7 +40,7 @@
 
 // Enable additional debugging during a TLS connection
 // https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html#wolfssl_debug_tls
-#define WOLFSSL_DEBUG_TLS
+//#define WOLFSSL_DEBUG_TLS
 
 // Force callback set in wolfSSL_CTX_set_verify to be called every time (not just on failure)
 // see: https://www.wolfssl.com/forums/post2349.html#p2349

src/internal.c

@@ -11445,7 +11445,7 @@ static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain,
 }
 #endif
 
-#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
+#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)  || defined(BLS_CHECK_CERT_EXPIRY) || \
     defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 static void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType)
 {
@@ -11519,7 +11519,7 @@ static int CopyAdditionalAltNames(DNS_entry** to, DNS_entry* from, int type,
 }
 #endif /* OPENSSL_EXTRA */
 
-#ifdef WOLFSSL_CERT_REQ
+#if defined( WOLFSSL_CERT_REQ)
 static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
 {
     int ret = 0;

src/x509.c

@@ -1870,7 +1870,7 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
 
 #endif /* OPENSSL_ALL */
 
-#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || defined(BLS_READ_POLICIES)
 /* Looks for the extension matching the passed in nid
  *
  * c   : if not null then is set to status value -2 if multiple occurrences
@@ -2929,7 +2929,7 @@ int wolfSSL_X509_pubkey_digest(const WOLFSSL_X509 *x509,
 #endif /* OPENSSL_EXTRA */
 
 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
-    defined(OPENSSL_EXTRA)  || defined(OPENSSL_EXTRA_X509_SMALL)
+    defined(OPENSSL_EXTRA)  || defined(OPENSSL_EXTRA_X509_SMALL) || defined(BLS_CHECK_CERT_EXPIRY)
 
 /* user externally called free X509, if dynamic go ahead with free, otherwise
  * don't */
@@ -3725,7 +3725,7 @@ byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in,
 #endif /* OPENSSL_EXTRA */
 
 /* require OPENSSL_EXTRA since wolfSSL_X509_free is wrapped by OPENSSL_EXTRA */
-#if defined(OPENSSL_EXTRA)
+#if defined(OPENSSL_EXTRA) || defined(BLS_CHECK_CERT_EXPIRY)
 
 WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(const WOLFSSL_X509* x509)
 {
@@ -3747,8 +3747,10 @@ WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(const WOLFSSL_X509* x509)
 
     return (WOLFSSL_ASN1_TIME*)&x509->notAfter;
 }
+#endif
 
-
+/* require OPENSSL_EXTRA since wolfSSL_X509_free is wrapped by OPENSSL_EXTRA */
+#if defined(OPENSSL_EXTRA)
 /* return 1 on success 0 on fail */
 int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509)
 {
@@ -4677,7 +4679,7 @@ WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file)
 #endif /* OPENSSL_EXTRA && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
-    defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
+    defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || defined(BLS_CHECK_CERT_EXPIRY)
 
 #ifndef NO_FILESYSTEM
 WOLFSSL_ABI

wolfssl/ssl.h

@@ -4254,7 +4254,7 @@ WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
 WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt);
 #endif
 
-#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || defined(BLS_READ_POLICIES)
 WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
                                                      int nid, int* c, int* idx);
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */