From 98a10ce79456d1b6a72f37e64ad131da77901321 Mon Sep 17 00:00:00 2001
From: Paul <pmartinsen@blueleafsoftware.com>
Date: Thu, 16 Feb 2023 17:40:18 +1300
Subject: [PATCH] Tweaks to access certificate expiry date while OPENSSL_EXTRA
 doesn't work for ESP32. See: https://github.com/wolfSSL/wolfssl/issues/6028

---
 IDE/WIN/user_settings.h |  2 +-
 src/internal.c          |  4 ++--
 src/x509.c              | 12 +++++++-----
 wolfssl/ssl.h           |  2 +-
 4 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/IDE/WIN/user_settings.h b/IDE/WIN/user_settings.h
index 0d0041fc7d..dcc31b3b78 100644
--- a/IDE/WIN/user_settings.h
+++ b/IDE/WIN/user_settings.h
@@ -40,7 +40,7 @@
 
 // Enable additional debugging during a TLS connection
 // https://www.wolfssl.com/documentation/manuals/wolfssl/chapter02.html#wolfssl_debug_tls
-#define WOLFSSL_DEBUG_TLS
+//#define WOLFSSL_DEBUG_TLS
 
 // Force callback set in wolfSSL_CTX_set_verify to be called every time (not just on failure)
 // see: https://www.wolfssl.com/forums/post2349.html#p2349
diff --git a/src/internal.c b/src/internal.c
index 1afa361f9d..4f9d0c45bb 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -11445,7 +11445,7 @@ static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain,
 }
 #endif
 
-#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
+#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)  || defined(BLS_CHECK_CERT_EXPIRY) || \
     defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 static void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType)
 {
@@ -11519,7 +11519,7 @@ static int CopyAdditionalAltNames(DNS_entry** to, DNS_entry* from, int type,
 }
 #endif /* OPENSSL_EXTRA */
 
-#ifdef WOLFSSL_CERT_REQ
+#if defined( WOLFSSL_CERT_REQ)
 static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert)
 {
     int ret = 0;
diff --git a/src/x509.c b/src/x509.c
index b4673a9a1b..7bc7a064d2 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -1870,7 +1870,7 @@ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
 
 #endif /* OPENSSL_ALL */
 
-#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || defined(BLS_READ_POLICIES)
 /* Looks for the extension matching the passed in nid
  *
  * c   : if not null then is set to status value -2 if multiple occurrences
@@ -2929,7 +2929,7 @@ int wolfSSL_X509_pubkey_digest(const WOLFSSL_X509 *x509,
 #endif /* OPENSSL_EXTRA */
 
 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
-    defined(OPENSSL_EXTRA)  || defined(OPENSSL_EXTRA_X509_SMALL)
+    defined(OPENSSL_EXTRA)  || defined(OPENSSL_EXTRA_X509_SMALL) || defined(BLS_CHECK_CERT_EXPIRY)
 
 /* user externally called free X509, if dynamic go ahead with free, otherwise
  * don't */
@@ -3725,7 +3725,7 @@ byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in,
 #endif /* OPENSSL_EXTRA */
 
 /* require OPENSSL_EXTRA since wolfSSL_X509_free is wrapped by OPENSSL_EXTRA */
-#if defined(OPENSSL_EXTRA)
+#if defined(OPENSSL_EXTRA) || defined(BLS_CHECK_CERT_EXPIRY)
 
 WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(const WOLFSSL_X509* x509)
 {
@@ -3747,8 +3747,10 @@ WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(const WOLFSSL_X509* x509)
 
     return (WOLFSSL_ASN1_TIME*)&x509->notAfter;
 }
+#endif
 
-
+/* require OPENSSL_EXTRA since wolfSSL_X509_free is wrapped by OPENSSL_EXTRA */
+#if defined(OPENSSL_EXTRA)
 /* return 1 on success 0 on fail */
 int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509)
 {
@@ -4677,7 +4679,7 @@ WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file)
 #endif /* OPENSSL_EXTRA && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
 
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \
-    defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
+    defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || defined(BLS_CHECK_CERT_EXPIRY)
 
 #ifndef NO_FILESYSTEM
 WOLFSSL_ABI
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 39bdee59a0..f892a7d397 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -4254,7 +4254,7 @@ WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl);
 WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt);
 #endif
 
-#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || defined(BLS_READ_POLICIES)
 WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
                                                      int nid, int* c, int* idx);
 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */