diff --git a/src/ssl.c b/src/ssl.c index 09edab0771..ac8fe9b913 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5536,13 +5536,13 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) } if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA && - type != WOLFSSL_INTER_CA) { + type != WOLFSSL_TEMP_CA) { WOLFSSL_MSG("\tCan't add as CA if not actually one"); ret = NOT_CA_ERROR; } #ifndef ALLOW_INVALID_CERTSIGN else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA && - type != WOLFSSL_INTER_CA && !cert->selfSigned && + type != WOLFSSL_TEMP_CA && !cert->selfSigned && (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) { /* Intermediate CA certs are required to have the keyCertSign * extension set. User loaded root certs are not. */ diff --git a/src/ssl_certman.c b/src/ssl_certman.c index e5ecbea75c..346904eef0 100644 --- a/src/ssl_certman.c +++ b/src/ssl_certman.c @@ -487,7 +487,7 @@ static int wolfSSL_CertManagerUnloadTempIntermediateCerts( WOLFSSL_CERT_MANAGER* cm) { WOLFSSL_ENTER("wolfSSL_CertManagerUnloadTempIntermediateCerts"); - return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_INTER_CA); + return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_TEMP_CA); } #endif diff --git a/src/x509_str.c b/src/x509_str.c index 061e85e1b3..072e16e167 100644 --- a/src/x509_str.c +++ b/src/x509_str.c @@ -72,7 +72,7 @@ WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap) if (ctx != NULL && wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL) != WOLFSSL_SUCCESS) { - XFREE(ctx, heap, DYNAMIC_TYPE_X509_CTX); + wolfSSL_X509_STORE_CTX_free(ctx); ctx = NULL; } #endif @@ -105,7 +105,6 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx) if (ctx->current_issuer != NULL) { wolfSSL_X509_free(ctx->current_issuer); - ctx->current_issuer = NULL; } #endif @@ -395,7 +394,7 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) /* We found our issuer in the non-trusted cert list, add it * to the CM and verify the current cert against it */ ret = X509StoreAddCa(ctx->store, issuer, - WOLFSSL_INTER_CA); + WOLFSSL_TEMP_CA); if (ret != WOLFSSL_SUCCESS) { goto exit; } @@ -920,8 +919,7 @@ int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer, ret = X509StoreGetIssuerEx(issuer, ctx->store->certs, x); if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) { - *issuer = wolfSSL_X509_dup(*issuer); - return (*issuer != NULL) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; + return wolfSSL_X509_up_ref(*issuer); } #ifdef WOLFSSL_SIGNER_DER_CERT @@ -929,8 +927,7 @@ int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer, #else ret = X509StoreGetIssuerEx(issuer, ctx->store->trusted, x); if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) { - *issuer = wolfSSL_X509_dup(*issuer); - return (*issuer != NULL) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; + return wolfSSL_X509_up_ref(*issuer); } #endif @@ -1065,7 +1062,7 @@ static void X509StoreFreeObjList(WOLFSSL_X509_STORE* store, obj = wolfSSL_sk_X509_OBJECT_value(objs, i); if (obj != NULL) { obj->type = 0; - obj->data.x509 = NULL; + obj->data.ptr = NULL; } cnt--; i--; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 7762948b61..798292e92b 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3316,7 +3316,7 @@ enum { WOLFSSL_USER_CA = 1, /* user added as trusted */ WOLFSSL_CHAIN_CA = 2, /* added to cache from trusted chain */ - WOLFSSL_INTER_CA = 3 /* Intermediate CA, only for use by + WOLFSSL_TEMP_CA = 3 /* Temp intermediate CA, only for use by * X509_STORE */ };