Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

domain name policy for WOLFSSL_APPLE_NATIVE_CERT_VALIDATION #8833

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 5, 2025
Merged

domain name policy for WOLFSSL_APPLE_NATIVE_CERT_VALIDATION #8833

merged 4 commits into from
Jun 5, 2025

Conversation

rlm2002
Copy link
Contributor

@rlm2002 rlm2002 commented Jun 2, 2025
edited
Loading

Description

Use WOLFSSL domain name to create policy for WOLFSSL_APPLE_NATIVE_CERT_VALIDATION. When no domain name is available, SecPolicyCreateSSL() uses NULL for the hostname parameter.

Fixes zd#19957

Testing

Tested using make check and test provided in zendesk ticket

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@rlm2002 rlm2002 self-assigned this Jun 2, 2025
@rlm2002 rlm2002 force-pushed the AppleNativeCert branch from c75ca75 to 6577ec1 Compare June 3, 2025 14:41
@rlm2002 rlm2002 force-pushed the AppleNativeCert branch from 6577ec1 to 9864959 Compare June 3, 2025 16:09
@rlm2002
Copy link
Contributor Author

rlm2002 commented Jun 3, 2025
edited by JacobBarthelmeh
Loading

retest this please Jenkins

@rlm2002 rlm2002 assigned wolfSSL-Bot and unassigned rlm2002 Jun 4, 2025
@JacobBarthelmeh JacobBarthelmeh requested a review from Copilot June 4, 2025 17:03
Copilot
Copilot AI reviewed Jun 4, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request updates the Apple native certificate validation flow to leverage the WolfSSL domain name when available for SSL policy creation.

  • Updated the function signature of DoAppleNativeCertValidation to include the ssl context.
  • Added logic to extract and use the domain name to create a hostname-based SSL policy.
  • Ensured proper memory management by releasing CF objects (hostname) after usage.

JacobBarthelmeh
JacobBarthelmeh requested changes Jun 4, 2025
View reviewed changes
Copy link
Contributor

@JacobBarthelmeh JacobBarthelmeh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like a good code change. It's missing a test case though. Please investigate into adding in a regression test.

JacobBarthelmeh
JacobBarthelmeh previously approved these changes Jun 4, 2025
View reviewed changes
Copy link
Contributor

@JacobBarthelmeh JacobBarthelmeh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Additional tests can come in a follow up PR.

SparkiDev
SparkiDev requested changes Jun 5, 2025
View reviewed changes
Copy link
Contributor

@SparkiDev SparkiDev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like the code is correct for getting it use the hostname.

src/internal.c Outdated Show resolved Hide resolved
@SparkiDev SparkiDev assigned rlm2002 and unassigned SparkiDev Jun 5, 2025
@bigbrett
Copy link
Contributor

bigbrett commented Jun 5, 2025

Jenkins retest this please

@SparkiDev SparkiDev assigned SparkiDev and unassigned rlm2002 Jun 5, 2025
@SparkiDev SparkiDev merged commit fbc483e into wolfSSL:master Jun 5, 2025
204 checks passed
@xv-thomas-leong xv-thomas-leong mentioned this pull request Jun 5, 2025
Merged
8 tasks
kp-max-li added a commit to expressvpn/wolfssl-rs that referenced this pull request Jun 6, 2025
@kp-max-li
apple: patch dn check for apple native cert validation
f816148 
Adopting a patch from wolfSSL/wolfssl#8833 on top of the current wolfssl version we are using. This patch ensures the domain check request is properly executed when using the Apple Native Certificate Validation routine.
kp-max-li added a commit to expressvpn/wolfssl-rs that referenced this pull request Jun 6, 2025
@kp-max-li
apple: patch dn check for apple native cert validation
2af3c18 
Adopting a patch from wolfSSL/wolfssl#8833 on top of the current wolfssl version we are using. This patch ensures the domain check request is properly executed when using the Apple Native Certificate Validation routine.
kp-max-li added a commit to expressvpn/wolfssl-rs that referenced this pull request Jun 9, 2025
@kp-max-li
apple: patch dn check for apple native cert validation
c1e6f58 
Adopting a patch from wolfSSL/wolfssl#8833 on top of the current wolfssl version we are using. This patch ensures the domain check request is properly executed when using the Apple Native Certificate Validation routine.
@rlm2002 rlm2002 mentioned this pull request Jun 9, 2025
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bigbrett bigbrett bigbrett left review comments

Copilot code review Copilot Copilot left review comments

@SparkiDev SparkiDev SparkiDev approved these changes

@JacobBarthelmeh JacobBarthelmeh JacobBarthelmeh left review comments

Assignees

@wolfSSL-Bot wolfSSL-Bot

@SparkiDev SparkiDev

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@rlm2002 @bigbrett @JacobBarthelmeh @SparkiDev @wolfSSL-Bot
Morty Proxy This is a proxified and sanitized view of the page, visit original site.