Handle OCSP_WANT_READ returned from DoTls13HandShakeMsgType#9995
Open
julek-wolfssl wants to merge 1 commit intowolfSSL:masterfrom
Open
Handle OCSP_WANT_READ returned from DoTls13HandShakeMsgType#9995julek-wolfssl wants to merge 1 commit intowolfSSL:masterfrom
julek-wolfssl wants to merge 1 commit intowolfSSL:masterfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the TLS 1.3 handshake path and test harness to correctly treat nonblocking OCSP retrieval as a retriable condition (OCSP_WANT_READ), and adds a regression test to exercise that path under small max-fragment settings.
Changes:
- Treat
OCSP_WANT_READas a retryable handshake condition in TLS 1.3 message processing and the memio handshake test helper. - Add a TLS 1.3 nonblocking OCSP + low max-fragment-length regression test.
- Update GitHub Actions config to run an OCSP job with
WOLFSSL_NONBLOCK_OCSPand max-fragment enabled.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/api/test_ocsp.h | Exposes the new OCSP/TLS 1.3 nonblocking MFL regression test. |
| tests/api/test_ocsp.c | Adds the new nonblocking OCSP callback simulation test under TLS 1.3 with low MFL. |
| tests/api.c | Treats OCSP_WANT_READ as a retryable error during memio handshakes. |
| src/tls13.c | Treats OCSP_WANT_READ like WC_PENDING_E when replaying a fragmented handshake message. |
| .github/workflows/os-check.yml | Enables a CI configuration that exercises nonblocking OCSP + max-fragment. |
Comments suppressed due to low confidence (2)
tests/api.c:1
OCSP_WANT_READis used unconditionally in the handshake helper. If this file is compiled in configurations whereOCSP_WANT_READis not defined (e.g., OCSP/nonblock OCSP disabled), this can cause a build failure. Consider guarding theOCSP_WANT_READcheck with#ifdef OCSP_WANT_READ/#if defined(WOLFSSL_NONBLOCK_OCSP)(or use a helper macro) so non-OCSP builds still compile.
tests/api.c:1- Same issue as above: this unconditional reference to
OCSP_WANT_READcan break builds where the symbol isn’t defined. Apply the same conditional compilation strategy here as well.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
ZD21341