fix examples to follow options.h config#10037
fix examples to follow options.h config#10037JacobBarthelmeh wants to merge 3 commits intowolfSSL:masterfrom
Conversation
wolfSSL-Fenrir-bot
left a comment
wolfSSL-Fenrir-bot
left a comment
There was a problem hiding this comment.
Fenrir Automated Review — PR #10037
No scan targets match the changed files in this PR. Review skipped.
There was a problem hiding this comment.
Pull request overview
Updates the example client/server (and shared test helpers) to stop overriding build-time configuration macros (from options.h / settings.h) and instead compile cleanly against the wolfSSL API surface as configured.
Changes:
- Removed example-level
#undef/forced-define blocks related toOPENSSL_COEXISTand OpenSSL-compat headers. - Migrated
examples/server/server.coff OpenSSL-compatSSL_*names toWOLFSSL*/wolfSSL_*APIs. - Added
!OPENSSL_COEXISTpreprocessor guards around OpenSSL-extra-only printing paths inwolfssl/test.h.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
wolfssl/test.h |
Avoids OpenSSL-extra helper paths when OPENSSL_COEXIST is set. |
examples/server/server.c |
Switches example server from SSL_* APIs/types to wolfSSL_*/WOLFSSL_*. |
examples/client/client.c |
Stops undefining coexist macros; aligns buffer filetype constants with wolfSSL API. |
Comments suppressed due to low confidence (4)
examples/server/server.c:640
- In
ServerWrite(), afterwolfSSL_write()returns<= 0, the code callswolfSSL_get_error(ssl, 0).wolfSSL_get_error()should be given the return value from the preceding call, otherwise the async/WANT_WRITE loop can behave incorrectly. UsewolfSSL_get_error(ssl, ret)here.
do {
err = 0; /* reset error */
ret = wolfSSL_write(ssl, output, len);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
examples/server/server.c:3665
- In the early-data loop, when
wolfSSL_read_early_data()returns<= 0, the code callswolfSSL_get_error(ssl, 0)instead of passing theretvalue fromwolfSSL_read_early_data(). This can misreport WC_PENDING_E/WANT_READ/WANT_WRITE and break the loop logic. PassrettowolfSSL_get_error()here.
ret = wolfSSL_read_early_data(ssl, input, sizeof(input)-1,
&len);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
/* returns the number of polled items or <0 for
* error */
ret = wolfSSL_AsyncPoll(ssl,
WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
}
examples/server/server.c:456
- In
ServerEchoData(), whenwolfSSL_read()returns<= 0, the code callswolfSSL_get_error(ssl, 0)instead of passing theretvalue fromwolfSSL_read(). This can produce an incorrect error code and break the WANT_READ/WANT_WRITE handling. PassrettowolfSSL_get_error()here.
/* Read data */
while (rx_pos < len) {
ret = wolfSSL_read(ssl, &buffer[rx_pos], len - rx_pos);
if (ret <= 0) {
err = wolfSSL_get_error(ssl, 0);
#ifdef WOLFSSL_ASYNC_CRYPT
if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
if (ret < 0) break;
examples/server/server.c:492
- In
ServerEchoData(), the write error path logserrwhenwolfSSL_write()returns a short write, buterris not set based on the write result (and may still be uninitialized if the preceding reads succeeded). Capture the error from the write call (e.g., viawolfSSL_get_error(ssl, ret)whenret <= 0, or set a deterministic value for short writes) before logging/handling it.
WOLFSSL_ASYNC_WHILE_PENDING(
ret = wolfSSL_write(ssl, buffer, (int)min((word32)len, (word32)rx_pos)),
ret <= 0);
if (ret != (int)min((word32)len, (word32)rx_pos)) {
LOG_ERROR("SSL_write echo error %d\n", err);
err_sys_ex(runWithErrors, "SSL_write failed");
}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
JacobBarthelmeh
force-pushed
the
nightly
branch
from
6a70cba to
3d62a6f
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 6 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| { | ||
| #ifndef WOLFSSL_CALLBACKS | ||
| int ret = SSL_accept(ssl); | ||
| int ret = wolfSSL_accept(ssl); |
There was a problem hiding this comment.
wolfSSL_get_error should be called with the return value from the immediately preceding wolfSSL I/O call (here: ret). Passing 0 can yield WOLFSSL_ERROR_NONE and break the non-blocking retry logic. Update this call to use ret (and keep this consistent with the later wolfSSL_get_error(ssl, ret) usage in the loop).
examples/server/server.c
Outdated
| #endif | ||
| int error = SSL_get_error(ssl, 0); | ||
| SOCKET_T sockfd = (SOCKET_T)SSL_get_fd(ssl); | ||
| int error = wolfSSL_get_error(ssl, 0); |
There was a problem hiding this comment.
wolfSSL_get_error should be called with the return value from the immediately preceding wolfSSL I/O call (here: ret). Passing 0 can yield WOLFSSL_ERROR_NONE and break the non-blocking retry logic. Update this call to use ret (and keep this consistent with the later wolfSSL_get_error(ssl, ret) usage in the loop).
| int error = wolfSSL_get_error(ssl, 0); | |
| int error = wolfSSL_get_error(ssl, ret); |
examples/server/server.c
Outdated
| ret = wolfSSL_read(ssl, &buffer[rx_pos], len - rx_pos); | ||
| if (ret <= 0) { | ||
| err = SSL_get_error(ssl, 0); | ||
| err = wolfSSL_get_error(ssl, 0); |
There was a problem hiding this comment.
On read failure, wolfSSL_get_error should receive the failing call’s return value (ret). Using 0 can misclassify the error and cause incorrect handling (e.g., missing WANT_READ/WANT_WRITE). Pass ret instead.
| err = wolfSSL_get_error(ssl, 0); | |
| err = wolfSSL_get_error(ssl, ret); |
examples/server/server.c
Outdated
| ret = wolfSSL_write(ssl, output, len); | ||
| if (ret <= 0) { | ||
| err = SSL_get_error(ssl, 0); | ||
| err = wolfSSL_get_error(ssl, 0); |
There was a problem hiding this comment.
Same issue as the read path: wolfSSL_get_error should be called with the ret from wolfSSL_write. Passing 0 can incorrectly report no error and break retry/async handling.
| err = wolfSSL_get_error(ssl, 0); | |
| err = wolfSSL_get_error(ssl, ret); |
| #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \ | ||
| !defined(OPENSSL_COEXIST) |
There was a problem hiding this comment.
The new && !defined(OPENSSL_COEXIST) condition is duplicated across multiple preprocessor blocks in this header. Consider introducing a single helper macro (e.g., #define WOLFSSL_OPENSSL_EXTRA_NO_COEXIST ...) or a local #if wrapper to reduce repetition and the risk of inconsistent conditions when future blocks are updated.
| #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \ | ||
| !defined(OPENSSL_COEXIST) |
There was a problem hiding this comment.
The new && !defined(OPENSSL_COEXIST) condition is duplicated across multiple preprocessor blocks in this header. Consider introducing a single helper macro (e.g., #define WOLFSSL_OPENSSL_EXTRA_NO_COEXIST ...) or a local #if wrapper to reduce repetition and the risk of inconsistent conditions when future blocks are updated.
JacobBarthelmeh
force-pushed
the
nightly
branch
from
92a20c0 to
81c3d26
Compare
The example server/client should not be modifying macro defines that come from how the wolfSSL library is configured when built.