openvehicles
diff --git a/‎.gitignore
+5-5 b/‎.gitignore
+5-5
diff --git a/‎configure.ac
+117-96 b/‎configure.ac
+117-96
diff --git a/‎examples/client/client.c
+24-5 b/‎examples/client/client.c
+24-5
diff --git a/‎examples/server/server.c
+1-1 b/‎examples/server/server.c
+1-1
diff --git a/‎pull_to_vagrant.sh
+1 b/‎pull_to_vagrant.sh
+1
@@ -112,11 +112,11 @@ cov-int
 cyassl.tgz
 *.log
 *.trs
-IDE\MDK-ARM\Projects/
-IDE\MDK-ARM\STM32F2xx_StdPeriph_Lib/inc
-IDE\MDK-ARM\STM32F2xx_StdPeriph_Lib/src
-IDE\MDK-ARM\LPC43xx\Drivers/
-IDE\MDK-ARM\LPC43xx\LPC43xx/
+IDE/MDK-ARM/Projects/
+IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/inc
+IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/src
+IDE/MDK-ARM/LPC43xx/Drivers/
+IDE/MDK-ARM/LPC43xx/LPC43xx/
 *.gcno
 *.gcda
 *.gcov
 
@@ -1655,6 +1655,26 @@ then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_TRUNCATED_HMAC"
 fi
 
+# Certificate Status Request : a.k.a. OCSP Stapling
+AC_ARG_ENABLE([ocspstapling],
+    [AS_HELP_STRING([--enable-ocspstapling],[Enable Certificate Status Request - a.k.a. OCSP Stapling (default: disabled)])],
+    [ ENABLED_CERTIFICATE_STATUS_REQUEST=$enableval ],
+    [ ENABLED_CERTIFICATE_STATUS_REQUEST=no ]
+    )
+
+if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST"
+
+    # Requires OCSP make sure on
+    if test "x$ENABLED_OCSP" = "xno"
+    then
+        ENABLED_OCSP="yes"
+        AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"
+        AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"])
+    fi
+fi
+
 # Renegotiation Indication - (FAKE Secure Renegotiation)
 AC_ARG_ENABLE([renegotiation-indication],
     [AS_HELP_STRING([--enable-renegotiation-indication],[Enable Renegotiation Indication (default: disabled)])],
@@ -2613,103 +2633,104 @@ done < $OPTION_FILE
 echo "---"
 echo "Configuration summary for $PACKAGE_NAME version $VERSION"
 echo ""
-echo "   * Installation prefix:       $prefix"
-echo "   * System type:               $host_vendor-$host_os"
-echo "   * Host CPU:                  $host_cpu"
-echo "   * C Compiler:                $CC"
-echo "   * C Flags:                   $CFLAGS"
-echo "   * C++ Compiler:              $CXX"
-echo "   * C++ Flags:                 $CXXFLAGS"
-echo "   * CPP Flags:                 $CPPFLAGS"
-echo "   * CCAS Flags:                $CCASFLAGS"
-echo "   * LIB Flags:                 $LIB"
-echo "   * Debug enabled:             $ax_enable_debug"
-echo "   * Warnings as failure:       $ac_cv_warnings_as_errors"
-echo "   * make -j:                   $enable_jobserver"
-echo "   * VCS checkout:              $ac_cv_vcs_checkout"
+echo "   * Installation prefix:        $prefix"
+echo "   * System type:                $host_vendor-$host_os"
+echo "   * Host CPU:                   $host_cpu"
+echo "   * C Compiler:                 $CC"
+echo "   * C Flags:                    $CFLAGS"
+echo "   * C++ Compiler:               $CXX"
+echo "   * C++ Flags:                  $CXXFLAGS"
+echo "   * CPP Flags:                  $CPPFLAGS"
+echo "   * CCAS Flags:                 $CCASFLAGS"
+echo "   * LIB Flags:                  $LIB"
+echo "   * Debug enabled:              $ax_enable_debug"
+echo "   * Warnings as failure:        $ac_cv_warnings_as_errors"
+echo "   * make -j:                    $enable_jobserver"
+echo "   * VCS checkout:               $ac_cv_vcs_checkout"
 echo
 echo "   Features "
-echo "   * Single threaded:           $ENABLED_SINGLETHREADED"
-echo "   * Filesystem:                $ENABLED_FILESYSTEM"
-echo "   * OpenSSH Build:             $ENABLED_OPENSSH"
-echo "   * OpenSSL Extra API:         $ENABLED_OPENSSLEXTRA"
-echo "   * Max Strength Build:        $ENABLED_MAXSTRENGTH"
-echo "   * fastmath:                  $ENABLED_FASTMATH"
-echo "   * sniffer:                   $ENABLED_SNIFFER"
-echo "   * snifftest:                 $ENABLED_SNIFFTEST"
-echo "   * ARC4:                      $ENABLED_ARC4"
-echo "   * AES:                       $ENABLED_AES"
-echo "   * AES-NI:                    $ENABLED_AESNI"
-echo "   * AES-GCM:                   $ENABLED_AESGCM"
-echo "   * AES-CCM:                   $ENABLED_AESCCM"
-echo "   * DES3:                      $ENABLED_DES3"
-echo "   * IDEA:                      $ENABLED_IDEA"
-echo "   * Camellia:                  $ENABLED_CAMELLIA"
-echo "   * NULL Cipher:               $ENABLED_NULL_CIPHER"
-echo "   * MD5:                       $ENABLED_MD5"
-echo "   * RIPEMD:                    $ENABLED_RIPEMD"
-echo "   * SHA:                       $ENABLED_SHA"
-echo "   * SHA-512:                   $ENABLED_SHA512"
-echo "   * BLAKE2:                    $ENABLED_BLAKE2"
-echo "   * keygen:                    $ENABLED_KEYGEN"
-echo "   * certgen:                   $ENABLED_CERTGEN"
-echo "   * certreq:                   $ENABLED_CERTREQ"
-echo "   * certext:                   $ENABLED_CERTEXT"
-echo "   * HC-128:                    $ENABLED_HC128"
-echo "   * RABBIT:                    $ENABLED_RABBIT"
-echo "   * CHACHA:                    $ENABLED_CHACHA"
-echo "   * Hash DRBG:                 $ENABLED_HASHDRBG"
-echo "   * PWDBASED:                  $ENABLED_PWDBASED"
-echo "   * wolfCrypt Only:            $ENABLED_CRYPTONLY"
-echo "   * HKDF:                      $ENABLED_HKDF"
-echo "   * MD4:                       $ENABLED_MD4"
-echo "   * PSK:                       $ENABLED_PSK"
-echo "   * Poly1305:                  $ENABLED_POLY1305"
-echo "   * LEANPSK:                   $ENABLED_LEANPSK"
-echo "   * RSA:                       $ENABLED_RSA"
-echo "   * DSA:                       $ENABLED_DSA"
-echo "   * DH:                        $ENABLED_DH"
-echo "   * ECC:                       $ENABLED_ECC"
-echo "   * CURVE25519:                $ENABLED_CURVE25519"
-echo "   * ED25519:                   $ENABLED_ED25519"
-echo "   * FPECC:                     $ENABLED_FPECC"
-echo "   * ECC_ENCRYPT:               $ENABLED_ECC_ENCRYPT"
-echo "   * ASN:                       $ENABLED_ASN"
-echo "   * Anonymous cipher:          $ENABLED_ANON"
-echo "   * CODING:                    $ENABLED_CODING"
-echo "   * MEMORY:                    $ENABLED_MEMORY"
-echo "   * I/O POOL:                  $ENABLED_IOPOOL"
-echo "   * LIGHTY:                    $ENABLED_LIGHTY"
-echo "   * STUNNEL:                   $ENABLED_STUNNEL"
-echo "   * ERROR_STRINGS:             $ENABLED_ERROR_STRINGS"
-echo "   * DTLS:                      $ENABLED_DTLS"
-echo "   * Old TLS Versions:          $ENABLED_OLD_TLS"
-echo "   * SSL version 3.0:           $ENABLED_SSLV3"
-echo "   * OCSP:                      $ENABLED_OCSP"
-echo "   * CRL:                       $ENABLED_CRL"
-echo "   * CRL-MONITOR:               $ENABLED_CRL_MONITOR"
-echo "   * Persistent session cache:  $ENABLED_SAVESESSION"
-echo "   * Persistent cert    cache:  $ENABLED_SAVECERT"
-echo "   * Atomic User Record Layer:  $ENABLED_ATOMICUSER"
-echo "   * Public Key Callbacks:      $ENABLED_PKCALLBACKS"
-echo "   * NTRU:                      $ENABLED_NTRU"
-echo "   * SNI:                       $ENABLED_SNI"
-echo "   * ALPN:                      $ENABLED_ALPN"
-echo "   * Maximum Fragment Length:   $ENABLED_MAX_FRAGMENT"
-echo "   * Truncated HMAC:            $ENABLED_TRUNCATED_HMAC"
-echo "   * Renegotiation Indication:  $ENABLED_RENEGOTIATION_INDICATION"
-echo "   * Secure Renegotiation:      $ENABLED_SECURE_RENEGOTIATION"
-echo "   * Supported Elliptic Curves: $ENABLED_SUPPORTED_CURVES"
-echo "   * Session Ticket:            $ENABLED_SESSION_TICKET"
-echo "   * All TLS Extensions:        $ENABLED_TLSX"
-echo "   * PKCS#7                     $ENABLED_PKCS7"
-echo "   * wolfSCEP                   $ENABLED_WOLFSCEP"
-echo "   * Secure Remote Password     $ENABLED_SRP"
-echo "   * Small Stack:               $ENABLED_SMALL_STACK"
-echo "   * valgrind unit tests:       $ENABLED_VALGRIND"
-echo "   * LIBZ:                      $ENABLED_LIBZ"
-echo "   * Examples:                  $ENABLED_EXAMPLES"
-echo "   * User Crypto:               $ENABLED_USER_CRYPTO"
-echo "   * Fast RSA:                  $ENABLED_FAST_RSA"
+echo "   * Single threaded:            $ENABLED_SINGLETHREADED"
+echo "   * Filesystem:                 $ENABLED_FILESYSTEM"
+echo "   * OpenSSH Build:              $ENABLED_OPENSSH"
+echo "   * OpenSSL Extra API:          $ENABLED_OPENSSLEXTRA"
+echo "   * Max Strength Build:         $ENABLED_MAXSTRENGTH"
+echo "   * fastmath:                   $ENABLED_FASTMATH"
+echo "   * sniffer:                    $ENABLED_SNIFFER"
+echo "   * snifftest:                  $ENABLED_SNIFFTEST"
+echo "   * ARC4:                       $ENABLED_ARC4"
+echo "   * AES:                        $ENABLED_AES"
+echo "   * AES-NI:                     $ENABLED_AESNI"
+echo "   * AES-GCM:                    $ENABLED_AESGCM"
+echo "   * AES-CCM:                    $ENABLED_AESCCM"
+echo "   * DES3:                       $ENABLED_DES3"
+echo "   * IDEA:                       $ENABLED_IDEA"
+echo "   * Camellia:                   $ENABLED_CAMELLIA"
+echo "   * NULL Cipher:                $ENABLED_NULL_CIPHER"
+echo "   * MD5:                        $ENABLED_MD5"
+echo "   * RIPEMD:                     $ENABLED_RIPEMD"
+echo "   * SHA:                        $ENABLED_SHA"
+echo "   * SHA-512:                    $ENABLED_SHA512"
+echo "   * BLAKE2:                     $ENABLED_BLAKE2"
+echo "   * keygen:                     $ENABLED_KEYGEN"
+echo "   * certgen:                    $ENABLED_CERTGEN"
+echo "   * certreq:                    $ENABLED_CERTREQ"
+echo "   * certext:                    $ENABLED_CERTEXT"
+echo "   * HC-128:                     $ENABLED_HC128"
+echo "   * RABBIT:                     $ENABLED_RABBIT"
+echo "   * CHACHA:                     $ENABLED_CHACHA"
+echo "   * Hash DRBG:                  $ENABLED_HASHDRBG"
+echo "   * PWDBASED:                   $ENABLED_PWDBASED"
+echo "   * wolfCrypt Only:             $ENABLED_CRYPTONLY"
+echo "   * HKDF:                       $ENABLED_HKDF"
+echo "   * MD4:                        $ENABLED_MD4"
+echo "   * PSK:                        $ENABLED_PSK"
+echo "   * Poly1305:                   $ENABLED_POLY1305"
+echo "   * LEANPSK:                    $ENABLED_LEANPSK"
+echo "   * RSA:                        $ENABLED_RSA"
+echo "   * DSA:                        $ENABLED_DSA"
+echo "   * DH:                         $ENABLED_DH"
+echo "   * ECC:                        $ENABLED_ECC"
+echo "   * CURVE25519:                 $ENABLED_CURVE25519"
+echo "   * ED25519:                    $ENABLED_ED25519"
+echo "   * FPECC:                      $ENABLED_FPECC"
+echo "   * ECC_ENCRYPT:                $ENABLED_ECC_ENCRYPT"
+echo "   * ASN:                        $ENABLED_ASN"
+echo "   * Anonymous cipher:           $ENABLED_ANON"
+echo "   * CODING:                     $ENABLED_CODING"
+echo "   * MEMORY:                     $ENABLED_MEMORY"
+echo "   * I/O POOL:                   $ENABLED_IOPOOL"
+echo "   * LIGHTY:                     $ENABLED_LIGHTY"
+echo "   * STUNNEL:                    $ENABLED_STUNNEL"
+echo "   * ERROR_STRINGS:              $ENABLED_ERROR_STRINGS"
+echo "   * DTLS:                       $ENABLED_DTLS"
+echo "   * Old TLS Versions:           $ENABLED_OLD_TLS"
+echo "   * SSL version 3.0:            $ENABLED_SSLV3"
+echo "   * OCSP:                       $ENABLED_OCSP"
+echo "   * CRL:                        $ENABLED_CRL"
+echo "   * CRL-MONITOR:                $ENABLED_CRL_MONITOR"
+echo "   * Persistent session cache:   $ENABLED_SAVESESSION"
+echo "   * Persistent cert    cache:   $ENABLED_SAVECERT"
+echo "   * Atomic User Record Layer:   $ENABLED_ATOMICUSER"
+echo "   * Public Key Callbacks:       $ENABLED_PKCALLBACKS"
+echo "   * NTRU:                       $ENABLED_NTRU"
+echo "   * Server Name Indication:     $ENABLED_SNI"
+echo "   * ALPN:                       $ENABLED_ALPN"
+echo "   * Maximum Fragment Length:    $ENABLED_MAX_FRAGMENT"
+echo "   * Truncated HMAC:             $ENABLED_TRUNCATED_HMAC"
+echo "   * Certificate Status Request: $ENABLED_CERTIFICATE_STATUS_REQUEST"
+echo "   * Supported Elliptic Curves:  $ENABLED_SUPPORTED_CURVES"
+echo "   * Session Ticket:             $ENABLED_SESSION_TICKET"
+echo "   * Renegotiation Indication:   $ENABLED_RENEGOTIATION_INDICATION"
+echo "   * Secure Renegotiation:       $ENABLED_SECURE_RENEGOTIATION"
+echo "   * All TLS Extensions:         $ENABLED_TLSX"
+echo "   * PKCS#7                      $ENABLED_PKCS7"
+echo "   * wolfSCEP                    $ENABLED_WOLFSCEP"
+echo "   * Secure Remote Password      $ENABLED_SRP"
+echo "   * Small Stack:                $ENABLED_SMALL_STACK"
+echo "   * valgrind unit tests:        $ENABLED_VALGRIND"
+echo "   * LIBZ:                       $ENABLED_LIBZ"
+echo "   * Examples:                   $ENABLED_EXAMPLES"
+echo "   * User Crypto:                $ENABLED_USER_CRYPTO"
+echo "   * Fast RSA:                   $ENABLED_FAST_RSA"
 echo ""
 echo "---"
@@ -310,7 +310,7 @@ static void Usage(void)
 #endif
     printf("-b <num>    Benchmark <num> connections and print stats\n");
 #ifdef HAVE_ALPN
-    printf("-L <str>    Application-Layer Protocole Name ({C,F}:<list>)\n");
+    printf("-L <str>    Application-Layer Protocol Negotiation ({C,F}:<list>)\n");
 #endif
     printf("-B <num>    Benchmark throughput using <num> bytes and print stats\n");
     printf("-s          Use pre Shared keys\n");
@@ -348,6 +348,9 @@ static void Usage(void)
     printf("-o          Perform OCSP lookup on peer certificate\n");
     printf("-O <url>    Perform OCSP lookup using <url> as responder\n");
 #endif
+#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
+    printf("-W          Use OCSP Stapling\n");
+#endif
 #ifdef ATOMIC_USER
     printf("-U          Atomic User Record Layer Callbacks\n");
 #endif
@@ -425,7 +428,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     byte maxFragment = 0;
 #endif
 #ifdef HAVE_TRUNCATED_HMAC
-    byte  truncatedHMAC = 0;
+    byte truncatedHMAC = 0;
+#endif
+#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
+    byte statusRequest = 0;
 #endif
 
 
@@ -466,8 +472,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 
 #ifndef WOLFSSL_VXWORKS
     while ((ch = mygetopt(argc, argv,
-                          "?gdeDusmNrwRitfxXUPCh:p:v:l:A:c:k:Z:b:zS:L:ToO:aB:"))
-                                                                        != -1) {
+                "?gdeDusmNrwRitfxXUPCh:p:v:l:A:c:k:Z:b:zS:L:ToO:aB:W")) != -1) {
         switch (ch) {
             case '?' :
                 Usage();
@@ -654,6 +659,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                 #endif
                 break;
 
+            case 'W' :
+                #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
+                    statusRequest = 1;
+                #endif
+                break;
+
             case 'o' :
                 #ifdef HAVE_OCSP
                     useOcsp = 1;
@@ -976,6 +987,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
        wolfSSL_UseALPN(ssl, alpnList, (word32)XSTRLEN(alpnList), alpn_opt);
     }
 #endif
+#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
+    if (statusRequest) {
+        if (wolfSSL_UseCertificateStatusRequest(ssl, WOLFSSL_CSR_OCSP,
+                                     WOLFSSL_CSR_OCSP_USE_NONCE) != SSL_SUCCESS)
+            err_sys("UseCertificateStatusRequest failed");
+
+        wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
+    }
+#endif
 
     tcp_connect(&sockfd, host, port, doDTLS, ssl);
 
@@ -1317,4 +1337,3 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     }
 
 #endif
-
 
@@ -200,7 +200,7 @@ static void Usage(void)
                                  DEFAULT_MIN_DHKEY_BITS);
 #endif
 #ifdef HAVE_ALPN
-    printf("-L <str>    Application-Layer Protocole Name ({C,F}:<list>)\n");
+    printf("-L <str>    Application-Layer Protocol Negotiation ({C,F}:<list>)\n");
 #endif
     printf("-d          Disable client cert check\n");
     printf("-b          Bind to any interface instead of localhost only\n");
 
@@ -10,4 +10,5 @@ rsync -rvt /$SRC/.git         ~/$DST/
 rsync -rvt /$SRC/IDE          ~/$DST/
 rsync -rvt /$SRC/mcapi        ~/$DST/
 rsync -rvt /$SRC/mplabx       ~/$DST/
+rsync -rvt /$SRC/certs        ~/$DST/
 rsync -rvt /$SRC/configure.ac ~/$DST/