Conversation
padelsbach
force-pushed
the
aia-updates
branch
from
cb8ea5e to
c8e91ee
Compare
padelsbach
force-pushed
the
aia-updates
branch
from
c8e91ee to
8df7464
Compare
There was a problem hiding this comment.
Pull request overview
This PR extends the Java WolfSSLCertificate AIA interface to expose OCSP and CA Issuer URIs from certificates and to detect when the internal AIA URI list overflows, including tests and example certificates to validate the behavior.
Changes:
- Added native and Java-level APIs on
WolfSSLCertificateto retrieve OCSP responder URIs, CA Issuer URIs, and an AIA-overflow indicator, wired to the new wolfSSL C APIs (gated on version/feature macros). - Extended
WolfSSLCertificateTestwith AIA-focused tests, including multi-URI and overflow scenarios, and added helper logic for array membership checks. - Introduced example AIA certificates (
multi-aia-cert.pemandoverflow-aia-cert.pem) underexamples/certs/aia/to drive and document the new AIA behavior.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| src/test/com/wolfssl/test/WolfSSLCertificateTest.java | Adds AIA tests (test_getAiaMulti, test_getAiaOverflow) and new cert path constants to validate OCSP/CA Issuer URI extraction and overflow reporting. |
| src/java/com/wolfssl/WolfSSLCertificate.java | Introduces native bindings and synchronized Java wrappers for getOcspUris(), getCaIssuerUris(), and getAiaOverflow() with appropriate Javadoc and logging. |
| native/com_wolfssl_WolfSSLCertificate.h | Declares new JNI entry points for the AIA-related X509 accessors consistent with the Java native method signatures. |
| native/com_wolfssl_WolfSSLCertificate.c | Implements JNI glue for the new AIA APIs, including a shared helper to convert WOLF_STACK_OF(WOLFSSL_STRING) into String[], handling resource cleanup and feature gating by compile-time macros. |
| examples/certs/aia/multi-aia-cert.pem | Example certificate with multiple OCSP and CA Issuer AIA URIs used by test_getAiaMulti. |
| examples/certs/aia/overflow-aia-cert.pem | Example certificate with an AIA extension large enough to trigger the overflow condition, used by test_getAiaOverflow. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
cconlon
approved these changes
Feb 4, 2026
Member
cconlon
left a comment
cconlon
left a comment
There was a problem hiding this comment.
Looks good to me, thanks! I'll hold off merge until wolfSSL/wolfssl#9728 gets in.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add ability to retrieve the Auth Info Access fields from a given cert as either OCSP or CA URL.
Requires wolfSSL/wolfssl#9728