progress windows cert store test

JacobBarthelmeh · JacobBarthelmeh · commit c63fe1fd8db4 · 2026-01-17T23:50:13.000-07:00
diff --git a/.github/workflows/windows-cert-store-test.yml b/.github/workflows/windows-cert-store-test.yml
@@ -43,7 +43,7 @@ jobs:
       uses: microsoft/setup-msbuild@v1
 
     - name: Restore wolfSSL NuGet packages
-      working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl
+      working-directory: ${{ github.workspace }}\wolfssl
       run: nuget restore ${{env.WOLFSSL_SOLUTION_FILE_PATH}}
 
     - name: updated user_settings.h for sshd and x509
@@ -55,19 +55,27 @@ jobs:
       run: get-content ${{env.USER_SETTINGS_H_NEW}} | %{$_ -replace "if 0","if 1"}
 
     - name: Build wolfssl library
-      working-directory: ${{env.GITHUB_WORKSPACE}}wolfssl
+      working-directory: ${{ github.workspace }}\wolfssl
       run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:Configuration=${{env.WOLFSSL_BUILD_CONFIGURATION}} /t:wolfssl ${{env.WOLFSSL_SOLUTION_FILE_PATH}}
 
     - name: Restore NuGet packages
-      working-directory: ${{env.GITHUB_WORKSPACE}}wolfssh\ide\winvs
+      working-directory: ${{ github.workspace }}\wolfssh\ide\winvs
       run: nuget restore ${{env.SOLUTION_FILE_PATH}}
 
     - name: Build wolfssh
-      working-directory: ${{env.GITHUB_WORKSPACE}}wolfssh\ide\winvs
+      working-directory: ${{ github.workspace }}\wolfssh\ide\winvs
       run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{env.BUILD_PLATFORM}} /p:WindowsTargetPlatformVersion=${{env.TARGET_PLATFORM}} /p:Configuration=${{env.WOLFSSH_BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
 
+    - name: Upload wolfSSH build artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: wolfssh-windows-build
+        if-no-files-found: error
+        path: |
+          wolfssh/ide/winvs/**/Release/**
+
     - name: Create PowerShell script to import cert to store
-      working-directory: ${{env.GITHUB_WORKSPACE}}wolfssh
+      working-directory: ${{ github.workspace }}\wolfssh
       run: |
         @"
         # Import certificate and key to Windows Certificate Store
@@ -128,7 +136,7 @@ jobs:
         "@ | Out-File -FilePath import-cert.ps1 -Encoding UTF8
 
     - name: Build import script
-      working-directory: ${{env.GITHUB_WORKSPACE}}wolfssh
+      working-directory: ${{ github.workspace }}\wolfssh
       shell: pwsh
       run: |
         # Note: This step is informational - actual import happens in test job
@@ -159,8 +167,14 @@ jobs:
       with:
         path: wolfssh
 
+    - name: Download wolfSSH build artifacts
+      uses: actions/download-artifact@v4
+      with:
+        name: wolfssh-windows-build
+        path: .
+
     - name: Set up test environment - ${{ matrix.test_name }}
-      working-directory: ${{env.GITHUB_WORKSPACE}}wolfssh
+      working-directory: ${{ github.workspace }}\wolfssh
       shell: pwsh
       run: |
         Write-Host "=== Test Configuration ==="
@@ -183,7 +197,7 @@ jobs:
         
         Write-Host "Server cert created: $($serverCert.Subject)"
         Write-Host "Server cert thumbprint: $($serverCert.Thumbprint)"
-        Write-Host "SERVER_CERT_SUBJECT=$($serverCert.Subject)" | Out-File -FilePath $env:GITHUB_ENV -Append
+        Add-Content -Path $env:GITHUB_ENV -Value "SERVER_CERT_SUBJECT=$($serverCert.Subject)"
         
         # Create client certificate in cert store
         $clientCert = New-SelfSignedCertificate `
@@ -197,10 +211,10 @@ jobs:
         
         Write-Host "Client cert created: $($clientCert.Subject)"
         Write-Host "Client cert thumbprint: $($clientCert.Thumbprint)"
-        Write-Host "CLIENT_CERT_SUBJECT=$($clientCert.Subject)" | Out-File -FilePath $env:GITHUB_ENV -Append
+        Add-Content -Path $env:GITHUB_ENV -Value "CLIENT_CERT_SUBJECT=$($clientCert.Subject)"
 
     - name: Create wolfSSHd config file
-      working-directory: ${{env.GITHUB_WORKSPACE}}wolfssh
+      working-directory: ${{ github.workspace }}\wolfssh
       shell: pwsh
       run: |
         $configContent = @"
@@ -230,7 +244,7 @@ jobs:
         Get-Content sshd_config_test
 
     - name: Find wolfSSH executables
-      working-directory: ${{env.GITHUB_WORKSPACE}}wolfssh
+      working-directory: ${{ github.workspace }}\wolfssh
       shell: pwsh
       run: |
         # Find wolfsshd.exe
@@ -239,7 +253,7 @@ jobs:
             Select-Object -First 1
         if ($sshdExe) {
             Write-Host "Found wolfsshd.exe at: $($sshdExe.FullName)"
-            Write-Host "SSHD_PATH=$($sshdExe.FullName)" | Out-File -FilePath $env:GITHUB_ENV -Append
+            Add-Content -Path $env:GITHUB_ENV -Value "SSHD_PATH=$($sshdExe.FullName)"
         } else {
             Write-Host "ERROR: wolfsshd.exe not found"
             Get-ChildItem -Recurse -Filter "*.exe" | Select-Object FullName
@@ -252,7 +266,7 @@ jobs:
             Select-Object -First 1
         if ($sftpExe) {
             Write-Host "Found wolfsftp.exe at: $($sftpExe.FullName)"
-            Write-Host "SFTP_PATH=$($sftpExe.FullName)" | Out-File -FilePath $env:GITHUB_ENV -Append
+            Add-Content -Path $env:GITHUB_ENV -Value "SFTP_PATH=$($sftpExe.FullName)"
         } else {
             Write-Host "ERROR: wolfsftp.exe not found"
             Get-ChildItem -Recurse -Filter "*.exe" | Select-Object FullName
@@ -265,13 +279,13 @@ jobs:
             Select-Object -First 1
         if ($sshExe) {
             Write-Host "Found wolfssh.exe at: $($sshExe.FullName)"
-            Write-Host "SSH_PATH=$($sshExe.FullName)" | Out-File -FilePath $env:GITHUB_ENV -Append
+            Add-Content -Path $env:GITHUB_ENV -Value "SSH_PATH=$($sshExe.FullName)"
         } else {
             Write-Host "WARNING: wolfssh.exe not found (SSH client test will be skipped)"
         }
 
     - name: Start wolfSSHd in background
-      working-directory: ${{env.GITHUB_WORKSPACE}}wolfssh
+      working-directory: ${{ github.workspace }}\wolfssh
       shell: pwsh
       run: |
         $sshdPath = (Get-Content env:SSHD_PATH)
@@ -286,7 +300,7 @@ jobs:
             -PassThru -NoNewWindow
         
         Write-Host "Started wolfSSHd with PID: $($sshdProcess.Id)"
-        Write-Host "SSHD_PID=$($sshdProcess.Id)" | Out-File -FilePath $env:GITHUB_ENV -Append
+        Add-Content -Path $env:GITHUB_ENV -Value "SSHD_PID=$($sshdProcess.Id)"
         
         # Wait a bit for server to start
         Start-Sleep -Seconds 3
@@ -298,7 +312,7 @@ jobs:
         }
 
     - name: Test SFTP connection
-      working-directory: ${{env.GITHUB_WORKSPACE}}wolfssh
+      working-directory: ${{ github.workspace }}\wolfssh
       shell: pwsh
       run: |
         $sftpPath = (Get-Content env:SFTP_PATH)
@@ -383,7 +397,7 @@ jobs:
         Write-Host "Test completed - key exchange appears to have worked"
 
     - name: Test SSH client connection
-      working-directory: ${{env.GITHUB_WORKSPACE}}wolfssh
+      working-directory: ${{ github.workspace }}\wolfssh
       shell: pwsh
       run: |
         $sshPath = (Get-Content env:SSH_PATH -ErrorAction SilentlyContinue)
@@ -462,7 +476,7 @@ jobs:
 
     - name: Cleanup
       if: always()
-      working-directory: ${{env.GITHUB_WORKSPACE}}wolfssh
+      working-directory: ${{ github.workspace }}\wolfssh
       shell: pwsh
       run: |
         # Stop wolfSSHd
diff --git a/apps/wolfsshd/wolfsshd.c b/apps/wolfsshd/wolfsshd.c
@@ -423,6 +423,7 @@ static int SetupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx,
                 wc_FreeDer(&der);
             }
         }
+        }
     }
 
 #if defined(WOLFSSH_OSSH_CERTS) || defined(WOLFSSH_CERTS)
@@ -496,13 +497,19 @@ static int SetupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx,
 
         if (ret == WS_SUCCESS) {
             if (wolfSSHD_ConfigGetUserCAStore(conf)) {
+#if defined(_WIN32)
                 if (wolfSSL_CTX_load_windows_user_CA_certs(sslCtx,
-                    wolfSSHD_ConfigGetWinUserStores(conf),
-                    wolfSSHD_ConfigGetWinUserDwFlags(conf),
-                    wolfSSHD_ConfigGetWinUserPvPara(conf)) != WOLFSSL_SUCCESS) {
+                        wolfSSHD_ConfigGetWinUserStores(conf),
+                        wolfSSHD_ConfigGetWinUserDwFlags(conf),
+                        wolfSSHD_ConfigGetWinUserPvPara(conf)) != WOLFSSL_SUCCESS) {
                     wolfSSH_Log(WS_LOG_INFO, "[SSHD] Issue loading user CAs");
                     ret = WS_FATAL_ERROR;
                 }
+#else
+                wolfSSH_Log(WS_LOG_INFO,
+                    "[SSHD] User CA store is only supported on Windows");
+                ret = WS_BAD_ARGUMENT;
+#endif /* _WIN32 */
             }
         }
 

Original file line number	Diff line number	Diff line change
`@@ -423,6 +423,7 @@ static int SetupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx,`
`423`	`423`	`wc_FreeDer(&der);`
`424`	`424`	`}`
`425`	`425`	`}`
	`426`	`+ }`
`426`	`427`	`}`
`427`	`428`
`428`	`429`	`#if defined(WOLFSSH_OSSH_CERTS) \|\| defined(WOLFSSH_CERTS)`
`@@ -496,13 +497,19 @@ static int SetupCTX(WOLFSSHD_CONFIG* conf, WOLFSSH_CTX** ctx,`
`496`	`497`
`497`	`498`	`if (ret == WS_SUCCESS) {`
`498`	`499`	`if (wolfSSHD_ConfigGetUserCAStore(conf)) {`
	`500`	`+#if defined(_WIN32)`
`499`	`501`	`if (wolfSSL_CTX_load_windows_user_CA_certs(sslCtx,`
`500`		`- wolfSSHD_ConfigGetWinUserStores(conf),`
`501`		`- wolfSSHD_ConfigGetWinUserDwFlags(conf),`
`502`		`- wolfSSHD_ConfigGetWinUserPvPara(conf)) != WOLFSSL_SUCCESS) {`
	`502`	`+ wolfSSHD_ConfigGetWinUserStores(conf),`
	`503`	`+ wolfSSHD_ConfigGetWinUserDwFlags(conf),`
	`504`	`+ wolfSSHD_ConfigGetWinUserPvPara(conf)) != WOLFSSL_SUCCESS) {`
`503`	`505`	`wolfSSH_Log(WS_LOG_INFO, "[SSHD] Issue loading user CAs");`
`504`	`506`	`ret = WS_FATAL_ERROR;`
`505`	`507`	`}`
	`508`	`+#else`
	`509`	`+ wolfSSH_Log(WS_LOG_INFO,`
	`510`	`+ "[SSHD] User CA store is only supported on Windows");`
	`511`	`+ ret = WS_BAD_ARGUMENT;`
	`512`	`+#endif /* _WIN32 */`
`506`	`513`	`}`
`507`	`514`	`}`
`508`	`515`