nginx 1.28.1

### `wolfssl/internal.h`

- **`InternalTicket` struct gains a flexible array member**: A new `peerCert[]` field (with a preceding `peerCertLen[2]`) is added to `InternalTicket`. This allows the peer's DER-encoded certificate to be stored directly inside the session ticket.
- **`ExternalTicket` struct becomes variable-length**: The `enc_ticket` field is changed from a fixed-size array to a flexible array member (`byte enc_ticket[]`). The `mac` field is removed from the struct — the MAC is now placed dynamically after the encrypted data in `enc_ticket`.

### `src/internal.c`

- The `GetRecordHeader` function now only adds `MAX_COMP_EXTRA` to the maximum allowed record size when `ssl->options.usingCompression` is true, tightening the length validation. The max fragment length extension check is now much stricter.
- **Peer certificate is serialized into the ticket**: During ticket creation, the code attempts to find the peer certificate from `ssl->peerCert` or from `ssl->session->chain` (fallback). If found and within `MAX_TICKET_PEER_CERT_SZ`, it's copied into `it->peerCert`. DTLS is explicitly excluded (peer cert length set to 0) to keep ticket size small for MTU constraints. If `HAVE_MAX_FRAGMENT` is defined and max fragment is not `MAX_RECORD_SIZE` for TLS 1.3, the cert is also skipped since `SendTls13NewSessionTicket` doesn't support fragmentation yet.
- **Peer certificate restoration from ticket**: On successful ticket decryption, if the ticket contains a peer certificate (`peerCertLen > 0`), it is decoded back into `ssl->peerCert` via `ParseCertRelative`/`CopyDecodedToX509`, and also added to `ssl->session->chain` via `AddSessionCertToChain`.
- The `CLEAR_ASN_NO_PEM_HEADER_ERROR` macro was rewritten to loop and remove all consecutive PEM no-start-line errors (not just the last one), wrapped in a `do { ... } while(0)` for safety.
- The `SendTicket` function is simplified to use `SendHandshakeMsg` to support fragmenting the larger ticket.

---

### `src/x509.c`

- `loadX509orX509REQFromPemBio` now accepts `TRUSTED_CERT_TYPE` in addition to `CERT_TYPE` and `CERTREQ_TYPE`.
- **Streaming BIO support**: When `wolfSSL_BIO_get_len()` returns ≤ 0 (e.g., pipes/FIFOs), the function no longer returns an error. Instead, it sets an initial buffer of `MAX_X509_SIZE` and dynamically grows (doubling) up to `MAX_BIO_READ_BUFFER` (`MAX_X509_SIZE * 16`) as data is read byte-by-byte.
- **Alternate footer detection**: For `TRUSTED_CERT_TYPE`, the PEM reader also checks for the regular `CERT_TYPE` footer (`-----END CERTIFICATE-----`) in addition to the trusted cert footer (`-----END TRUSTED CERTIFICATE-----`), so it can parse either format.
- Removed two lines that set `cert->srcIdx` to `SIGALGO_SEQ` offset. This makes `cert->srcIdx` reflect the end of parsed certificate data. This is used by `loadX509orX509REQFromBuffer` to detect where auxiliary trust data begins in trusted certificates.

---

### `src/ssl_sk.c`

- Added a `STACK_TYPE_X509_CRL` case to `wolfssl_sk_dup_data` that calls `wolfSSL_X509_CRL_dup` for deep-copying CRL stack elements. Previously, `STACK_TYPE_X509_CRL` fell through to the unsupported default case.

---

### `wolfssl/openssl/ssl.h`

- `sk_X509_dup` now maps to `wolfSSL_shallow_sk_dup` (was `wolfSSL_sk_dup`/deep copy). This matches OpenSSL's behavior where `sk_X509_dup` does a shallow copy.
- `sk_SSL_CIPHER_dup` similarly changed to `wolfSSL_shallow_sk_dup`.

---

### `src/ssl_api_cert.c`

- When `ssl->ourCert` is `NULL` and the SSL owns its cert, the function now checks if `ssl->ctx->ourCert` points to the same certificate (by comparing DER buffers). If so, it returns the ctx's `X509` pointer directly. This maintains pointer compatibility for applications (like nginx OCSP stapling) that use the `X509*` from `SSL_CTX_use_certificate` as a lookup key.

### `src/bio.c`

- When `wolfssl_file_len` returns `WOLFSSL_BAD_FILETYPE` (now returned for pipes/FIFOs), `wolfSSL_BIO_get_len` treats it as length 0 instead of propagating the error.

---

### `tests/test-maxfrag.conf` and `tests/test-maxfrag-dtls.conf`

- Removed `DHE-RSA-AES256-GCM-SHA384` test entries because the ClientKeyExchange doesn't fit in the selected max fragment length.

Author: julek-wolfssl

.github/workflows/nginx.yml

@@ -12,6 +12,10 @@ concurrency:
   cancel-in-progress: true
 # END OF COMMON SECTION
 
+# clang has better sanitizer support
+env:
+  CC: clang
+
 jobs:
   build_wolfssl:
     name: Build wolfSSL
@@ -31,7 +35,8 @@ jobs:
         uses: wolfSSL/actions-build-autotools-project@v1
         with:
           path: wolfssl
-          configure: --enable-nginx ${{ env.wolf_debug_flags }}
+          configure: >-
+            --enable-nginx --enable-curve25519 --enable-ed25519 ${{ env.wolf_debug_flags }}
           install: true
 
       - name: tar build-dir
@@ -50,6 +55,41 @@ jobs:
       matrix:
         include:
           # in general we want to pass all tests that match *ssl*
+          - ref: 1.28.1
+            test-ref: 0fccfcef1278263416043e0bbb3e0116b84026e4
+            # Following tests pass with sanitizer on
+            sanitize-ok: >-
+              h2_ssl_proxy_cache.t h2_ssl.t h2_ssl_variables.t
+              h2_ssl_verify_client.t mail_imap_ssl.t mail_ssl_session_reuse.t
+              mail_ssl.t proxy_ssl_certificate_cache.t
+              proxy_ssl_certificate_empty.t proxy_ssl_certificate.t
+              proxy_ssl_certificate_vars.t proxy_ssl_name.t ssl_cache_reload.t
+              ssl_certificate_aux.t ssl_certificate_cache.t
+              ssl_certificate_chain.t ssl_certificates.t ssl_certificate.t
+              ssl_client_escaped_cert.t ssl_crl.t ssl_curve.t ssl_ocsp.t
+              ssl_password_file.t ssl_proxy_upgrade.t ssl_reject_handshake.t
+              ssl_session_reuse.t ssl_session_ticket_key.t ssl_sni_protocols.t
+              ssl_sni_reneg.t ssl_sni_sessions.t ssl_sni.t ssl_stapling.t ssl.t
+              ssl_verify_client.t ssl_verify_client_trusted.t ssl_verify_depth.t
+              stream_proxy_ssl_certificate_cache.t stream_proxy_ssl_certificate.t
+              stream_proxy_ssl_certificate_vars.t
+              stream_proxy_ssl_name_complex.t stream_proxy_ssl_name.t
+              stream_ssl_alpn.t stream_ssl_certificate_cache.t
+              stream_ssl_certificate.t stream_ssl_ocsp.t stream_ssl_preread_alpn.t
+              stream_ssl_preread_protocol.t stream_ssl_preread.t
+              stream_ssl_reject_handshake.t stream_ssl_session_reuse.t
+              stream_ssl_sni_protocols.t stream_ssl_stapling.t stream_ssl.t
+              stream_ssl_variables.t stream_ssl_verify_client.t
+              stream_upstream_zone_ssl.t upstream_zone_ssl.t
+              uwsgi_ssl_certificate.t uwsgi_ssl_certificate_vars.t
+            # Following tests do not pass with sanitizer on (with OpenSSL too)
+            sanitize-not-ok: >-
+              grpc_ssl.t h2_proxy_request_buffering_ssl.t h2_proxy_ssl.t
+              proxy_request_buffering_ssl.t proxy_ssl_conf_command.t
+              proxy_ssl_keepalive.t proxy_ssl.t proxy_ssl_verify.t ssl_cache.t
+              stream_proxy_protocol_ssl.t stream_proxy_ssl_conf_command.t
+              stream_proxy_ssl.t stream_proxy_ssl_verify.t
+
           - ref: 1.25.0
             test-ref: 5b2894ea1afd01a26c589ce11f310df118e42592
             # Following tests pass with sanitizer on
@@ -120,30 +160,19 @@ jobs:
       - name: untar build-dir
         run: tar -xf build-dir.tgz
 
-      - name: Install dependencies
-        run: |
-          sudo cpan -iT Proc::Find
+      - name: Openssl version
+        run: openssl version -a
 
-      # Locking in the version of SSLeay used with testing
-      - name: Download and install Net::SSLeay 1.94 manually
-        run: |
-          curl -LO https://www.cpan.org/modules/by-module/Net/CHRISN/Net-SSLeay-1.94.tar.gz
-          tar -xzf Net-SSLeay-1.94.tar.gz
-          cd Net-SSLeay-1.94
-          perl Makefile.PL
-          make
-          sudo make install
+      - name: Setup Perl environment
+        uses: shogo82148/actions-setup-perl@v1
+        with:
+          perl-version: '5.38.2'
 
       # SSL version 2.091 changes '' return to undef causing test case to fail.
       # Locking in the test version to use as 2.090
-      - name: Download and install IO::Socket::SSL 2.090 manually
+      - name: Install dependencies
         run: |
-          curl -LO https://www.cpan.org/modules/by-module/IO/IO-Socket-SSL-2.090.tar.gz
-          tar -xzf IO-Socket-SSL-2.090.tar.gz
-          cd IO-Socket-SSL-2.090
-          perl Makefile.PL
-          make
-          sudo make install
+          cpanm --notest Proc::Find Net::SSLeay@1.94 IO::Socket::SSL@2.090
 
       - name: Checkout wolfssl-nginx
         uses: actions/checkout@v4
@@ -211,37 +240,31 @@ jobs:
         run: |
           echo "nginx_c_flags=-O0" >> $GITHUB_ENV
 
-      - name: workaround high-entropy ASLR
-        # not needed after either an update to llvm or runner is done
-        run: sudo sysctl vm.mmap_rnd_bits=28
-
       - name: Build nginx with sanitizer
         working-directory: nginx
         run: |
           ./auto/configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --with-http_ssl_module \
             --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module \
             --with-http_v2_module --with-mail --with-mail_ssl_module \
-            --with-cc-opt='-fsanitize=address -DNGX_DEBUG_PALLOC=1 -g3 ${{ env.nginx_c_flags }}' \
+            --with-cc-opt='-fsanitize=address -DNGX_DEBUG_PALLOC=1 -g3 \
+            ${{ env.nginx_c_flags }}' \
             --with-ld-opt='-fsanitize=address ${{ env.nginx_c_flags }}'
           make -j
 
       - name: Confirm nginx built with wolfSSL
         working-directory: nginx
         run: ldd objs/nginx | grep wolfssl
 
-      - if: ${{ runner.debug }}
-        name: Run nginx-tests with sanitizer (debug)
+      - name: Create LSAN suppression file
         working-directory: nginx-tests
         run: |
-          LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
-          TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_VERBOSE=y TEST_NGINX_CATLOG=y \
-          TEST_NGINX_BINARY=../nginx/objs/nginx prove -v ${{ matrix.sanitize-ok }}
+          echo "leak:ngx_worker_process_init" > lsan.supp
 
       - if: ${{ !runner.debug }}
         name: Run nginx-tests with sanitizer
         working-directory: nginx-tests
         run: |
           LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \
+            LSAN_OPTIONS=suppressions=$GITHUB_WORKSPACE/nginx-tests/lsan.supp \
             TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \
             prove ${{ matrix.sanitize-ok }}
-

.wolfssl_known_macro_extras

@@ -220,6 +220,7 @@ ENABLED_BSDKM_REGISTER
 ENABLE_SECURE_SOCKETS_LOGS
 ESP32
 ESP8266
+ESPIPE
 ESP_ENABLE_WOLFSSH
 ESP_IDF_VERSION
 ESP_IDF_VERSION_MAJOR
@@ -367,6 +368,7 @@ NO_ASM
 NO_ASN_OLD_TYPE_NAMES
 NO_CAMELLIA_CBC
 NO_CERT
+NO_CERT_IN_TICKET
 NO_CIPHER_SUITE_ALIASES
 NO_CLIENT_CACHE
 NO_CLOCK_SPEEDUP

configure.ac

@@ -2743,7 +2743,8 @@ if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || \
    test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes" || \
    test "$ENABLED_KRB" = "yes" || test "$ENABLED_CHRONY" = "yes" || \
    test "$ENABLED_FFMPEG" = "yes" || test "$ENABLED_STRONGSWAN" = "yes" || \
-   test "$ENABLED_OPENLDAP" = "yes" || test "x$ENABLED_MOSQUITTO" = "xyes" || test "$ENABLED_HITCH" = "yes"
+   test "$ENABLED_OPENLDAP" = "yes" || test "x$ENABLED_MOSQUITTO" = "xyes" || \
+   test "$ENABLED_HITCH" = "yes" || test "$ENABLED_NGINX" = "yes"
 then
     ENABLED_OPENSSLALL="yes"
 fi

src/bio.c

@@ -1938,6 +1938,8 @@ int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio)
             len = BAD_FUNC_ARG;
         if (len == 0) {
             len = wolfssl_file_len(file, &memSz);
+            if (len == WC_NO_ERR_TRACE(WOLFSSL_BAD_FILETYPE))
+                len = 0;
         }
         if (len == 0) {
             len = (int)memSz;

src/crl.c

@@ -1369,6 +1369,28 @@ WOLFSSL_X509_CRL* wolfSSL_X509_CRL_dup(const WOLFSSL_X509_CRL* crl)
     return ret;
 }
 
+#ifdef OPENSSL_ALL
+int wolfSSL_X509_CRL_up_ref(WOLFSSL_X509_CRL* crl)
+{
+    int ret;
+
+    if (crl == NULL)
+        return WOLFSSL_FAILURE;
+
+    wolfSSL_RefInc(&crl->ref, &ret);
+#ifdef WOLFSSL_REFCNT_ERROR_RETURN
+    if (ret != 0) {
+        WOLFSSL_MSG("Failed to lock x509 mutex");
+        return WOLFSSL_FAILURE;
+    }
+#else
+    (void)ret;
+#endif
+
+    return WOLFSSL_SUCCESS;
+}
+#endif
+
 /* returns WOLFSSL_SUCCESS on success. Does not take ownership of newcrl */
 int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newcrl)
 {

src/dtls.c

@@ -403,8 +403,9 @@ static int TlsTicketIsValid(const WOLFSSL* ssl, WolfSSL_ConstVector exts,
         if (!IsAtLeastTLSv1_3(it->pv))
             *resume = TRUE;
     }
-    if (it != NULL)
-        ForceZero(it, sizeof(InternalTicket));
+    /* `it` points into tempTicket on successful decryption so clearing it will
+     * also satisfy the WOLFSSL_CHECK_MEM_ZERO check. */
+    ForceZero(tempTicket, SESSION_TICKET_LEN);
     return 0;
 }
 #endif /* HAVE_SESSION_TICKET */