Recognize Windows drive-letter paths as absolute, enable more tests

- Check for drive-letter (X:) and backslash (\) paths as absolute in
  ca -out handling, matching OpenSSL's ossl_is_absolute_path() logic
  with #ifdef _WIN32 guard
- Add Windows-specific tests for drive-letter and backslash absolute
  paths in TestCAOutdirPath
- Enable WOLFSSL_DUAL_ALG_CERTS for chimera/altextend CA tests
- Fix MSVC VLA error: use #define for LARGE_TEMP_SZ instead of
  const int (MSVC requires compile-time constant for array sizes)
- Replace CSR attributes test: use new attributes-supported-csr.pem
  with only wolfSSL-supported attributes (challengePassword,
  unstructuredName), add test asserting unsupported attributes fail

Author: julek-wolfssl

certs/attributes-supported-csr.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIC0TCCAbkCAQAwVzELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAO
+BgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEjAQBgNVBAMMCWF0dHJf
+dGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfS
+RUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yr
+ZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOu
+AKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsv
+IbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKW
+gDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf
+2dBPrdcCAwEAAaA1MBYGCSqGSIb3DQEJBzEJDAd0ZXN0MTIzMBsGCSqGSIb3DQEJ
+AjEODAx3b2xmU1NMX3Rlc3QwDQYJKoZIhvcNAQELBQADggEBAHpkAc/Kr2gZ3KwX
+L0Rm8eTlEYIydRcWDRmrqNedMnZ4jZnQxjq6oOBGIYaafi+HfmZaEVqziwhSsR/H
+n9lu6t6k9biD17SyLIh9oDaDB3QXCyUTgzZN8FvuRz3cTTDiZL0gCIR948bitS3F
+PPW10W8Z4wir50eUPmt4mlVciIm+BCU4uDr1cUNdbWC3M+4KCh3m3vASgzba76Ya
+y4akoukLPsbdz2ub0x9A1i3x1lao+HQ7JjFNo9pDsty9gmDgrOOfusm9f6AGV4c7
+n5fsDxCKeHvPHofgZUGvqTsSECM15U2dcJQJcUNV0qslIK9r9ewpJa6tfTWk/EL8
++JTPLho=
+-----END CERTIFICATE REQUEST-----

ide/winvs/user_settings.h

@@ -34,6 +34,8 @@
 #define WOLFSSL_SHAKE256
 #define HAVE_DILITHIUM
 #define WOLFSSL_WC_DILITHIUM
+#define WOLFSSL_EXPERIMENTAL_SETTINGS
+#define WOLFSSL_DUAL_ALG_CERTS
 
 #define HAVE_TLS_EXTENSIONS
 #define HAVE_SNI

src/x509/clu_x509_sign.c

@@ -257,12 +257,12 @@ int wolfCLU_GenChimeraCertSign(WOLFSSL_BIO *bioCaKey, WOLFSSL_BIO *bioAltCaKey,
     const char *altSigAlgOid        = "2.5.29.73";
     const char *altSigValOid        = "2.5.29.74";
 
-    /* 
-     * LARGE_TEMO_SZ defines the size of temporary buffers used for signature key,
+    /*
+     * LARGE_TEMP_SZ defines the size of temporary buffers used for signature key,
      * verification key and signature value buffers.
      * The value 11264 is enough for P-521 and ML-DSA-87 PEM certs.
     */
-    const int LARGE_TEMP_SZ = 11264;
+    #define LARGE_TEMP_SZ 11264
     byte caKeyBuf[LARGE_TEMP_SZ];
     int  caKeySz   = LARGE_TEMP_SZ;
     byte altCaKeyBuf[LARGE_TEMP_SZ];
@@ -1045,8 +1045,13 @@ int wolfCLU_CertSignAppendOut(WOLFCLU_CERT_SIGN* csign, char* out)
     if (ret == WOLFCLU_SUCCESS && csign->outDir != NULL && out != NULL) {
         int currentSz = (int)XSTRLEN(csign->outDir);
 
-        /* If out is an absolute path, use it directly instead of appending */
-        if (out[0] == '/') {
+        /* If out is an absolute path, use it directly instead of appending.
+         * Matches OpenSSL's ossl_is_absolute_path() behaviour. */
+        if (out[0] == '/'
+#ifdef _WIN32
+                || out[0] == '\\' || (out[0] != '\0' && out[1] == ':')
+#endif
+                ) {
             s = (char*)XMALLOC(outSz + 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
             if (s == NULL) {
                 ret = MEMORY_E;

tests/x509/x509-ca-test.py

@@ -749,8 +749,6 @@ def setUp(self):
     def tearDown(self):
         _cleanup(self.conf, self.csr, _tmp("index.txt"), self.outdir)
 
-    @unittest.skipIf(sys.platform == "win32",
-                      "wolfSSL does not recognize drive-letter paths as absolute")
     def test_absolute_out_path(self):
         """Absolute -out path should override new_certs_dir."""
         abs_out = (self.outdir + "/absolute-out.pem")
@@ -765,6 +763,34 @@ def test_absolute_out_path(self):
         # The file at the absolute location is the correct one;
         # just verify it was created (already checked above).
 
+    @unittest.skipUnless(sys.platform == "win32", "Windows drive-letter test")
+    def test_absolute_drive_letter_out_path(self):
+        """On Windows, drive-letter paths (C:\\...) are treated as absolute."""
+        import tempfile
+        abs_out = os.path.join(tempfile.gettempdir(),
+                               "wolfclu_test_abs.pem").replace("\\", "/")
+        self.addCleanup(lambda: _cleanup(abs_out))
+
+        r = run_wolfssl("ca", "-config", self.conf,
+                        "-in", self.csr, "-out", abs_out)
+        self.assertEqual(r.returncode, 0, r.stderr)
+        self.assertTrue(os.path.isfile(abs_out),
+                        "File not found at {}".format(abs_out))
+
+    @unittest.skipUnless(sys.platform == "win32", "Windows backslash test")
+    def test_absolute_backslash_out_path(self):
+        """On Windows, backslash paths (\\\\...) are treated as absolute."""
+        import tempfile
+        abs_out = os.path.join(tempfile.gettempdir(),
+                               "wolfclu_test_abs_bs.pem")
+        self.addCleanup(lambda: _cleanup(abs_out))
+
+        r = run_wolfssl("ca", "-config", self.conf,
+                        "-in", self.csr, "-out", abs_out)
+        self.assertEqual(r.returncode, 0, r.stderr)
+        self.assertTrue(os.path.isfile(abs_out),
+                        "File not found at {}".format(abs_out))
+
     def test_relative_out_path(self):
         """Relative -out path should be appended to new_certs_dir."""
         _cleanup(_tmp("index.txt"))

tests/x509/x509-req-test.py

@@ -654,26 +654,30 @@ def test_long_country_code_fails(self):
 class TestReqCSRAttributes(unittest.TestCase):
     """Test CSR attribute printing."""
 
-    def test_attributes_csr(self):
-        """req -text on attributes-csr.pem shows expected attributes."""
-        csr_path = os.path.join(CERTS_DIR, "attributes-csr.pem")
+    def test_supported_attributes(self):
+        """req -text on a CSR with supported attributes shows them."""
+        csr_path = os.path.join(CERTS_DIR, "attributes-supported-csr.pem")
         if not os.path.isfile(csr_path):
-            self.skipTest("attributes-csr.pem not available")
+            self.skipTest("attributes-supported-csr.pem not available")
 
         r = run_wolfssl("req", "-text", "-noout", "-in", csr_path)
-        if r.returncode != 0:
-            self.skipTest("wolfSSL version does not support CSR attributes")
+        self.assertEqual(r.returncode, 0, r.stderr)
 
         output = r.stdout
-        self.assertIn("initials", output)
-        self.assertIn("abc", output)
-        self.assertIn("dnQualifier", output)
-        self.assertIn("dn", output)
         self.assertIn("challengePassword", output)
-        self.assertIn("test", output)
-        self.assertIn("givenName", output)
-        self.assertIn("Given Name", output)
-        self.assertIn("surname", output)
+        self.assertIn("test123", output)
+        self.assertIn("unstructuredName", output)
+        self.assertIn("wolfSSL_test", output)
+
+    def test_unsupported_attributes_fail(self):
+        """req -text on a CSR with unsupported attributes should fail."""
+        csr_path = os.path.join(CERTS_DIR, "attributes-csr.pem")
+        if not os.path.isfile(csr_path):
+            self.skipTest("attributes-csr.pem not available")
+
+        r = run_wolfssl("req", "-text", "-noout", "-in", csr_path)
+        self.assertNotEqual(r.returncode, 0,
+                            "CSR with unsupported attributes should fail")
 
 
 class TestReqCSRVersion(unittest.TestCase):