Add support for certificate_authorities extension in ClientHello

[mattia-moffa]

Description

This adds support for the certificate_authorities TLS 1.3 extension in ClientHello, allowing clients to inform servers about the certificate authorities they support for server authentication. Also adds some Doxygen documentation for a few related previously undocumented functions.

Fixes zd#20401

Testing

./configure --enable-all && make check

Checklist

• added tests
• updated/added doxygen
• updated appropriate READMEs
• Updated manual and documentation

[devin-ai-integration]

🛟 Devin Lifeguard found 2 likely issues in this PR

• no-void-functions snippet: Change wolfSSL_CTX_set0_CA_list() (and the other newly-added void APIs) to return an int status code (e.g., 0 on success, negative on failure) so callers can detect and propagate errors.
• no-memory-leaks snippet snippet snippet snippet snippet: Verify whether each WOLFSSL_X509_NAME pushed onto the new ca_names / peer_ca_names stacks is eventually freed (e.g. change all wolfSSL_sk_X509_NAME_pop_free(..., NULL) calls to pass wolfSSL_X509_NAME_free or add a dedicated cleanup pass) to ensure the duplicated X509_NAME objects are released.

@mattia-moffa
please take a look at the above issues which Devin flagged. Devin will not fix these issues automatically.

[Copilot]

Pull Request Overview

This PR adds support for the certificate_authorities TLS 1.3 extension in ClientHello messages, enabling clients to inform servers about supported certificate authorities for server authentication. It also adds corresponding API functions and documentation for managing CA lists.

• Implements certificate_authorities extension support for TLS 1.3 ClientHello
• Adds new API functions for managing CA lists (*_set0_CA_list, *_get0_CA_list, *_get0_peer_CA_list)
• Includes comprehensive test coverage for both certificate request and client hello scenarios

Reviewed Changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
wolfssl/ssl.h	Adds new API function declarations for CA list management
wolfssl/openssl/ssl.h	Defines OpenSSL compatibility macros for new functions
wolfssl/internal.h	Updates internal macros and adds new CA list member variables
tests/api/test_tls_ext.h	Declares new test functions for certificate authorities extension
tests/api/test_tls_ext.c	Implements comprehensive tests for extension functionality
tests/api.c	Registers new test functions
src/tls13.c	Moves certificate callback invocation for better extension handling
src/tls.c	Updates extension handling to support client-side certificate authorities
src/ssl.c	Implements new CA list management functions
src/internal.c	Updates resource management and initialization for new CA list fields
doc/dox_comments/header_files/ssl.h	Adds detailed Doxygen documentation for new functions

Comments suppressed due to low confidence (2)

doc/dox_comments/header_files/ssl.h:1

• Fix the typo 'previosusly' to 'previously' on line 15326.

/*!

doc/dox_comments/header_files/ssl.h:1

• Fix the typo 'previosusly' to 'previously' on line 15429.

/*!

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[julek-wolfssl]

doc/dox_comments/header_files/ssl.h:1

* Fix the typo 'previosusly' to 'previously' on line 15326.

/*!

doc/dox_comments/header_files/ssl.h:1

* Fix the typo 'previosusly' to 'previously' on line 15429.

/*!

Copilot found this

[Copilot]

Pull Request Overview

Copilot reviewed 11 out of 11 changed files in this pull request and generated 2 comments.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[julek-wolfssl]

Retest this please StreamCorruptedException