Introduce WOLFSSL_ASN_ALLOW_0_SERIAL

[gojimmypi]

Description

While working on wolfSSL "Certificate Bundles" in support of improved integration in the Espressif ESP-IDF, I noticed there are several certs in the (current default) mbedTLS bundle that do not have a serial number. For example the Go Daddy Class 2 CA.

By default, wolfSSL does not allow a missing serial number per RFC 5280 section 4.1.2.4. Although this could be resolved by enabling WOLFSSL_NO_ASN_STRICT, I did not want to completely disable all of the other strict ASN checking just because a few certs in a bundle many be missing a serial number.

This PR introduces WOLFSSL_ASN_ALLOW_0_SERIAL that regardless of having WOLFSSL_NO_ASN_STRICT or not, will allow a missing serial number.

Note that it must be a valid missing serial number: The length must be exactly one byte and the data is zero.

If there's a zero for the length and a zero for the data, this will still be considered to have always failed the ASN check regardless of WOLFSSL_NO_ASN_STRICT and/or WOLFSSL_ASN_ALLOW_0_SERIAL.

See my WIP ESP-IDF 5.2.2 branch and my esp_http_client_example for the WIP Certificate Bundle support.

Some minor spelling corrections also included.

Fixes zd#

Does not fix, but see related related tickets including 18469 and 18228.

Testing

How did you test?

Tested only in Espressif ESP32 environment.

Checklist

• added tests
• updated/added doxygen
• updated appropriate READMEs
• Updated manual and documentation

[douzzer]

retest this please