diff options
| author | Adriaan de Jong <dejong@fox-it.com> | 2012-02-14 11:11:24 +0100 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2012-03-30 11:33:03 +0200 |
| commit | 00b973f8af85c3ea8fa3cef80eec55e8dc139b27 (patch) | |
| tree | 42ad20eb89be0436bee7a397f2269272a4799414 /src/openvpn/ssl_verify_openssl.c | |
| parent | 31444111839f0720d6173a71f66fa3a988bcf9fb (diff) | |
| download | openvpn-00b973f8af85c3ea8fa3cef80eec55e8dc139b27.tar.gz openvpn-00b973f8af85c3ea8fa3cef80eec55e8dc139b27.tar.xz openvpn-00b973f8af85c3ea8fa3cef80eec55e8dc139b27.zip | |
Migrated x509_get_subject to use of the garbage collector
This also cleans up a messy call in pkcs11.c to _openssl_get_subject, as discussed at FOSDEM.
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Acked-by: David Sommerseth <davids@redhat.com>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'src/openvpn/ssl_verify_openssl.c')
| -rw-r--r-- | src/openvpn/ssl_verify_openssl.c | 35 |
1 files changed, 11 insertions, 24 deletions
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c index 1ccfc60..f5fe17a 100644 --- a/src/openvpn/ssl_verify_openssl.c +++ b/src/openvpn/ssl_verify_openssl.c @@ -48,6 +48,7 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) { struct tls_session *session; SSL *ssl; + struct gc_arena gc = gc_new(); unsigned char *sha1_hash = NULL; /* get the tls_session pointer */ @@ -64,7 +65,7 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) if (!preverify_ok) { /* get the X509 name */ - char *subject = x509_get_subject(ctx->current_cert); + char *subject = x509_get_subject(ctx->current_cert, &gc); if (subject) { @@ -73,16 +74,18 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) ctx->error_depth, X509_verify_cert_error_string (ctx->error), subject); - x509_free_subject(subject); } ERR_clear_error(); + gc_free(&gc); session->verified = false; return 0; } + gc_free(&gc); + if (SUCCESS == verify_cert(session, ctx->current_cert, ctx->error_depth)) return 1; return 0; @@ -253,12 +256,12 @@ x509_free_sha1_hash (unsigned char *hash) } char * -_openssl_get_subject (X509 *cert, char *buf, int size) +x509_get_subject (X509 *cert, struct gc_arena *gc) { BIO *subject_bio = NULL; BUF_MEM *subject_mem; - char *subject = buf; - int maxlen = size; + char *subject = NULL; + int maxlen = 0; subject_bio = BIO_new (BIO_s_mem ()); if (subject_bio == NULL) @@ -272,12 +275,9 @@ _openssl_get_subject (X509 *cert, char *buf, int size) goto err; BIO_get_mem_ptr (subject_bio, &subject_mem); - if (subject == NULL) - { - maxlen = subject_mem->length + 1; - subject = malloc (maxlen); - check_malloc_return (subject); - } + + maxlen = subject_mem->length + 1; + subject = gc_malloc (maxlen, false, gc); memcpy (subject, subject_mem->data, maxlen); subject[maxlen - 1] = '\0'; @@ -289,19 +289,6 @@ err: return subject; } -char * -x509_get_subject (X509 *cert) -{ - return _openssl_get_subject (cert, NULL, 0); -} - -void -x509_free_subject (char *subject) -{ - if (subject) - free(subject); -} - #ifdef ENABLE_X509_TRACK |