diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2011-07-01 14:39:13 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2011-10-22 11:44:36 +0200 |
commit | fceecbab9ddd58ccec28aeafa7be39c65f313458 (patch) | |
tree | e8f261d594931caa3587f77d122e6be547f27326 /ssl_openssl.c | |
parent | a4da1fe776b774670948f00898d370da614960f5 (diff) | |
download | openvpn-fceecbab9ddd58ccec28aeafa7be39c65f313458.tar.gz openvpn-fceecbab9ddd58ccec28aeafa7be39c65f313458.tar.xz openvpn-fceecbab9ddd58ccec28aeafa7be39c65f313458.zip |
Final cleanup before PolarSSL addition:
- Remove stray X509 entries
- Remove unnecessary USE_OPENSSL ifdefs
- Normalised x509_get_sha1_hash to look similar to x509_get_* functions
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'ssl_openssl.c')
-rw-r--r-- | ssl_openssl.c | 76 |
1 files changed, 34 insertions, 42 deletions
diff --git a/ssl_openssl.c b/ssl_openssl.c index ca3f01d..35f9b14 100644 --- a/ssl_openssl.c +++ b/ssl_openssl.c @@ -809,7 +809,41 @@ tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file, msg (M_SSLERR, "Cannot load CA certificate file %s (SSL_load_client_CA_file)", ca_file); SSL_CTX_set_client_CA_list (ctx->ctx, cert_names); } +} + +void +tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file +#if ENABLE_INLINE_FILES + , const char *extra_certs_file_inline +#endif + ) +{ + BIO *bio; + X509 *cert; +#if ENABLE_INLINE_FILES + if (!strcmp (extra_certs_file, INLINE_FILE_TAG) && extra_certs_file_inline) + { + bio = BIO_new_mem_buf ((char *)extra_certs_file_inline, -1); + } + else +#endif + { + bio = BIO_new(BIO_s_file()); + if (BIO_read_filename(bio, extra_certs_file) <= 0) + msg (M_SSLERR, "Cannot load extra-certs file: %s", extra_certs_file); + } + for (;;) + { + cert = NULL; + if (!PEM_read_bio_X509 (bio, &cert, 0, NULL)) /* takes ownership of cert */ + break; + if (!cert) + msg (M_SSLERR, "Error reading extra-certs certificate"); + if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1) + msg (M_SSLERR, "Error adding extra-certs certificate"); + } + BIO_free (bio); } /* ************************************** @@ -1099,11 +1133,9 @@ key_state_write_plaintext_const (struct key_state_ssl *ks_ssl, const uint8_t *da int ret = 0; perf_push (PERF_BIO_WRITE_PLAINTEXT); -#ifdef USE_OPENSSL ASSERT (NULL != ks_ssl); ret = bio_write (ks_ssl->ssl_bio, data, len, "tls_write_plaintext_const"); -#endif /* USE_OPENSSL */ perf_pop (); return ret; @@ -1116,11 +1148,9 @@ key_state_read_ciphertext (struct key_state_ssl *ks_ssl, struct buffer *buf, int ret = 0; perf_push (PERF_BIO_READ_CIPHERTEXT); -#ifdef USE_OPENSSL ASSERT (NULL != ks_ssl); ret = bio_read (ks_ssl->ct_out, buf, maxlen, "tls_read_ciphertext"); -#endif /* USE_OPENSSL */ perf_pop (); return ret; @@ -1132,12 +1162,10 @@ key_state_write_ciphertext (struct key_state_ssl *ks_ssl, struct buffer *buf) int ret = 0; perf_push (PERF_BIO_WRITE_CIPHERTEXT); -#ifdef USE_OPENSSL ASSERT (NULL != ks_ssl); ret = bio_write (ks_ssl->ct_in, BPTR(buf), BLEN(buf), "tls_write_ciphertext"); bio_write_post (ret, buf); -#endif /* USE_OPENSSL */ perf_pop (); return ret; @@ -1150,11 +1178,9 @@ key_state_read_plaintext (struct key_state_ssl *ks_ssl, struct buffer *buf, int ret = 0; perf_push (PERF_BIO_READ_PLAINTEXT); -#ifdef USE_OPENSSL ASSERT (NULL != ks_ssl); ret = bio_read (ks_ssl->ssl_bio, buf, maxlen, "tls_read_plaintext"); -#endif /* USE_OPENSSL */ perf_pop (); return ret; @@ -1210,40 +1236,6 @@ print_details (struct key_state_ssl * ks_ssl, const char *prefix) } void -tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file -#if ENABLE_INLINE_FILES - , const char *extra_certs_file_inline -#endif - ) -{ - BIO *bio; - X509 *cert; -#if ENABLE_INLINE_FILES - if (!strcmp (extra_certs_file, INLINE_FILE_TAG) && extra_certs_file_inline) - { - bio = BIO_new_mem_buf ((char *)extra_certs_file_inline, -1); - } - else -#endif - { - bio = BIO_new(BIO_s_file()); - if (BIO_read_filename(bio, extra_certs_file) <= 0) - msg (M_SSLERR, "Cannot load extra-certs file: %s", extra_certs_file); - } - for (;;) - { - cert = NULL; - if (!PEM_read_bio_X509 (bio, &cert, 0, NULL)) /* takes ownership of cert */ - break; - if (!cert) - msg (M_SSLERR, "Error reading extra-certs certificate"); - if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1) - msg (M_SSLERR, "Error adding extra-certs certificate"); - } - BIO_free (bio); -} - -void show_available_tls_ciphers () { SSL_CTX *ctx; |