Final cleanup before PolarSSL addition:

- Remove stray X509 entries - Remove unnecessary USE_OPENSSL ifdefs - Normalised x509_get_sha1_hash to look similar to x509_get_* functions Signed-off-by: Adriaan de Jong <dejong@fox-it.com> Acked-by: James Yonan <james@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
author: Adriaan de Jong <dejong@fox-it.com> 2011-07-01 14:39:13 +0200
committer: David Sommerseth <davids@redhat.com> 2011-10-22 11:44:36 +0200
commit: fceecbab9ddd58ccec28aeafa7be39c65f313458 (patch)
tree: e8f261d594931caa3587f77d122e6be547f27326 /ssl_openssl.c
parent: a4da1fe776b774670948f00898d370da614960f5 (diff)
download: openvpn-fceecbab9ddd58ccec28aeafa7be39c65f313458.tar.gz
openvpn-fceecbab9ddd58ccec28aeafa7be39c65f313458.tar.xz
openvpn-fceecbab9ddd58ccec28aeafa7be39c65f313458.zip
1 files changed, 34 insertions, 42 deletions
diff --git a/ssl_openssl.c b/ssl_openssl.c
index ca3f01d..35f9b14 100644
--- a/ssl_openssl.c
+++ b/ssl_openssl.c
@@ -809,7 +809,41 @@ tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file,
       msg (M_SSLERR, "Cannot load CA certificate file %s (SSL_load_client_CA_file)", ca_file);
     SSL_CTX_set_client_CA_list (ctx->ctx, cert_names);
   }
+}
+
 
+void
+tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file
+#if ENABLE_INLINE_FILES
+    , const char *extra_certs_file_inline
+#endif
+    )
+{
+  BIO *bio;
+  X509 *cert;
+#if ENABLE_INLINE_FILES
+  if (!strcmp (extra_certs_file, INLINE_FILE_TAG) && extra_certs_file_inline)
+    {
+      bio = BIO_new_mem_buf ((char *)extra_certs_file_inline, -1);
+    }
+  else
+#endif
+    {
+      bio = BIO_new(BIO_s_file());
+      if (BIO_read_filename(bio, extra_certs_file) <= 0)
+	msg (M_SSLERR, "Cannot load extra-certs file: %s", extra_certs_file);
+    }
+  for (;;)
+    {
+      cert = NULL;
+      if (!PEM_read_bio_X509 (bio, &cert, 0, NULL)) /* takes ownership of cert */
+	break;
+      if (!cert)
+	msg (M_SSLERR, "Error reading extra-certs certificate");
+      if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1)
+	msg (M_SSLERR, "Error adding extra-certs certificate");
+    }
+  BIO_free (bio);
 }
 
 /* **************************************
@@ -1099,11 +1133,9 @@ key_state_write_plaintext_const (struct key_state_ssl *ks_ssl, const uint8_t *da
   int ret = 0;
   perf_push (PERF_BIO_WRITE_PLAINTEXT);
 
-#ifdef USE_OPENSSL
   ASSERT (NULL != ks_ssl);
 
   ret = bio_write (ks_ssl->ssl_bio, data, len, "tls_write_plaintext_const");
-#endif /* USE_OPENSSL */
 
   perf_pop ();
   return ret;
@@ -1116,11 +1148,9 @@ key_state_read_ciphertext (struct key_state_ssl *ks_ssl, struct buffer *buf,
   int ret = 0;
   perf_push (PERF_BIO_READ_CIPHERTEXT);
 
-#ifdef USE_OPENSSL
   ASSERT (NULL != ks_ssl);
 
   ret = bio_read (ks_ssl->ct_out, buf, maxlen, "tls_read_ciphertext");
-#endif /* USE_OPENSSL */
 
   perf_pop ();
   return ret;
@@ -1132,12 +1162,10 @@ key_state_write_ciphertext (struct key_state_ssl *ks_ssl, struct buffer *buf)
   int ret = 0;
   perf_push (PERF_BIO_WRITE_CIPHERTEXT);
 
-#ifdef USE_OPENSSL
   ASSERT (NULL != ks_ssl);
 
   ret = bio_write (ks_ssl->ct_in, BPTR(buf), BLEN(buf), "tls_write_ciphertext");
   bio_write_post (ret, buf);
-#endif /* USE_OPENSSL */
 
   perf_pop ();
   return ret;
@@ -1150,11 +1178,9 @@ key_state_read_plaintext (struct key_state_ssl *ks_ssl, struct buffer *buf,
   int ret = 0;
   perf_push (PERF_BIO_READ_PLAINTEXT);
 
-#ifdef USE_OPENSSL
   ASSERT (NULL != ks_ssl);
 
   ret = bio_read (ks_ssl->ssl_bio, buf, maxlen, "tls_read_plaintext");
-#endif /* USE_OPENSSL */
 
   perf_pop ();
   return ret;
@@ -1210,40 +1236,6 @@ print_details (struct key_state_ssl * ks_ssl, const char *prefix)
 }
 
 void
-tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file
-#if ENABLE_INLINE_FILES
-    , const char *extra_certs_file_inline
-#endif
-    )
-{
-  BIO *bio;
-  X509 *cert;
-#if ENABLE_INLINE_FILES
-  if (!strcmp (extra_certs_file, INLINE_FILE_TAG) && extra_certs_file_inline)
-    {
-      bio = BIO_new_mem_buf ((char *)extra_certs_file_inline, -1);
-    }
-  else
-#endif
-    {
-      bio = BIO_new(BIO_s_file());
-      if (BIO_read_filename(bio, extra_certs_file) <= 0)
-	msg (M_SSLERR, "Cannot load extra-certs file: %s", extra_certs_file);
-    }
-  for (;;)
-    {
-      cert = NULL;
-      if (!PEM_read_bio_X509 (bio, &cert, 0, NULL)) /* takes ownership of cert */
-	break;
-      if (!cert)
-	msg (M_SSLERR, "Error reading extra-certs certificate");
-      if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1)
-	msg (M_SSLERR, "Error adding extra-certs certificate");
-    }
-  BIO_free (bio);
-}
-
-void
 show_available_tls_ciphers ()
 {
   SSL_CTX *ctx;
author	Adriaan de Jong <dejong@fox-it.com>	2011-07-01 14:39:13 +0200
committer	David Sommerseth <davids@redhat.com>	2011-10-22 11:44:36 +0200
commit	fceecbab9ddd58ccec28aeafa7be39c65f313458 (patch)
tree	e8f261d594931caa3587f77d122e6be547f27326 /ssl_openssl.c
parent	a4da1fe776b774670948f00898d370da614960f5 (diff)
download	openvpn-fceecbab9ddd58ccec28aeafa7be39c65f313458.tar.gz openvpn-fceecbab9ddd58ccec28aeafa7be39c65f313458.tar.xz openvpn-fceecbab9ddd58ccec28aeafa7be39c65f313458.zip