diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2011-07-01 14:39:13 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2011-10-22 11:44:36 +0200 |
commit | fceecbab9ddd58ccec28aeafa7be39c65f313458 (patch) | |
tree | e8f261d594931caa3587f77d122e6be547f27326 /ssl_verify_openssl.c | |
parent | a4da1fe776b774670948f00898d370da614960f5 (diff) | |
download | openvpn-fceecbab9ddd58ccec28aeafa7be39c65f313458.tar.gz openvpn-fceecbab9ddd58ccec28aeafa7be39c65f313458.tar.xz openvpn-fceecbab9ddd58ccec28aeafa7be39c65f313458.zip |
Final cleanup before PolarSSL addition:
- Remove stray X509 entries
- Remove unnecessary USE_OPENSSL ifdefs
- Normalised x509_get_sha1_hash to look similar to x509_get_* functions
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'ssl_verify_openssl.c')
-rw-r--r-- | ssl_verify_openssl.c | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/ssl_verify_openssl.c b/ssl_verify_openssl.c index f6d27b1..1d32255 100644 --- a/ssl_verify_openssl.c +++ b/ssl_verify_openssl.c @@ -37,6 +37,7 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) { struct tls_session *session; SSL *ssl; + unsigned char *sha1_hash = NULL; /* get the tls_session pointer */ ssl = X509_STORE_CTX_get_ex_data (ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); @@ -44,14 +45,15 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) session = (struct tls_session *) SSL_get_ex_data (ssl, mydata_index); ASSERT (session); - cert_hash_remember (session, ctx->error_depth, ctx->current_cert->sha1_hash); + sha1_hash = x509_get_sha1_hash(ctx->current_cert); + cert_hash_remember (session, ctx->error_depth, sha1_hash); + x509_free_sha1_hash(sha1_hash); /* did peer present cert which was signed by our root cert? */ if (!preverify_ok) { /* get the X509 name */ - char *subject = X509_NAME_oneline ( - X509_get_subject_name (ctx->current_cert), NULL, 0); + char *subject = x509_get_serial(ctx->current_cert); if (subject) { @@ -60,7 +62,7 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) ctx->error_depth, X509_verify_cert_error_string (ctx->error), subject); - free (subject); + x509_free_subject(subject); } ERR_clear_error(); @@ -222,6 +224,21 @@ x509_free_serial (char *serial) OPENSSL_free(serial); } +unsigned char * +x509_get_sha1_hash (X509 *cert) +{ + char *hash = malloc(SHA_DIGEST_LENGTH); + memcpy(hash, cert->sha1_hash, SHA_DIGEST_LENGTH); + return cert->sha1_hash; +} + +void +x509_free_sha1_hash (unsigned char *hash) +{ + if (hash) + free(hash); +} + char * x509_get_subject (X509 *cert) { |