From fceecbab9ddd58ccec28aeafa7be39c65f313458 Mon Sep 17 00:00:00 2001 From: Adriaan de Jong Date: Fri, 1 Jul 2011 14:39:13 +0200 Subject: Final cleanup before PolarSSL addition: - Remove stray X509 entries - Remove unnecessary USE_OPENSSL ifdefs - Normalised x509_get_sha1_hash to look similar to x509_get_* functions Signed-off-by: Adriaan de Jong Acked-by: James Yonan Signed-off-by: David Sommerseth --- ssl_openssl.c | 76 ++++++++++++++++++++++++++--------------------------------- 1 file changed, 34 insertions(+), 42 deletions(-) (limited to 'ssl_openssl.c') diff --git a/ssl_openssl.c b/ssl_openssl.c index ca3f01d..35f9b14 100644 --- a/ssl_openssl.c +++ b/ssl_openssl.c @@ -809,7 +809,41 @@ tls_ctx_load_ca (struct tls_root_ctx *ctx, const char *ca_file, msg (M_SSLERR, "Cannot load CA certificate file %s (SSL_load_client_CA_file)", ca_file); SSL_CTX_set_client_CA_list (ctx->ctx, cert_names); } +} + +void +tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file +#if ENABLE_INLINE_FILES + , const char *extra_certs_file_inline +#endif + ) +{ + BIO *bio; + X509 *cert; +#if ENABLE_INLINE_FILES + if (!strcmp (extra_certs_file, INLINE_FILE_TAG) && extra_certs_file_inline) + { + bio = BIO_new_mem_buf ((char *)extra_certs_file_inline, -1); + } + else +#endif + { + bio = BIO_new(BIO_s_file()); + if (BIO_read_filename(bio, extra_certs_file) <= 0) + msg (M_SSLERR, "Cannot load extra-certs file: %s", extra_certs_file); + } + for (;;) + { + cert = NULL; + if (!PEM_read_bio_X509 (bio, &cert, 0, NULL)) /* takes ownership of cert */ + break; + if (!cert) + msg (M_SSLERR, "Error reading extra-certs certificate"); + if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1) + msg (M_SSLERR, "Error adding extra-certs certificate"); + } + BIO_free (bio); } /* ************************************** @@ -1099,11 +1133,9 @@ key_state_write_plaintext_const (struct key_state_ssl *ks_ssl, const uint8_t *da int ret = 0; perf_push (PERF_BIO_WRITE_PLAINTEXT); -#ifdef USE_OPENSSL ASSERT (NULL != ks_ssl); ret = bio_write (ks_ssl->ssl_bio, data, len, "tls_write_plaintext_const"); -#endif /* USE_OPENSSL */ perf_pop (); return ret; @@ -1116,11 +1148,9 @@ key_state_read_ciphertext (struct key_state_ssl *ks_ssl, struct buffer *buf, int ret = 0; perf_push (PERF_BIO_READ_CIPHERTEXT); -#ifdef USE_OPENSSL ASSERT (NULL != ks_ssl); ret = bio_read (ks_ssl->ct_out, buf, maxlen, "tls_read_ciphertext"); -#endif /* USE_OPENSSL */ perf_pop (); return ret; @@ -1132,12 +1162,10 @@ key_state_write_ciphertext (struct key_state_ssl *ks_ssl, struct buffer *buf) int ret = 0; perf_push (PERF_BIO_WRITE_CIPHERTEXT); -#ifdef USE_OPENSSL ASSERT (NULL != ks_ssl); ret = bio_write (ks_ssl->ct_in, BPTR(buf), BLEN(buf), "tls_write_ciphertext"); bio_write_post (ret, buf); -#endif /* USE_OPENSSL */ perf_pop (); return ret; @@ -1150,11 +1178,9 @@ key_state_read_plaintext (struct key_state_ssl *ks_ssl, struct buffer *buf, int ret = 0; perf_push (PERF_BIO_READ_PLAINTEXT); -#ifdef USE_OPENSSL ASSERT (NULL != ks_ssl); ret = bio_read (ks_ssl->ssl_bio, buf, maxlen, "tls_read_plaintext"); -#endif /* USE_OPENSSL */ perf_pop (); return ret; @@ -1209,40 +1235,6 @@ print_details (struct key_state_ssl * ks_ssl, const char *prefix) msg (D_HANDSHAKE, "%s%s", s1, s2); } -void -tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file -#if ENABLE_INLINE_FILES - , const char *extra_certs_file_inline -#endif - ) -{ - BIO *bio; - X509 *cert; -#if ENABLE_INLINE_FILES - if (!strcmp (extra_certs_file, INLINE_FILE_TAG) && extra_certs_file_inline) - { - bio = BIO_new_mem_buf ((char *)extra_certs_file_inline, -1); - } - else -#endif - { - bio = BIO_new(BIO_s_file()); - if (BIO_read_filename(bio, extra_certs_file) <= 0) - msg (M_SSLERR, "Cannot load extra-certs file: %s", extra_certs_file); - } - for (;;) - { - cert = NULL; - if (!PEM_read_bio_X509 (bio, &cert, 0, NULL)) /* takes ownership of cert */ - break; - if (!cert) - msg (M_SSLERR, "Error reading extra-certs certificate"); - if (SSL_CTX_add_extra_chain_cert(ctx->ctx, cert) != 1) - msg (M_SSLERR, "Error adding extra-certs certificate"); - } - BIO_free (bio); -} - void show_available_tls_ciphers () { -- cgit