SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- if (!X509v3_cache_extensions(x, ssl->ctx->libctx, ssl->ctx->propq)) {
- SSLerr(0, ERR_LIB_X509);
- return 0;
- }
+
rv = ssl_security_cert(ssl, NULL, x, 0, 1);
if (rv != 1) {
SSLerr(SSL_F_SSL_USE_CERTIFICATE, rv);
int j;
BIO *in;
int ret = 0;
- X509 *x = NULL;
+ X509 *cert = NULL, *x = NULL;
in = BIO_new(BIO_s_file());
if (in == NULL) {
SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
goto end;
}
+
+ if (type != SSL_FILETYPE_ASN1 && type != SSL_FILETYPE_PEM) {
+ SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
+ goto end;
+ }
+ x = X509_new_with_libctx(ssl->ctx->libctx, ssl->ctx->propq);
+ if (x == NULL) {
+ SSLerr(0, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
if (type == SSL_FILETYPE_ASN1) {
j = ERR_R_ASN1_LIB;
- x = d2i_X509_bio(in, NULL);
+ cert = d2i_X509_bio(in, &x);
} else if (type == SSL_FILETYPE_PEM) {
j = ERR_R_PEM_LIB;
- x = PEM_read_bio_X509(in, NULL, ssl->default_passwd_callback,
- ssl->default_passwd_callback_userdata);
+ cert = PEM_read_bio_X509(in, &x, ssl->default_passwd_callback,
+ ssl->default_passwd_callback_userdata);
} else {
SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
goto end;
}
- if (x == NULL) {
+ if (cert == NULL) {
SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
goto end;
}
X509 *x;
int ret;
- x = d2i_X509(NULL, &d, (long)len);
+ x = X509_new_with_libctx(ssl->ctx->libctx, ssl->ctx->propq);
if (x == NULL) {
+ SSLerr(0, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ if (d2i_X509(&x, &d, (long)len)== NULL) {
+ X509_free(x);
SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
return 0;
}
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
- if (!X509v3_cache_extensions(x, ctx->libctx, ctx->propq)) {
- SSLerr(0, ERR_LIB_X509);
- return 0;
- }
+
rv = ssl_security_cert(NULL, ctx, x, 0, 1);
if (rv != 1) {
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv);
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
{
- int j;
+ int j = SSL_R_BAD_VALUE;
BIO *in;
int ret = 0;
- X509 *x = NULL;
+ X509 *x = NULL, *cert = NULL;
in = BIO_new(BIO_s_file());
if (in == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
goto end;
}
+ if (type != SSL_FILETYPE_ASN1 && type != SSL_FILETYPE_PEM) {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
+ goto end;
+ }
+ x = X509_new_with_libctx(ctx->libctx, ctx->propq);
+ if (x == NULL) {
+ SSLerr(0, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
if (type == SSL_FILETYPE_ASN1) {
j = ERR_R_ASN1_LIB;
- x = d2i_X509_bio(in, NULL);
+ cert = d2i_X509_bio(in, &x);
} else if (type == SSL_FILETYPE_PEM) {
j = ERR_R_PEM_LIB;
- x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
- ctx->default_passwd_callback_userdata);
- } else {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
- goto end;
+ cert = PEM_read_bio_X509(in, &x, ctx->default_passwd_callback,
+ ctx->default_passwd_callback_userdata);
}
-
- if (x == NULL) {
+ if (cert == NULL) {
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
goto end;
}
X509 *x;
int ret;
- x = d2i_X509(NULL, &d, (long)len);
+ x = X509_new_with_libctx(ctx->libctx, ctx->propq);
if (x == NULL) {
+ SSLerr(0, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ if (d2i_X509(&x, &d, (long)len) == NULL) {
+ X509_free(x);
SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
return 0;
}
X509 *x = NULL;
pem_password_cb *passwd_callback;
void *passwd_callback_userdata;
+ SSL_CTX *real_ctx = (ssl == NULL) ? ctx : ssl->ctx;
ERR_clear_error(); /* clear error stack for
* SSL_CTX_use_certificate() */
goto end;
}
- x = PEM_read_bio_X509_AUX(in, NULL, passwd_callback,
- passwd_callback_userdata);
+ x = X509_new_with_libctx(real_ctx->libctx, real_ctx->propq);
if (x == NULL) {
+ SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+ if (PEM_read_bio_X509_AUX(in, &x, passwd_callback,
+ passwd_callback_userdata) == NULL) {
SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
goto end;
}
goto end;
}
- while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback,
- passwd_callback_userdata))
- != NULL) {
- if (ctx)
- r = SSL_CTX_add0_chain_cert(ctx, ca);
- else
- r = SSL_add0_chain_cert(ssl, ca);
- /*
- * Note that we must not free ca if it was successfully added to
- * the chain (while we must free the main certificate, since its
- * reference count is increased by SSL_CTX_use_certificate).
- */
- if (!r) {
- X509_free(ca);
- ret = 0;
+ while (1) {
+ ca = X509_new_with_libctx(real_ctx->libctx, real_ctx->propq);
+ if (ca == NULL) {
+ SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_MALLOC_FAILURE);
goto end;
}
+ if (PEM_read_bio_X509(in, &ca, passwd_callback,
+ passwd_callback_userdata) != NULL) {
+ if (ctx)
+ r = SSL_CTX_add0_chain_cert(ctx, ca);
+ else
+ r = SSL_add0_chain_cert(ssl, ca);
+ /*
+ * Note that we must not free ca if it was successfully added to
+ * the chain (while we must free the main certificate, since its
+ * reference count is increased by SSL_CTX_use_certificate).
+ */
+ if (!r) {
+ X509_free(ca);
+ ret = 0;
+ goto end;
+ }
+ } else {
+ X509_free(ca);
+ break;
+ }
}
/* When the while loop ends, it's usually just EOF. */
err = ERR_peek_last_error();
int j;
int rv;
CERT *c = ssl != NULL ? ssl->cert : ctx->cert;
- SSL_CTX *actualctx = ssl == NULL ? ctx : ssl->ctx;
STACK_OF(X509) *dup_chain = NULL;
EVP_PKEY *pubkey = NULL;
- if (!X509v3_cache_extensions(x509, actualctx->libctx, actualctx->propq)) {
- SSLerr(0, ERR_R_X509_LIB);
- goto out;
- }
-
/* Do all security checks before anything else */
rv = ssl_security_cert(ssl, ctx, x509, 0, 1);
if (rv != 1) {
projects / openssl.git / blobdiff