ret = SSL_use_certificate(ssl, x);
end:
- if (x != NULL)
- X509_free(x);
+ X509_free(x);
BIO_free(in);
return (ret);
}
}
}
- if (c->pkeys[i].privatekey != NULL)
- EVP_PKEY_free(c->pkeys[i].privatekey);
+ EVP_PKEY_free(c->pkeys[i].privatekey);
CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
c->pkeys[i].privatekey = pkey;
c->key = &(c->pkeys[i]);
-
- c->valid = 0;
return (1);
}
EVP_PKEY_free(pkey);
- if (c->pkeys[i].x509 != NULL)
- X509_free(c->pkeys[i].x509);
- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+ X509_free(c->pkeys[i].x509);
+ X509_up_ref(x);
c->pkeys[i].x509 = x;
c->key = &(c->pkeys[i]);
- c->valid = 0;
return (1);
}
ret = SSL_CTX_use_certificate(ctx, x);
end:
- if (x != NULL)
- X509_free(x);
+ X509_free(x);
BIO_free(in);
return (ret);
}
* followed by a sequence of CA certificates that should be sent to the peer
* in the Certificate message.
*/
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
+static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
{
BIO *in;
int ret = 0;
in = BIO_new(BIO_s_file_internal());
if (in == NULL) {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
+ SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
goto end;
}
if (BIO_read_filename(in, file) <= 0) {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
+ SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
goto end;
}
x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
ctx->default_passwd_callback_userdata);
if (x == NULL) {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
+ SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
goto end;
}
- ret = SSL_CTX_use_certificate(ctx, x);
+ if (ctx)
+ ret = SSL_CTX_use_certificate(ctx, x);
+ else
+ ret = SSL_use_certificate(ssl, x);
if (ERR_peek_error() != 0)
ret = 0; /* Key/certificate mismatch doesn't imply
int r;
unsigned long err;
- if(!SSL_CTX_clear_chain_certs(ctx)) {
+ if (ctx)
+ r = SSL_CTX_clear_chain_certs(ctx);
+ else
+ r = SSL_clear_chain_certs(ssl);
+
+ if (r == 0) {
ret = 0;
goto end;
}
ctx->default_passwd_callback,
ctx->default_passwd_callback_userdata))
!= NULL) {
- r = SSL_CTX_add0_chain_cert(ctx, ca);
+ if (ctx)
+ r = SSL_CTX_add0_chain_cert(ctx, ca);
+ else
+ r = SSL_add0_chain_cert(ssl, ca);
+ /*
+ * Note that we must not free ca if it was successfully added to
+ * the chain (while we must free the main certificate, since its
+ * reference count is increased by SSL_CTX_use_certificate).
+ */
if (!r) {
X509_free(ca);
ret = 0;
goto end;
}
- /*
- * Note that we must not free r if it was successfully added to
- * the chain (while we must free the main certificate, since its
- * reference count is increased by SSL_CTX_use_certificate).
- */
}
/* When the while loop ends, it's usually just EOF. */
err = ERR_peek_last_error();
}
end:
- if (x != NULL)
- X509_free(x);
+ X509_free(x);
BIO_free(in);
return (ret);
}
+
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
+{
+ return use_certificate_chain_file(ctx, NULL, file);
+}
+
+int SSL_use_certificate_chain_file(SSL *ssl, const char *file)
+{
+ return use_certificate_chain_file(NULL, ssl, file);
+}
#endif
-#ifndef OPENSSL_NO_TLSEXT
static int serverinfo_find_extension(const unsigned char *serverinfo,
size_t serverinfo_length,
unsigned int extension_type,
return 1;
}
-# ifndef OPENSSL_NO_STDIO
+#ifndef OPENSSL_NO_STDIO
int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
{
unsigned char *serverinfo = NULL;
BIO_free(bin);
return ret;
}
-# endif /* OPENSSL_NO_STDIO */
-#endif /* OPENSSL_NO_TLSEXT */
+#endif /* OPENSSL_NO_STDIO */
projects / openssl.git / blobdiff