BIO_free(bio);
- if (pcerts) {
+ if (pcerts && *pcerts == NULL) {
*pcerts = sk_X509_new_null();
if (!*pcerts)
goto end;
}
- if (pcrls) {
+ if (pcrls && *pcrls == NULL) {
*pcrls = sk_X509_CRL_new_null();
if (!*pcrls)
goto end;
return vp;
}
-
-
-STACK_OF(X509) *load_certs(const char *file, int format,
- const char *pass, ENGINE *e, const char *desc)
+/*
+ * Initialize or extend, if *certs != NULL, a certificate stack.
+ */
+int load_certs(const char *file, STACK_OF(X509) **certs, int format,
+ const char *pass, ENGINE *e, const char *desc)
{
- STACK_OF(X509) *certs;
- if (!load_certs_crls(file, format, pass, e, desc, &certs, NULL))
- return NULL;
- return certs;
+ return load_certs_crls(file, format, pass, e, desc, certs, NULL);
}
-STACK_OF(X509_CRL) *load_crls(const char *file, int format,
- const char *pass, ENGINE *e, const char *desc)
+/*
+ * Initialize or extend, if *crls != NULL, a certificate stack.
+ */
+int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
+ const char *pass, ENGINE *e, const char *desc)
{
- STACK_OF(X509_CRL) *crls;
- if (!load_certs_crls(file, format, pass, e, desc, NULL, &crls))
- return NULL;
- return crls;
+ return load_certs_crls(file, format, pass, e, desc, NULL, crls);
}
#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
const char *pass, ENGINE *e, const char *key_descrip);
EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
-STACK_OF(X509) *load_certs(const char *file, int format,
- const char *pass, ENGINE *e,
- const char *cert_descrip);
-STACK_OF(X509_CRL) *load_crls(const char *file, int format,
- const char *pass, ENGINE *e,
- const char *cert_descrip);
+int load_certs(const char *file, STACK_OF(X509) **certs, int format,
+ const char *pass, ENGINE *e, const char *cert_descrip);
+int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
+ const char *pass, ENGINE *e, const char *cert_descrip);
X509_STORE *setup_verify(char *CAfile, char *CApath,
int noCAfile, int noCApath);
int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
}
if (certfile) {
- if ((other = load_certs(certfile, FORMAT_PEM, NULL, e,
- "certificate file")) == NULL) {
+ if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
+ "certificate file")) {
ERR_print_errors(bio_err);
goto end;
}
rca_cert = load_cert(rca_filename, FORMAT_PEM,
NULL, NULL, "CA certificate");
if (rcertfile) {
- rother = load_certs(rcertfile, FORMAT_PEM,
- NULL, NULL, "responder other certificates");
- if (!rother)
+ if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL, NULL,
+ "responder other certificates"))
goto end;
}
rkey = load_key(rkeyfile, FORMAT_PEM, 0, NULL, NULL,
goto end;
}
if (sign_certfile) {
- sign_other = load_certs(sign_certfile, FORMAT_PEM,
- NULL, NULL, "signer certificates");
- if (!sign_other)
+ if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL, NULL,
+ "signer certificates"))
goto end;
}
key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL,
if (vpmtouched)
X509_STORE_set1_param(store, vpm);
if (verify_certfile) {
- verify_other = load_certs(verify_certfile, FORMAT_PEM,
- NULL, NULL, "validator certificate");
- if (!verify_other)
+ if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL, NULL,
+ "validator certificate"))
goto end;
}
/* Load in all certs in input file */
if (!(options & NOCERTS)) {
- certs = load_certs(infile, FORMAT_PEM, NULL, e,
- "certificates");
- if (!certs)
+ if (!load_certs(infile, &certs, FORMAT_PEM, NULL, e,
+ "certificates"))
goto export_end;
if (key) {
/* Add any more certificates asked for */
if (certfile) {
- STACK_OF(X509) *morecerts = NULL;
- if ((morecerts = load_certs(certfile, FORMAT_PEM, NULL, e,
- "certificates from certfile")) == NULL)
+ if (!load_certs(certfile, &certs, FORMAT_PEM, NULL, e,
+ "certificates from certfile"))
goto export_end;
- while (sk_X509_num(morecerts) > 0)
- sk_X509_push(certs, sk_X509_shift(morecerts));
- sk_X509_free(morecerts);
}
/* If chaining get chain from user cert */
if (!exc->key)
return 0;
if (exc->chainfile) {
- exc->chain = load_certs(exc->chainfile, FORMAT_PEM,
- NULL, NULL, "Server Chain");
- if (!exc->chain)
+ if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL,
+ NULL, "Server Chain"))
return 0;
}
}
}
if (chain_file) {
- chain = load_certs(chain_file, FORMAT_PEM,
- NULL, e, "client certificate chain");
- if (!chain)
+ if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL, e,
+ "client certificate chain"))
goto end;
}
goto end;
}
if (s_chain_file) {
- s_chain = load_certs(s_chain_file, FORMAT_PEM,
- NULL, e, "server certificate chain");
- if (!s_chain)
+ if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, e,
+ "server certificate chain"))
goto end;
}
goto end;
}
if (s_dchain_file) {
- s_dchain = load_certs(s_dchain_file, FORMAT_PEM,
- NULL, e, "second server certificate chain");
- if (!s_dchain)
+ if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, e,
+ "second server certificate chain"))
goto end;
}
}
if (certfile) {
- if ((other = load_certs(certfile, FORMAT_PEM, NULL,
- e, "certificate file")) == NULL) {
+ if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
+ "certificate file")) {
ERR_print_errors(bio_err);
goto end;
}
ERR_clear_error();
if (untfile) {
- untrusted = load_certs(untfile, FORMAT_PEM,
- NULL, e, "untrusted certificates");
- if (!untrusted)
+ if (!load_certs(untfile, &untrusted, FORMAT_PEM, NULL, e,
+ "untrusted certificates"))
goto end;
}
if (trustfile) {
- trusted = load_certs(trustfile, FORMAT_PEM,
- NULL, e, "trusted certificates");
- if (!trusted)
+ if (!load_certs(trustfile, &trusted, FORMAT_PEM, NULL, e,
+ "trusted certificates"))
goto end;
}
if (crlfile) {
- crls = load_crls(crlfile, FORMAT_PEM, NULL, e, "other CRLs");
- if (!crls)
+ if (!load_crls(crlfile, &crls, FORMAT_PEM, NULL, e, "other CRLs"))
goto end;
}
projects / openssl.git / commitdiff