int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
{
if (cert_file != NULL) {
- /*-
- SSL *ssl;
- X509 *x509;
- */
+ /*-
+ SSL *ssl;
+ X509 *x509;
+ */
if (SSL_CTX_use_certificate_file(ctx, cert_file,
SSL_FILETYPE_PEM) <= 0) {
return (0);
}
- /*-
- In theory this is no longer needed
- ssl=SSL_new(ctx);
- x509=SSL_get_certificate(ssl);
-
- if (x509 != NULL) {
- EVP_PKEY *pktmp;
- pktmp = X509_get_pubkey(x509);
- EVP_PKEY_copy_parameters(pktmp,
- SSL_get_privatekey(ssl));
- EVP_PKEY_free(pktmp);
- }
- SSL_free(ssl);
- */
+ /*-
+ In theory this is no longer needed
+ ssl=SSL_new(ctx);
+ x509=SSL_get_certificate(ssl);
+
+ if (x509 != NULL) {
+ EVP_PKEY *pktmp;
+ pktmp = X509_get_pubkey(x509);
+ EVP_PKEY_copy_parameters(pktmp,
+ SSL_get_privatekey(ssl));
+ EVP_PKEY_free(pktmp);
+ }
+ SSL_free(ssl);
+ */
/*
* If we are using DSA, we can copy the parameters from the private
if (ncurves <= 0)
return 1;
curves = OPENSSL_malloc(ncurves * sizeof(int));
+ if (!curves) {
+ BIO_puts(out, "Malloc error getting supported curves\n");
+ return 0;
+ }
SSL_get1_curves(s, curves);
+
BIO_puts(out, "Supported Elliptic Curves: ");
for (i = 0; i < ncurves; i++) {
if (i)
case EVP_PKEY_DH:
BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
break;
-#ifndef OPENSSL_NO_ECDH
+#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
{
EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
BIO_printf(bio, " ");
num = len;
-#if 0
- if (num > 16)
- num = 16;
-#endif
for (i = 0; i < num; i++) {
if (i % 16 == 0 && i > 0)
BIO_printf(bio, "\n ");
extname = "renegotiation info";
break;
-#ifdef TLSEXT_TYPE_opaque_prf_input
- case TLSEXT_TYPE_opaque_prf_input:
- extname = "opaque PRF input";
- break;
-#endif
#ifdef TLSEXT_TYPE_next_proto_neg
case TLSEXT_TYPE_next_proto_neg:
extname = "next protocol";
/* Initialize a random secret */
if (!cookie_initialized) {
- if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) {
+ if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
BIO_printf(bio_err, "error setting random cookie secret\n");
return 0;
}
print_chain_flags(bio_err, ssl, rv);
if (rv & CERT_PKEY_VALID) {
- SSL_use_certificate(ssl, exc->cert);
- SSL_use_PrivateKey(ssl, exc->key);
+ if (!SSL_use_certificate(ssl, exc->cert)
+ || !SSL_use_PrivateKey(ssl, exc->key)) {
+ return 0;
+ }
/*
* NB: we wouldn't normally do this as it is not efficient
* building chains on each connection better to cache the chain
while (exc) {
if (exc->cert)
X509_free(exc->cert);
- if (exc->key)
- EVP_PKEY_free(exc->key);
+ EVP_PKEY_free(exc->key);
if (exc->chain)
sk_X509_pop_free(exc->chain, X509_free);
curr = exc;
projects / openssl.git / blobdiff