diff options
| author | jsing <> | 2014-06-07 13:45:15 +0000 |
|---|---|---|
| committer | jsing <> | 2014-06-07 13:45:15 +0000 |
| commit | 6bd34dc88195096ae184029fa07575cb968e00c8 (patch) | |
| tree | 26ff9095889d046ab16159d22dfc2159990b6eac /src/lib/libssl/ssl_cert.c | |
| parent | b94b0d8f52e1ed299dddd673bd0f743413aac791 (diff) | |
| download | openbsd-6bd34dc88195096ae184029fa07575cb968e00c8.tar.gz openbsd-6bd34dc88195096ae184029fa07575cb968e00c8.tar.bz2 openbsd-6bd34dc88195096ae184029fa07575cb968e00c8.zip | |
More KNF.
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_cert.c | 41 |
1 files changed, 22 insertions, 19 deletions
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index 3a16644cf4..4c3af75869 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c | |||
| @@ -143,8 +143,9 @@ SSL_get_ex_data_X509_STORE_CTX_idx(void) | |||
| 143 | got_write_lock = 1; | 143 | got_write_lock = 1; |
| 144 | 144 | ||
| 145 | if (ssl_x509_store_ctx_idx < 0) { | 145 | if (ssl_x509_store_ctx_idx < 0) { |
| 146 | ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index( | 146 | ssl_x509_store_ctx_idx = |
| 147 | 0, "SSL for verify callback", NULL, NULL, NULL); | 147 | X509_STORE_CTX_get_ex_new_index( |
| 148 | 0, "SSL for verify callback", NULL, NULL, NULL); | ||
| 148 | } | 149 | } |
| 149 | } | 150 | } |
| 150 | 151 | ||
| @@ -439,7 +440,8 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) | |||
| 439 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB); | 440 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB); |
| 440 | return (0); | 441 | return (0); |
| 441 | } | 442 | } |
| 442 | X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s); | 443 | X509_STORE_CTX_set_ex_data(&ctx, |
| 444 | SSL_get_ex_data_X509_STORE_CTX_idx(), s); | ||
| 443 | 445 | ||
| 444 | /* We need to inherit the verify parameters. These can be determined by | 446 | /* We need to inherit the verify parameters. These can be determined by |
| 445 | * the context: if its a server it will verify SSL client certificates | 447 | * the context: if its a server it will verify SSL client certificates |
| @@ -475,7 +477,8 @@ ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) | |||
| 475 | } | 477 | } |
| 476 | 478 | ||
| 477 | static void | 479 | static void |
| 478 | set_client_CA_list(STACK_OF(X509_NAME) **ca_list, STACK_OF(X509_NAME) *name_list) | 480 | set_client_CA_list(STACK_OF(X509_NAME) **ca_list, |
| 481 | STACK_OF(X509_NAME) *name_list) | ||
| 479 | { | 482 | { |
| 480 | if (*ca_list != NULL) | 483 | if (*ca_list != NULL) |
| 481 | sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); | 484 | sk_X509_NAME_pop_free(*ca_list, X509_NAME_free); |
| @@ -522,11 +525,11 @@ SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) | |||
| 522 | STACK_OF(X509_NAME) * | 525 | STACK_OF(X509_NAME) * |
| 523 | SSL_get_client_CA_list(const SSL *s) | 526 | SSL_get_client_CA_list(const SSL *s) |
| 524 | { | 527 | { |
| 525 | if (s->type == SSL_ST_CONNECT) | 528 | if (s->type == SSL_ST_CONNECT) { |
| 526 | { /* we are in the client */ | 529 | /* We are in the client. */ |
| 527 | if (((s->version >> 8) == SSL3_VERSION_MAJOR) && | 530 | if (((s->version >> 8) == SSL3_VERSION_MAJOR) && |
| 528 | (s->s3 != NULL)) | 531 | (s->s3 != NULL)) |
| 529 | return (s->s3->tmp.ca_names); | 532 | return (s->s3->tmp.ca_names); |
| 530 | else | 533 | else |
| 531 | return (NULL); | 534 | return (NULL); |
| 532 | } else { | 535 | } else { |
| @@ -609,7 +612,8 @@ SSL_load_client_CA_file(const char *file) | |||
| 609 | if (ret == NULL) { | 612 | if (ret == NULL) { |
| 610 | ret = sk_X509_NAME_new_null(); | 613 | ret = sk_X509_NAME_new_null(); |
| 611 | if (ret == NULL) { | 614 | if (ret == NULL) { |
| 612 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE); | 615 | SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, |
| 616 | ERR_R_MALLOC_FAILURE); | ||
| 613 | goto err; | 617 | goto err; |
| 614 | } | 618 | } |
| 615 | } | 619 | } |
| @@ -667,7 +671,8 @@ SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | |||
| 667 | in = BIO_new(BIO_s_file_internal()); | 671 | in = BIO_new(BIO_s_file_internal()); |
| 668 | 672 | ||
| 669 | if (in == NULL) { | 673 | if (in == NULL) { |
| 670 | SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, ERR_R_MALLOC_FAILURE); | 674 | SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, |
| 675 | ERR_R_MALLOC_FAILURE); | ||
| 671 | goto err; | 676 | goto err; |
| 672 | } | 677 | } |
| 673 | 678 | ||
| @@ -708,15 +713,14 @@ err: | |||
| 708 | * \param stack the stack to append to. | 713 | * \param stack the stack to append to. |
| 709 | * \param dir the directory to append from. All files in this directory will be | 714 | * \param dir the directory to append from. All files in this directory will be |
| 710 | * examined as potential certs. Any that are acceptable to | 715 | * examined as potential certs. Any that are acceptable to |
| 711 | * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be | 716 | * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will |
| 712 | * included. | 717 | * be included. |
| 713 | * \return 1 for success, 0 for failure. Note that in the case of failure some | 718 | * \return 1 for success, 0 for failure. Note that in the case of failure some |
| 714 | * certs may have been added to \c stack. | 719 | * certs may have been added to \c stack. |
| 715 | */ | 720 | */ |
| 716 | 721 | ||
| 717 | int | 722 | int |
| 718 | SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | 723 | SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir) |
| 719 | const char *dir) | ||
| 720 | { | 724 | { |
| 721 | DIR *dirp = NULL; | 725 | DIR *dirp = NULL; |
| 722 | char *path = NULL; | 726 | char *path = NULL; |
| @@ -725,11 +729,11 @@ SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | |||
| 725 | CRYPTO_w_lock(CRYPTO_LOCK_READDIR); | 729 | CRYPTO_w_lock(CRYPTO_LOCK_READDIR); |
| 726 | dirp = opendir(dir); | 730 | dirp = opendir(dir); |
| 727 | if (dirp) { | 731 | if (dirp) { |
| 728 | struct dirent * dp; | 732 | struct dirent *dp; |
| 729 | while ((dp = readdir(dirp)) != NULL) { | 733 | while ((dp = readdir(dirp)) != NULL) { |
| 730 | if (asprintf(&path, "%s/%s", dir, dp->d_name) != -1) { | 734 | if (asprintf(&path, "%s/%s", dir, dp->d_name) != -1) { |
| 731 | ret = SSL_add_file_cert_subjects_to_stack | 735 | ret = SSL_add_file_cert_subjects_to_stack( |
| 732 | (stack,path); | 736 | stack, path); |
| 733 | free(path); | 737 | free(path); |
| 734 | } | 738 | } |
| 735 | if (!ret) | 739 | if (!ret) |
| @@ -740,8 +744,7 @@ SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | |||
| 740 | if (!ret) { | 744 | if (!ret) { |
| 741 | SYSerr(SYS_F_OPENDIR, errno); | 745 | SYSerr(SYS_F_OPENDIR, errno); |
| 742 | ERR_asprintf_error_data("opendir ('%s')", dir); | 746 | ERR_asprintf_error_data("opendir ('%s')", dir); |
| 743 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, | 747 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); |
| 744 | ERR_R_SYS_LIB); | ||
| 745 | } | 748 | } |
| 746 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); | 749 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); |
| 747 | return ret; | 750 | return ret; |