import openssl-0.9.8j

author: djm <> 2009-01-09 12:14:11 +0000
committer: djm <> 2009-01-09 12:14:11 +0000
commit: a0fdc9ec41594852f67ec77dfad9cb06bacc4186 (patch)
tree: c43f6b3a4d93ad2cb3dcf93275295679d895a033 /src/lib/libssl/ssl_lib.c
parent: 5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80 (diff)
download: openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.tar.gz
openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.tar.bz2
openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.zip
1 files changed, 36 insertions, 0 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 065411aea8..68eee77e6f 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -130,6 +130,9 @@
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
 const char *SSL_version_str=OPENSSL_VERSION_TEXT;
@@ -1393,6 +1396,14 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
                return(NULL);
                }
+#ifdef OPENSSL_FIPS
+        if (FIPS_mode() && (meth->version < TLS1_VERSION))      
+                {
+                SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+                return NULL;
+                }
+#endif
        if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
                {
                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
@@ -1513,6 +1524,27 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
 #endif
+#ifndef OPENSSL_NO_ENGINE
+        ret->client_cert_engine = NULL;
+#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
+#define eng_strx(x)     #x
+#define eng_str(x)      eng_strx(x)
+        /* Use specific client engine automatically... ignore errors */
+        {
+        ENGINE *eng;
+        eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+        if (!eng)
+                {
+                ERR_clear_error();
+                ENGINE_load_builtin_engines();
+                eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+                }
+        if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
+                ERR_clear_error();
+        }
+#endif
+#endif
        return(ret);
 err:
        SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
@@ -1583,6 +1615,10 @@ void SSL_CTX_free(SSL_CTX *a)
 #else
        a->comp_methods = NULL;
 #endif
+#ifndef OPENSSL_NO_ENGINE
+        if (a->client_cert_engine)
+                ENGINE_finish(a->client_cert_engine);
+#endif
        OPENSSL_free(a);
        }
author	djm <>	2009-01-09 12:14:11 +0000
committer	djm <>	2009-01-09 12:14:11 +0000
commit	a0fdc9ec41594852f67ec77dfad9cb06bacc4186 (patch)
tree	c43f6b3a4d93ad2cb3dcf93275295679d895a033 /src/lib/libssl/ssl_lib.c
parent	5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80 (diff)
download	openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.tar.gz openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.tar.bz2 openbsd-a0fdc9ec41594852f67ec77dfad9cb06bacc4186.zip

diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 065411aea8..68eee77e6f 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -130,6 +130,9 @@
130	#ifndef OPENSSL_NO_DH	130	#ifndef OPENSSL_NO_DH
131	#include <openssl/dh.h>	131	#include <openssl/dh.h>
132	#endif	132	#endif
		133	#ifndef OPENSSL_NO_ENGINE
		134	#include <openssl/engine.h>
		135	#endif
133		136
134	const char *SSL_version_str=OPENSSL_VERSION_TEXT;	137	const char *SSL_version_str=OPENSSL_VERSION_TEXT;
135		138
@@ -1393,6 +1396,14 @@ SSL_CTX SSL_CTX_new(SSL_METHOD meth)
1393	return(NULL);	1396	return(NULL);
1394	}	1397	}
1395		1398
		1399	#ifdef OPENSSL_FIPS
		1400	if (FIPS_mode() && (meth->version < TLS1_VERSION))
		1401	{
		1402	SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
		1403	return NULL;
		1404	}
		1405	#endif
		1406
1396	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)	1407	if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
1397	{	1408	{
1398	SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);	1409	SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
@@ -1513,6 +1524,27 @@ SSL_CTX SSL_CTX_new(SSL_METHOD meth)
1513		1524
1514	#endif	1525	#endif
1515		1526
		1527	#ifndef OPENSSL_NO_ENGINE
		1528	ret->client_cert_engine = NULL;
		1529	#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
		1530	#define eng_strx(x) #x
		1531	#define eng_str(x) eng_strx(x)
		1532	/* Use specific client engine automatically... ignore errors */
		1533	{
		1534	ENGINE *eng;
		1535	eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
		1536	if (!eng)
		1537	{
		1538	ERR_clear_error();
		1539	ENGINE_load_builtin_engines();
		1540	eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
		1541	}
		1542	if (!eng \|\| !SSL_CTX_set_client_cert_engine(ret, eng))
		1543	ERR_clear_error();
		1544	}
		1545	#endif
		1546	#endif
		1547
1516	return(ret);	1548	return(ret);
1517	err:	1549	err:
1518	SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);	1550	SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
@@ -1583,6 +1615,10 @@ void SSL_CTX_free(SSL_CTX *a)
1583	#else	1615	#else
1584	a->comp_methods = NULL;	1616	a->comp_methods = NULL;
1585	#endif	1617	#endif
		1618	#ifndef OPENSSL_NO_ENGINE
		1619	if (a->client_cert_engine)
		1620	ENGINE_finish(a->client_cert_engine);
		1621	#endif
1586	OPENSSL_free(a);	1622	OPENSSL_free(a);
1587	}	1623	}
1588		1624