OpenSSL 0.9.4 merge

author: beck <> 1999-09-29 04:37:45 +0000
committer: beck <> 1999-09-29 04:37:45 +0000
commit: de8f24ea083384bb66b32ec105dc4743c5663cdf (patch)
tree: 1412176ae62a3cab2cf2b0b92150fcbceaac6092 /src/lib/libssl/ssl_rsa.c
parent: cb929d29896bcb87c2a97417fbd03e50078fc178 (diff)
download: openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.tar.gz
openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.tar.bz2
openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.zip
1 files changed, 158 insertions, 174 deletions
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index 140475e5fb..6ec7a5cdb1 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -57,53 +57,32 @@
 */
 #include <stdio.h>
-#include "bio.h"
+#include <openssl/bio.h>
-#include "objects.h"
+#include <openssl/objects.h>
-#include "evp.h"
+#include <openssl/evp.h>
-#include "x509.h"
+#include <openssl/x509.h>
-#include "pem.h"
+#include <openssl/pem.h>
 #include "ssl_locl.h"
-#ifndef NOPROTO
 static int ssl_set_cert(CERT *c, X509 *x509);
 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
-#else
+int SSL_use_certificate(SSL *ssl, X509 *x)
-static int ssl_set_cert();
-static int ssl_set_pkey();
-#endif
-int SSL_use_certificate(ssl, x)
-SSL *ssl;
-X509 *x;
        {
-        CERT *c;
        if (x == NULL)
                {
                SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
                return(0);
                }
-        if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert))
+        if (!ssl_cert_inst(&ssl->cert))
                {
-                c=ssl_cert_new();
+                SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-                if (c == NULL)
+                return(0);
-                        {
-                        SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-                        return(0);
-                        }
-                if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
-                ssl->cert=c;
                }
-        c=ssl->cert;
+        return(ssl_set_cert(ssl->cert,x));
-        return(ssl_set_cert(c,x));
        }
 #ifndef NO_STDIO
-int SSL_use_certificate_file(ssl, file, type)
+int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
-SSL *ssl;
-char *file;
-int type;
        {
        int j;
        BIO *in;
@@ -130,7 +109,7 @@ int type;
        else if (type == SSL_FILETYPE_PEM)
                {
                j=ERR_R_PEM_LIB;
-                x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback);
+                x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
                }
        else
                {
@@ -152,10 +131,7 @@ end:
        }
 #endif
-int SSL_use_certificate_ASN1(ssl, len, d)
+int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
-SSL *ssl;
-int len;
-unsigned char *d;
        {
        X509 *x;
        int ret;
@@ -173,11 +149,8 @@ unsigned char *d;
        }
 #ifndef NO_RSA
-int SSL_use_RSAPrivateKey(ssl, rsa)
+int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
-SSL *ssl;
-RSA *rsa;
        {
-        CERT *c;
        EVP_PKEY *pkey;
        int ret;
@@ -186,19 +159,11 @@ RSA *rsa;
                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
                return(0);
                }
+        if (!ssl_cert_inst(&ssl->cert))
-        if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert))
+                {
-                {
+                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                c=ssl_cert_new();
+                return(0);
-                if (c == NULL)
-                        {
-                        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                        return(0);
-                        }
-                if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
-                ssl->cert=c;
                }
-        c=ssl->cert;
        if ((pkey=EVP_PKEY_new()) == NULL)
                {
                SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
@@ -208,15 +173,13 @@ RSA *rsa;
        CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
        EVP_PKEY_assign_RSA(pkey,rsa);
-        ret=ssl_set_pkey(c,pkey);
+        ret=ssl_set_pkey(ssl->cert,pkey);
        EVP_PKEY_free(pkey);
        return(ret);
        }
 #endif
-static int ssl_set_pkey(c,pkey)
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
-CERT *c;
-EVP_PKEY *pkey;
        {
        int i,ok=0,bad=0;
@@ -229,6 +192,12 @@ EVP_PKEY *pkey;
        if (c->pkeys[i].x509 != NULL)
                {
+                EVP_PKEY *pktmp;
+                pktmp = X509_get_pubkey(c->pkeys[i].x509);
+                EVP_PKEY_copy_parameters(pktmp,pkey);
+                EVP_PKEY_free(pktmp);
+                ERR_clear_error();
 #ifndef NO_RSA
                /* Don't check the public/private key, this is mostly
                 * for smart cards. */
@@ -284,10 +253,7 @@ EVP_PKEY *pkey;
 #ifndef NO_RSA
 #ifndef NO_STDIO
-int SSL_use_RSAPrivateKey_file(ssl, file, type)
+int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
-SSL *ssl;
-char *file;
-int type;
        {
        int j,ret=0;
        BIO *in;
@@ -314,7 +280,7 @@ int type;
                {
                j=ERR_R_PEM_LIB;
                rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
-                        ssl->ctx->default_passwd_callback);
+                        ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
                }
        else
                {
@@ -334,10 +300,7 @@ end:
        }
 #endif
-int SSL_use_RSAPrivateKey_ASN1(ssl,d,len)
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
-SSL *ssl;
-unsigned char *d;
-long len;
        {
        int ret;
        unsigned char *p;
@@ -356,11 +319,8 @@ long len;
        }
 #endif /* !NO_RSA */
-int SSL_use_PrivateKey(ssl, pkey)
+int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
-SSL *ssl;
-EVP_PKEY *pkey;
        {
-        CERT *c;
        int ret;
        if (pkey == NULL)
@@ -368,29 +328,17 @@ EVP_PKEY *pkey;
                SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
                return(0);
                }
+        if (!ssl_cert_inst(&ssl->cert))
-        if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert))
+                {
-                {
+                SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                c=ssl_cert_new();
+                return(0);
-                if (c == NULL)
-                        {
-                        SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                        return(0);
-                        }
-                if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
-                ssl->cert=c;
                }
-        c=ssl->cert;
+        ret=ssl_set_pkey(ssl->cert,pkey);
-        ret=ssl_set_pkey(c,pkey);
        return(ret);
        }
 #ifndef NO_STDIO
-int SSL_use_PrivateKey_file(ssl, file, type)
+int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
-SSL *ssl;
-char *file;
-int type;
        {
        int j,ret=0;
        BIO *in;
@@ -412,7 +360,7 @@ int type;
                {
                j=ERR_R_PEM_LIB;
                pkey=PEM_read_bio_PrivateKey(in,NULL,
-                        ssl->ctx->default_passwd_callback);
+                        ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
                }
        else
                {
@@ -432,11 +380,7 @@ end:
        }
 #endif
-int SSL_use_PrivateKey_ASN1(type,ssl,d,len)
+int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len)
-int type;
-SSL *ssl;
-unsigned char *d;
-long len;
        {
        int ret;
        unsigned char *p;
@@ -454,36 +398,22 @@ long len;
        return(ret);
        }
-int SSL_CTX_use_certificate(ctx, x)
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
-SSL_CTX *ctx;
-X509 *x;
        {
-        CERT *c;
        if (x == NULL)
                {
                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
                return(0);
                }
+        if (!ssl_cert_inst(&ctx->cert))
-        if (ctx->default_cert == NULL)
                {
-                c=ssl_cert_new();
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-                if (c == NULL)
+                return(0);
-                        {
-                        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-                        return(0);
-                        }
-                ctx->default_cert=c;
                }
-        c=ctx->default_cert;
+        return(ssl_set_cert(ctx->cert, x));
-        return(ssl_set_cert(c,x));
        }
-static int ssl_set_cert(c,x)
+static int ssl_set_cert(CERT *c, X509 *x)
-CERT *c;
-X509 *x;
        {
        EVP_PKEY *pkey;
        int i,ok=0,bad=0;
@@ -499,11 +429,25 @@ X509 *x;
        if (i < 0)
                {
                SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+                EVP_PKEY_free(pkey);
                return(0);
                }
        if (c->pkeys[i].privatekey != NULL)
                {
+                EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
+                ERR_clear_error();
+#ifndef NO_RSA
+                /* Don't check the public/private key, this is mostly
+                 * for smart cards. */
+                if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
+                        (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
+                         RSA_METHOD_FLAG_NO_CHECK))
+                         ok=1;
+                else
+#endif
+                {
                if (!X509_check_private_key(x,c->pkeys[i].privatekey))
                        {
                        if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
@@ -527,10 +471,12 @@ X509 *x;
                        }
                else
                        ok=1;
+                } /* NO_RSA */
                }
        else
                ok=1;
+        EVP_PKEY_free(pkey);
        if (bad)
                {
                EVP_PKEY_free(c->pkeys[i].privatekey);
@@ -548,10 +494,7 @@ X509 *x;
        }
 #ifndef NO_STDIO
-int SSL_CTX_use_certificate_file(ctx, file, type)
+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
-SSL_CTX *ctx;
-char *file;
-int type;
        {
        int j;
        BIO *in;
@@ -578,7 +521,7 @@ int type;
        else if (type == SSL_FILETYPE_PEM)
                {
                j=ERR_R_PEM_LIB;
-                x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback);
+                x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
                }
        else
                {
@@ -600,10 +543,7 @@ end:
        }
 #endif
-int SSL_CTX_use_certificate_ASN1(ctx, len, d)
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
-SSL_CTX *ctx;
-int len;
-unsigned char *d;
        {
        X509 *x;
        int ret;
@@ -621,12 +561,9 @@ unsigned char *d;
        }
 #ifndef NO_RSA
-int SSL_CTX_use_RSAPrivateKey(ctx, rsa)
+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
-SSL_CTX *ctx;
-RSA *rsa;
        {
        int ret;
-        CERT *c;
        EVP_PKEY *pkey;
        if (rsa == NULL)
@@ -634,18 +571,11 @@ RSA *rsa;
                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
                return(0);
                }
-        if (ctx->default_cert == NULL)
+        if (!ssl_cert_inst(&ctx->cert))
                {
-                c=ssl_cert_new();
+                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                if (c == NULL)
+                return(0);
-                        {
-                        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                        return(0);
-                        }
-                ctx->default_cert=c;
                }
-        c=ctx->default_cert;
        if ((pkey=EVP_PKEY_new()) == NULL)
                {
                SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
@@ -655,16 +585,13 @@ RSA *rsa;
        CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
        EVP_PKEY_assign_RSA(pkey,rsa);
-        ret=ssl_set_pkey(c,pkey);
+        ret=ssl_set_pkey(ctx->cert, pkey);
        EVP_PKEY_free(pkey);
        return(ret);
        }
 #ifndef NO_STDIO
-int SSL_CTX_use_RSAPrivateKey_file(ctx, file, type)
+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-SSL_CTX *ctx;
-char *file;
-int type;
        {
        int j,ret=0;
        BIO *in;
@@ -691,7 +618,7 @@ int type;
                {
                j=ERR_R_PEM_LIB;
                rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
-                        ctx->default_passwd_callback);
+                        ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
                }
        else
                {
@@ -711,10 +638,7 @@ end:
        }
 #endif
-int SSL_CTX_use_RSAPrivateKey_ASN1(ctx,d,len)
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
-SSL_CTX *ctx;
-unsigned char *d;
-long len;
        {
        int ret;
        unsigned char *p;
@@ -733,38 +657,23 @@ long len;
        }
 #endif /* !NO_RSA */
-int SSL_CTX_use_PrivateKey(ctx, pkey)
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
-SSL_CTX *ctx;
-EVP_PKEY *pkey;
        {
-        CERT *c;
        if (pkey == NULL)
                {
                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
                return(0);
                }
-                
+        if (!ssl_cert_inst(&ctx->cert))
-        if (ctx->default_cert == NULL)
                {
-                c=ssl_cert_new();
+                SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                if (c == NULL)
+                return(0);
-                        {
-                        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
-                        return(0);
-                        }
-                ctx->default_cert=c;
                }
-        c=ctx->default_cert;
+        return(ssl_set_pkey(ctx->cert,pkey));
-        return(ssl_set_pkey(c,pkey));
        }
 #ifndef NO_STDIO
-int SSL_CTX_use_PrivateKey_file(ctx, file, type)
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-SSL_CTX *ctx;
-char *file;
-int type;
        {
        int j,ret=0;
        BIO *in;
@@ -786,7 +695,7 @@ int type;
                {
                j=ERR_R_PEM_LIB;
                pkey=PEM_read_bio_PrivateKey(in,NULL,
-                        ctx->default_passwd_callback);
+                        ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
                }
        else
                {
@@ -806,11 +715,8 @@ end:
        }
 #endif
-int SSL_CTX_use_PrivateKey_ASN1(type,ctx,d,len)
+int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
-int type;
+             long len)
-SSL_CTX *ctx;
-unsigned char *d;
-long len;
        {
        int ret;
        unsigned char *p;
@@ -829,3 +735,81 @@ long len;
        }
+#ifndef NO_STDIO
+/* Read a file that contains our certificate in "PEM" format,
+ * possibly followed by a sequence of CA certificates that should be
+ * sent to the peer in the Certificate message.
+ */
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
+        {
+        BIO *in;
+        int ret=0;
+        X509 *x=NULL;
+        in=BIO_new(BIO_s_file_internal());
+        if (in == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
+                goto end;
+                }
+        if (BIO_read_filename(in,file) <= 0)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
+                goto end;
+                }
+        x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+        if (x == NULL)
+                {
+                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
+                goto end;
+                }
+        ret=SSL_CTX_use_certificate(ctx,x);
+        if (ERR_peek_error() != 0)
+                ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */
+        if (ret)
+                {
+                /* If we could set up our certificate, now proceed to
+                 * the CA certificates.
+                 */
+                X509 *ca;
+                int r;
+                unsigned long err;
+                
+                if (ctx->extra_certs != NULL) 
+                        {
+                        sk_X509_pop_free(ctx->extra_certs, X509_free);
+                        ctx->extra_certs = NULL;
+                        }
+                while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
+                        != NULL)
+                        {
+                        r = SSL_CTX_add_extra_chain_cert(ctx, ca);
+                        if (!r) 
+                                {
+                                X509_free(ca);
+                                ret = 0;
+                                goto end;
+                                }
+                        /* Note that we must not free r if it was successfully
+                         * added to the chain (while we must free the main
+                         * certificate, since its reference count is increased
+                         * by SSL_CTX_use_certificate). */
+                        }
+                /* When the while loop ends, it's usually just EOF. */
+                err = ERR_peek_error();
+                if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
+                        (void) ERR_get_error();
+                else 
+                        ret = 0; /* some real error */
+                }
+end:
+        if (x != NULL) X509_free(x);
+        if (in != NULL) BIO_free(in);
+        return(ret);
+        }
+#endif
author	beck <>	1999-09-29 04:37:45 +0000
committer	beck <>	1999-09-29 04:37:45 +0000
commit	de8f24ea083384bb66b32ec105dc4743c5663cdf (patch)
tree	1412176ae62a3cab2cf2b0b92150fcbceaac6092 /src/lib/libssl/ssl_rsa.c
parent	cb929d29896bcb87c2a97417fbd03e50078fc178 (diff)
download	openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.tar.gz openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.tar.bz2 openbsd-de8f24ea083384bb66b32ec105dc4743c5663cdf.zip

diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c index 140475e5fb..6ec7a5cdb1 100644 --- a/src/lib/libssl/ssl_rsa.c +++ b/src/lib/libssl/ssl_rsa.c
@@ -57,53 +57,32 @@
57	*/	57	*/
58		58
59	#include <stdio.h>	59	#include <stdio.h>
60	#include "bio.h"	60	#include <openssl/bio.h>
61	#include "objects.h"	61	#include <openssl/objects.h>
62	#include "evp.h"	62	#include <openssl/evp.h>
63	#include "x509.h"	63	#include <openssl/x509.h>
64	#include "pem.h"	64	#include <openssl/pem.h>
65	#include "ssl_locl.h"	65	#include "ssl_locl.h"
66		66
67	#ifndef NOPROTO
68	static int ssl_set_cert(CERT c, X509 x509);	67	static int ssl_set_cert(CERT c, X509 x509);
69	static int ssl_set_pkey(CERT c, EVP_PKEY pkey);	68	static int ssl_set_pkey(CERT c, EVP_PKEY pkey);
70	#else	69	int SSL_use_certificate(SSL ssl, X509 x)
71	static int ssl_set_cert();
72	static int ssl_set_pkey();
73	#endif
74
75	int SSL_use_certificate(ssl, x)
76	SSL *ssl;
77	X509 *x;
78	{	70	{
79	CERT *c;
80
81	if (x == NULL)	71	if (x == NULL)
82	{	72	{
83	SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);	73	SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
84	return(0);	74	return(0);
85	}	75	}
86	if ((ssl->cert == NULL) \|\| (ssl->cert == ssl->ctx->default_cert))	76	if (!ssl_cert_inst(&ssl->cert))
87	{	77	{
88	c=ssl_cert_new();	78	SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
89	if (c == NULL)	79	return(0);
90	{
91	SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
92	return(0);
93	}
94	if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
95	ssl->cert=c;
96	}	80	}
97	c=ssl->cert;	81	return(ssl_set_cert(ssl->cert,x));
98
99	return(ssl_set_cert(c,x));
100	}	82	}
101		83
102	#ifndef NO_STDIO	84	#ifndef NO_STDIO
103	int SSL_use_certificate_file(ssl, file, type)	85	int SSL_use_certificate_file(SSL ssl, const char file, int type)
104	SSL *ssl;
105	char *file;
106	int type;
107	{	86	{
108	int j;	87	int j;
109	BIO *in;	88	BIO *in;
@@ -130,7 +109,7 @@ int type;
130	else if (type == SSL_FILETYPE_PEM)	109	else if (type == SSL_FILETYPE_PEM)
131	{	110	{
132	j=ERR_R_PEM_LIB;	111	j=ERR_R_PEM_LIB;
133	x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback);	112	x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
134	}	113	}
135	else	114	else
136	{	115	{
@@ -152,10 +131,7 @@ end:
152	}	131	}
153	#endif	132	#endif
154		133
155	int SSL_use_certificate_ASN1(ssl, len, d)	134	int SSL_use_certificate_ASN1(SSL ssl, unsigned char d, int len)
156	SSL *ssl;
157	int len;
158	unsigned char *d;
159	{	135	{
160	X509 *x;	136	X509 *x;
161	int ret;	137	int ret;
@@ -173,11 +149,8 @@ unsigned char *d;
173	}	149	}
174		150
175	#ifndef NO_RSA	151	#ifndef NO_RSA
176	int SSL_use_RSAPrivateKey(ssl, rsa)	152	int SSL_use_RSAPrivateKey(SSL ssl, RSA rsa)
177	SSL *ssl;
178	RSA *rsa;
179	{	153	{
180	CERT *c;
181	EVP_PKEY *pkey;	154	EVP_PKEY *pkey;
182	int ret;	155	int ret;
183		156
@@ -186,19 +159,11 @@ RSA *rsa;
186	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);	159	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
187	return(0);	160	return(0);
188	}	161	}
189		162	if (!ssl_cert_inst(&ssl->cert))
190	if ((ssl->cert == NULL) \|\| (ssl->cert == ssl->ctx->default_cert))	163	{
191	{	164	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
192	c=ssl_cert_new();	165	return(0);
193	if (c == NULL)
194	{
195	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
196	return(0);
197	}
198	if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
199	ssl->cert=c;
200	}	166	}
201	c=ssl->cert;
202	if ((pkey=EVP_PKEY_new()) == NULL)	167	if ((pkey=EVP_PKEY_new()) == NULL)
203	{	168	{
204	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);	169	SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
@@ -208,15 +173,13 @@ RSA *rsa;
208	CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);	173	CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
209	EVP_PKEY_assign_RSA(pkey,rsa);	174	EVP_PKEY_assign_RSA(pkey,rsa);
210		175
211	ret=ssl_set_pkey(c,pkey);	176	ret=ssl_set_pkey(ssl->cert,pkey);
212	EVP_PKEY_free(pkey);	177	EVP_PKEY_free(pkey);
213	return(ret);	178	return(ret);
214	}	179	}
215	#endif	180	#endif
216		181
217	static int ssl_set_pkey(c,pkey)	182	static int ssl_set_pkey(CERT c, EVP_PKEY pkey)
218	CERT *c;
219	EVP_PKEY *pkey;
220	{	183	{
221	int i,ok=0,bad=0;	184	int i,ok=0,bad=0;
222		185
@@ -229,6 +192,12 @@ EVP_PKEY *pkey;
229		192
230	if (c->pkeys[i].x509 != NULL)	193	if (c->pkeys[i].x509 != NULL)
231	{	194	{
		195	EVP_PKEY *pktmp;
		196	pktmp = X509_get_pubkey(c->pkeys[i].x509);
		197	EVP_PKEY_copy_parameters(pktmp,pkey);
		198	EVP_PKEY_free(pktmp);
		199	ERR_clear_error();
		200
232	#ifndef NO_RSA	201	#ifndef NO_RSA
233	/* Don't check the public/private key, this is mostly	202	/* Don't check the public/private key, this is mostly
234	* for smart cards. */	203	* for smart cards. */
@@ -284,10 +253,7 @@ EVP_PKEY *pkey;
284		253
285	#ifndef NO_RSA	254	#ifndef NO_RSA
286	#ifndef NO_STDIO	255	#ifndef NO_STDIO
287	int SSL_use_RSAPrivateKey_file(ssl, file, type)	256	int SSL_use_RSAPrivateKey_file(SSL ssl, const char file, int type)
288	SSL *ssl;
289	char *file;
290	int type;
291	{	257	{
292	int j,ret=0;	258	int j,ret=0;
293	BIO *in;	259	BIO *in;
@@ -314,7 +280,7 @@ int type;
314	{	280	{
315	j=ERR_R_PEM_LIB;	281	j=ERR_R_PEM_LIB;
316	rsa=PEM_read_bio_RSAPrivateKey(in,NULL,	282	rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
317	ssl->ctx->default_passwd_callback);	283	ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
318	}	284	}
319	else	285	else
320	{	286	{
@@ -334,10 +300,7 @@ end:
334	}	300	}
335	#endif	301	#endif
336		302
337	int SSL_use_RSAPrivateKey_ASN1(ssl,d,len)	303	int SSL_use_RSAPrivateKey_ASN1(SSL ssl, unsigned char d, long len)
338	SSL *ssl;
339	unsigned char *d;
340	long len;
341	{	304	{
342	int ret;	305	int ret;
343	unsigned char *p;	306	unsigned char *p;
@@ -356,11 +319,8 @@ long len;
356	}	319	}
357	#endif /* !NO_RSA */	320	#endif /* !NO_RSA */
358		321
359	int SSL_use_PrivateKey(ssl, pkey)	322	int SSL_use_PrivateKey(SSL ssl, EVP_PKEY pkey)
360	SSL *ssl;
361	EVP_PKEY *pkey;
362	{	323	{
363	CERT *c;
364	int ret;	324	int ret;
365		325
366	if (pkey == NULL)	326	if (pkey == NULL)
@@ -368,29 +328,17 @@ EVP_PKEY *pkey;
368	SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);	328	SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
369	return(0);	329	return(0);
370	}	330	}
371		331	if (!ssl_cert_inst(&ssl->cert))
372	if ((ssl->cert == NULL) \|\| (ssl->cert == ssl->ctx->default_cert))	332	{
373	{	333	SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
374	c=ssl_cert_new();	334	return(0);
375	if (c == NULL)
376	{
377	SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
378	return(0);
379	}
380	if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
381	ssl->cert=c;
382	}	335	}
383	c=ssl->cert;	336	ret=ssl_set_pkey(ssl->cert,pkey);
384
385	ret=ssl_set_pkey(c,pkey);
386	return(ret);	337	return(ret);
387	}	338	}
388		339
389	#ifndef NO_STDIO	340	#ifndef NO_STDIO
390	int SSL_use_PrivateKey_file(ssl, file, type)	341	int SSL_use_PrivateKey_file(SSL ssl, const char file, int type)
391	SSL *ssl;
392	char *file;
393	int type;
394	{	342	{
395	int j,ret=0;	343	int j,ret=0;
396	BIO *in;	344	BIO *in;
@@ -412,7 +360,7 @@ int type;
412	{	360	{
413	j=ERR_R_PEM_LIB;	361	j=ERR_R_PEM_LIB;
414	pkey=PEM_read_bio_PrivateKey(in,NULL,	362	pkey=PEM_read_bio_PrivateKey(in,NULL,
415	ssl->ctx->default_passwd_callback);	363	ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
416	}	364	}
417	else	365	else
418	{	366	{
@@ -432,11 +380,7 @@ end:
432	}	380	}
433	#endif	381	#endif
434		382
435	int SSL_use_PrivateKey_ASN1(type,ssl,d,len)	383	int SSL_use_PrivateKey_ASN1(int type, SSL ssl, unsigned char d, long len)
436	int type;
437	SSL *ssl;
438	unsigned char *d;
439	long len;
440	{	384	{
441	int ret;	385	int ret;
442	unsigned char *p;	386	unsigned char *p;
@@ -454,36 +398,22 @@ long len;
454	return(ret);	398	return(ret);
455	}	399	}
456		400
457	int SSL_CTX_use_certificate(ctx, x)	401	int SSL_CTX_use_certificate(SSL_CTX ctx, X509 x)
458	SSL_CTX *ctx;
459	X509 *x;
460	{	402	{
461	CERT *c;
462
463	if (x == NULL)	403	if (x == NULL)
464	{	404	{
465	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);	405	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
466	return(0);	406	return(0);
467	}	407	}
468		408	if (!ssl_cert_inst(&ctx->cert))
469	if (ctx->default_cert == NULL)
470	{	409	{
471	c=ssl_cert_new();	410	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
472	if (c == NULL)	411	return(0);
473	{
474	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
475	return(0);
476	}
477	ctx->default_cert=c;
478	}	412	}
479	c=ctx->default_cert;	413	return(ssl_set_cert(ctx->cert, x));
480
481	return(ssl_set_cert(c,x));
482	}	414	}
483		415
484	static int ssl_set_cert(c,x)	416	static int ssl_set_cert(CERT c, X509 x)
485	CERT *c;
486	X509 *x;
487	{	417	{
488	EVP_PKEY *pkey;	418	EVP_PKEY *pkey;
489	int i,ok=0,bad=0;	419	int i,ok=0,bad=0;
@@ -499,11 +429,25 @@ X509 *x;
499	if (i < 0)	429	if (i < 0)
500	{	430	{
501	SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);	431	SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
		432	EVP_PKEY_free(pkey);
502	return(0);	433	return(0);
503	}	434	}
504		435
505	if (c->pkeys[i].privatekey != NULL)	436	if (c->pkeys[i].privatekey != NULL)
506	{	437	{
		438	EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
		439	ERR_clear_error();
		440
		441	#ifndef NO_RSA
		442	/* Don't check the public/private key, this is mostly
		443	* for smart cards. */
		444	if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
		445	(RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
		446	RSA_METHOD_FLAG_NO_CHECK))
		447	ok=1;
		448	else
		449	#endif
		450	{
507	if (!X509_check_private_key(x,c->pkeys[i].privatekey))	451	if (!X509_check_private_key(x,c->pkeys[i].privatekey))
508	{	452	{
509	if ((i == SSL_PKEY_DH_RSA) \|\| (i == SSL_PKEY_DH_DSA))	453	if ((i == SSL_PKEY_DH_RSA) \|\| (i == SSL_PKEY_DH_DSA))
@@ -527,10 +471,12 @@ X509 *x;
527	}	471	}
528	else	472	else
529	ok=1;	473	ok=1;
		474	} /* NO_RSA */
530	}	475	}
531	else	476	else
532	ok=1;	477	ok=1;
533		478
		479	EVP_PKEY_free(pkey);
534	if (bad)	480	if (bad)
535	{	481	{
536	EVP_PKEY_free(c->pkeys[i].privatekey);	482	EVP_PKEY_free(c->pkeys[i].privatekey);
@@ -548,10 +494,7 @@ X509 *x;
548	}	494	}
549		495
550	#ifndef NO_STDIO	496	#ifndef NO_STDIO
551	int SSL_CTX_use_certificate_file(ctx, file, type)	497	int SSL_CTX_use_certificate_file(SSL_CTX ctx, const char file, int type)
552	SSL_CTX *ctx;
553	char *file;
554	int type;
555	{	498	{
556	int j;	499	int j;
557	BIO *in;	500	BIO *in;
@@ -578,7 +521,7 @@ int type;
578	else if (type == SSL_FILETYPE_PEM)	521	else if (type == SSL_FILETYPE_PEM)
579	{	522	{
580	j=ERR_R_PEM_LIB;	523	j=ERR_R_PEM_LIB;
581	x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback);	524	x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
582	}	525	}
583	else	526	else
584	{	527	{
@@ -600,10 +543,7 @@ end:
600	}	543	}
601	#endif	544	#endif
602		545
603	int SSL_CTX_use_certificate_ASN1(ctx, len, d)	546	int SSL_CTX_use_certificate_ASN1(SSL_CTX ctx, int len, unsigned char d)
604	SSL_CTX *ctx;
605	int len;
606	unsigned char *d;
607	{	547	{
608	X509 *x;	548	X509 *x;
609	int ret;	549	int ret;
@@ -621,12 +561,9 @@ unsigned char *d;
621	}	561	}
622		562
623	#ifndef NO_RSA	563	#ifndef NO_RSA
624	int SSL_CTX_use_RSAPrivateKey(ctx, rsa)	564	int SSL_CTX_use_RSAPrivateKey(SSL_CTX ctx, RSA rsa)
625	SSL_CTX *ctx;
626	RSA *rsa;
627	{	565	{
628	int ret;	566	int ret;
629	CERT *c;
630	EVP_PKEY *pkey;	567	EVP_PKEY *pkey;
631		568
632	if (rsa == NULL)	569	if (rsa == NULL)
@@ -634,18 +571,11 @@ RSA *rsa;
634	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);	571	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
635	return(0);	572	return(0);
636	}	573	}
637	if (ctx->default_cert == NULL)	574	if (!ssl_cert_inst(&ctx->cert))
638	{	575	{
639	c=ssl_cert_new();	576	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
640	if (c == NULL)	577	return(0);
641	{
642	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
643	return(0);
644	}
645	ctx->default_cert=c;
646	}	578	}
647	c=ctx->default_cert;
648
649	if ((pkey=EVP_PKEY_new()) == NULL)	579	if ((pkey=EVP_PKEY_new()) == NULL)
650	{	580	{
651	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);	581	SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
@@ -655,16 +585,13 @@ RSA *rsa;
655	CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);	585	CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
656	EVP_PKEY_assign_RSA(pkey,rsa);	586	EVP_PKEY_assign_RSA(pkey,rsa);
657		587
658	ret=ssl_set_pkey(c,pkey);	588	ret=ssl_set_pkey(ctx->cert, pkey);
659	EVP_PKEY_free(pkey);	589	EVP_PKEY_free(pkey);
660	return(ret);	590	return(ret);
661	}	591	}
662		592
663	#ifndef NO_STDIO	593	#ifndef NO_STDIO
664	int SSL_CTX_use_RSAPrivateKey_file(ctx, file, type)	594	int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX ctx, const char file, int type)
665	SSL_CTX *ctx;
666	char *file;
667	int type;
668	{	595	{
669	int j,ret=0;	596	int j,ret=0;
670	BIO *in;	597	BIO *in;
@@ -691,7 +618,7 @@ int type;
691	{	618	{
692	j=ERR_R_PEM_LIB;	619	j=ERR_R_PEM_LIB;
693	rsa=PEM_read_bio_RSAPrivateKey(in,NULL,	620	rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
694	ctx->default_passwd_callback);	621	ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
695	}	622	}
696	else	623	else
697	{	624	{
@@ -711,10 +638,7 @@ end:
711	}	638	}
712	#endif	639	#endif
713		640
714	int SSL_CTX_use_RSAPrivateKey_ASN1(ctx,d,len)	641	int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX ctx, unsigned char d, long len)
715	SSL_CTX *ctx;
716	unsigned char *d;
717	long len;
718	{	642	{
719	int ret;	643	int ret;
720	unsigned char *p;	644	unsigned char *p;
@@ -733,38 +657,23 @@ long len;
733	}	657	}
734	#endif /* !NO_RSA */	658	#endif /* !NO_RSA */
735		659
736	int SSL_CTX_use_PrivateKey(ctx, pkey)	660	int SSL_CTX_use_PrivateKey(SSL_CTX ctx, EVP_PKEY pkey)
737	SSL_CTX *ctx;
738	EVP_PKEY *pkey;
739	{	661	{
740	CERT *c;
741
742	if (pkey == NULL)	662	if (pkey == NULL)
743	{	663	{
744	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);	664	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
745	return(0);	665	return(0);
746	}	666	}
747		667	if (!ssl_cert_inst(&ctx->cert))
748	if (ctx->default_cert == NULL)
749	{	668	{
750	c=ssl_cert_new();	669	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
751	if (c == NULL)	670	return(0);
752	{
753	SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
754	return(0);
755	}
756	ctx->default_cert=c;
757	}	671	}
758	c=ctx->default_cert;	672	return(ssl_set_pkey(ctx->cert,pkey));
759
760	return(ssl_set_pkey(c,pkey));
761	}	673	}
762		674
763	#ifndef NO_STDIO	675	#ifndef NO_STDIO
764	int SSL_CTX_use_PrivateKey_file(ctx, file, type)	676	int SSL_CTX_use_PrivateKey_file(SSL_CTX ctx, const char file, int type)
765	SSL_CTX *ctx;
766	char *file;
767	int type;
768	{	677	{
769	int j,ret=0;	678	int j,ret=0;
770	BIO *in;	679	BIO *in;
@@ -786,7 +695,7 @@ int type;
786	{	695	{
787	j=ERR_R_PEM_LIB;	696	j=ERR_R_PEM_LIB;
788	pkey=PEM_read_bio_PrivateKey(in,NULL,	697	pkey=PEM_read_bio_PrivateKey(in,NULL,
789	ctx->default_passwd_callback);	698	ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
790	}	699	}
791	else	700	else
792	{	701	{
@@ -806,11 +715,8 @@ end:
806	}	715	}
807	#endif	716	#endif
808		717
809	int SSL_CTX_use_PrivateKey_ASN1(type,ctx,d,len)	718	int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX ctx, unsigned char d,
810	int type;	719	long len)
811	SSL_CTX *ctx;
812	unsigned char *d;
813	long len;
814	{	720	{
815	int ret;	721	int ret;
816	unsigned char *p;	722	unsigned char *p;
@@ -829,3 +735,81 @@ long len;
829	}	735	}
830		736
831		737
		738	#ifndef NO_STDIO
		739	/* Read a file that contains our certificate in "PEM" format,
		740	* possibly followed by a sequence of CA certificates that should be
		741	* sent to the peer in the Certificate message.
		742	*/
		743	int SSL_CTX_use_certificate_chain_file(SSL_CTX ctx, const char file)
		744	{
		745	BIO *in;
		746	int ret=0;
		747	X509 *x=NULL;
		748
		749	in=BIO_new(BIO_s_file_internal());
		750	if (in == NULL)
		751	{
		752	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
		753	goto end;
		754	}
		755
		756	if (BIO_read_filename(in,file) <= 0)
		757	{
		758	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
		759	goto end;
		760	}
		761
		762	x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
		763	if (x == NULL)
		764	{
		765	SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
		766	goto end;
		767	}
		768
		769	ret=SSL_CTX_use_certificate(ctx,x);
		770	if (ERR_peek_error() != 0)
		771	ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
		772	if (ret)
		773	{
		774	/* If we could set up our certificate, now proceed to
		775	* the CA certificates.
		776	*/
		777	X509 *ca;
		778	int r;
		779	unsigned long err;
		780
		781	if (ctx->extra_certs != NULL)
		782	{
		783	sk_X509_pop_free(ctx->extra_certs, X509_free);
		784	ctx->extra_certs = NULL;
		785	}
		786
		787	while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
		788	!= NULL)
		789	{
		790	r = SSL_CTX_add_extra_chain_cert(ctx, ca);
		791	if (!r)
		792	{
		793	X509_free(ca);
		794	ret = 0;
		795	goto end;
		796	}
		797	/* Note that we must not free r if it was successfully
		798	* added to the chain (while we must free the main
		799	* certificate, since its reference count is increased
		800	* by SSL_CTX_use_certificate). */
		801	}
		802	/* When the while loop ends, it's usually just EOF. */
		803	err = ERR_peek_error();
		804	if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
		805	(void) ERR_get_error();
		806	else
		807	ret = 0; /* some real error */
		808	}
		809
		810	end:
		811	if (x != NULL) X509_free(x);
		812	if (in != NULL) BIO_free(in);
		813	return(ret);
		814	}
		815	#endif