diff options
| author | jsing <> | 2016-07-07 14:09:03 +0000 |
|---|---|---|
| committer | jsing <> | 2016-07-07 14:09:03 +0000 |
| commit | 264aec397e864b1312511d8a90f858c97ac5bb0c (patch) | |
| tree | 558129ff06641d4ec1f2b513a089cb94c039b319 /src/lib/libtls/tls.c | |
| parent | 4ed8257afee9db6d69a7fc31eef1d52474e2ee0c (diff) | |
| download | openbsd-264aec397e864b1312511d8a90f858c97ac5bb0c.tar.gz openbsd-264aec397e864b1312511d8a90f858c97ac5bb0c.tar.bz2 openbsd-264aec397e864b1312511d8a90f858c97ac5bb0c.zip | |
Revert previous - it introduces problems with a common privsep use case.
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libtls/tls.c | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index e0464ec8b1..857b8d0811 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls.c,v 1.40 2016/07/06 16:16:36 jsing Exp $ */ | 1 | /* $OpenBSD: tls.c,v 1.41 2016/07/07 14:09:03 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -216,7 +216,9 @@ tls_configure_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, | |||
| 216 | 216 | ||
| 217 | if (!required && | 217 | if (!required && |
| 218 | keypair->cert_mem == NULL && | 218 | keypair->cert_mem == NULL && |
| 219 | keypair->key_mem == NULL) | 219 | keypair->key_mem == NULL && |
| 220 | keypair->cert_file == NULL && | ||
| 221 | keypair->key_file == NULL) | ||
| 220 | return(0); | 222 | return(0); |
| 221 | 223 | ||
| 222 | if (keypair->cert_mem != NULL) { | 224 | if (keypair->cert_mem != NULL) { |
| @@ -258,6 +260,21 @@ tls_configure_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, | |||
| 258 | pkey = NULL; | 260 | pkey = NULL; |
| 259 | } | 261 | } |
| 260 | 262 | ||
| 263 | if (keypair->cert_file != NULL) { | ||
| 264 | if (SSL_CTX_use_certificate_chain_file(ssl_ctx, | ||
| 265 | keypair->cert_file) != 1) { | ||
| 266 | tls_set_errorx(ctx, "failed to load certificate file"); | ||
| 267 | goto err; | ||
| 268 | } | ||
| 269 | } | ||
| 270 | if (keypair->key_file != NULL) { | ||
| 271 | if (SSL_CTX_use_PrivateKey_file(ssl_ctx, | ||
| 272 | keypair->key_file, SSL_FILETYPE_PEM) != 1) { | ||
| 273 | tls_set_errorx(ctx, "failed to load private key file"); | ||
| 274 | goto err; | ||
| 275 | } | ||
| 276 | } | ||
| 277 | |||
| 261 | if (SSL_CTX_check_private_key(ssl_ctx) != 1) { | 278 | if (SSL_CTX_check_private_key(ssl_ctx) != 1) { |
| 262 | tls_set_errorx(ctx, "private/public key mismatch"); | 279 | tls_set_errorx(ctx, "private/public key mismatch"); |
| 263 | goto err; | 280 | goto err; |
| @@ -329,7 +346,7 @@ tls_configure_ssl_verify(struct tls *ctx, int verify) | |||
| 329 | goto err; | 346 | goto err; |
| 330 | } | 347 | } |
| 331 | } else if (SSL_CTX_load_verify_locations(ctx->ssl_ctx, | 348 | } else if (SSL_CTX_load_verify_locations(ctx->ssl_ctx, |
| 332 | NULL, ctx->config->ca_path) != 1) { | 349 | ctx->config->ca_file, ctx->config->ca_path) != 1) { |
| 333 | tls_set_errorx(ctx, "ssl verify setup failure"); | 350 | tls_set_errorx(ctx, "ssl verify setup failure"); |
| 334 | goto err; | 351 | goto err; |
| 335 | } | 352 | } |