diff options
| author | jsing <> | 2018-02-08 05:56:49 +0000 |
|---|---|---|
| committer | jsing <> | 2018-02-08 05:56:49 +0000 |
| commit | 8a01a8361d1add29153f53a3721130f62d3d4389 (patch) | |
| tree | 0abe458cace64c392a0381ff03a5068a69ab19c6 /src/lib/libtls/tls_server.c | |
| parent | 89cc508e649be59dc0fc8a0701224d65a0e45972 (diff) | |
| download | openbsd-8a01a8361d1add29153f53a3721130f62d3d4389.tar.gz openbsd-8a01a8361d1add29153f53a3721130f62d3d4389.tar.bz2 openbsd-8a01a8361d1add29153f53a3721130f62d3d4389.zip | |
Split keypair handling out into its own file - it had already appeared
in multiple locations.
ok beck@
Diffstat (limited to 'src/lib/libtls/tls_server.c')
| -rw-r--r-- | src/lib/libtls/tls_server.c | 39 |
1 files changed, 1 insertions, 38 deletions
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c index e1011769f6..98b0957437 100644 --- a/src/lib/libtls/tls_server.c +++ b/src/lib/libtls/tls_server.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_server.c,v 1.42 2017/09/20 17:05:17 jsing Exp $ */ | 1 | /* $OpenBSD: tls_server.c,v 1.43 2018/02/08 05:56:49 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -204,43 +204,6 @@ tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv, | |||
| 204 | } | 204 | } |
| 205 | 205 | ||
| 206 | static int | 206 | static int |
| 207 | tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error, | ||
| 208 | X509 **cert) | ||
| 209 | { | ||
| 210 | char *errstr = "unknown"; | ||
| 211 | BIO *cert_bio = NULL; | ||
| 212 | int ssl_err; | ||
| 213 | int rv = -1; | ||
| 214 | |||
| 215 | X509_free(*cert); | ||
| 216 | *cert = NULL; | ||
| 217 | |||
| 218 | if (keypair->cert_mem == NULL) { | ||
| 219 | tls_error_set(error, "keypair has no certificate"); | ||
| 220 | goto err; | ||
| 221 | } | ||
| 222 | if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem, | ||
| 223 | keypair->cert_len)) == NULL) { | ||
| 224 | tls_error_set(error, "failed to create certificate bio"); | ||
| 225 | goto err; | ||
| 226 | } | ||
| 227 | if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb, | ||
| 228 | NULL)) == NULL) { | ||
| 229 | if ((ssl_err = ERR_peek_error()) != 0) | ||
| 230 | errstr = ERR_error_string(ssl_err, NULL); | ||
| 231 | tls_error_set(error, "failed to load certificate: %s", errstr); | ||
| 232 | goto err; | ||
| 233 | } | ||
| 234 | |||
| 235 | rv = 0; | ||
| 236 | |||
| 237 | err: | ||
| 238 | BIO_free(cert_bio); | ||
| 239 | |||
| 240 | return (rv); | ||
| 241 | } | ||
| 242 | |||
| 243 | static int | ||
| 244 | tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx, | 207 | tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx, |
| 245 | struct tls_keypair *keypair) | 208 | struct tls_keypair *keypair) |
| 246 | { | 209 | { |