diff options
| author | jsing <> | 2018-02-05 00:52:24 +0000 |
|---|---|---|
| committer | jsing <> | 2018-02-05 00:52:24 +0000 |
| commit | 9adba429897718d956bddc3e4437eb4e4649fb0b (patch) | |
| tree | 611712c9b517950cfb54042f78281d00b651fae4 /src | |
| parent | 76d15e276d8fa3d19f496577da2b8da32a643d27 (diff) | |
| download | openbsd-9adba429897718d956bddc3e4437eb4e4649fb0b.tar.gz openbsd-9adba429897718d956bddc3e4437eb4e4649fb0b.tar.bz2 openbsd-9adba429897718d956bddc3e4437eb4e4649fb0b.zip | |
Be consistent with the goto label names used in libtls code.
No change to generated assembly.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libtls/tls_config.c | 20 | ||||
| -rw-r--r-- | src/lib/libtls/tls_ocsp.c | 37 | ||||
| -rw-r--r-- | src/lib/libtls/tls_util.c | 32 | ||||
| -rw-r--r-- | src/lib/libtls/tls_verify.c | 14 |
4 files changed, 52 insertions, 51 deletions
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c index e2e3f4abaa..d44b8dde49 100644 --- a/src/lib/libtls/tls_config.c +++ b/src/lib/libtls/tls_config.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_config.c,v 1.45 2017/12/09 16:46:08 jsing Exp $ */ | 1 | /* $OpenBSD: tls_config.c,v 1.46 2018/02/05 00:52:24 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -161,31 +161,31 @@ tls_config_load_file(struct tls_error *error, const char *filetype, | |||
| 161 | if ((fd = open(filename, O_RDONLY)) == -1) { | 161 | if ((fd = open(filename, O_RDONLY)) == -1) { |
| 162 | tls_error_set(error, "failed to open %s file '%s'", | 162 | tls_error_set(error, "failed to open %s file '%s'", |
| 163 | filetype, filename); | 163 | filetype, filename); |
| 164 | goto fail; | 164 | goto err; |
| 165 | } | 165 | } |
| 166 | if (fstat(fd, &st) != 0) { | 166 | if (fstat(fd, &st) != 0) { |
| 167 | tls_error_set(error, "failed to stat %s file '%s'", | 167 | tls_error_set(error, "failed to stat %s file '%s'", |
| 168 | filetype, filename); | 168 | filetype, filename); |
| 169 | goto fail; | 169 | goto err; |
| 170 | } | 170 | } |
| 171 | if (st.st_size < 0) | 171 | if (st.st_size < 0) |
| 172 | goto fail; | 172 | goto err; |
| 173 | *len = (size_t)st.st_size; | 173 | *len = (size_t)st.st_size; |
| 174 | if ((*buf = malloc(*len)) == NULL) { | 174 | if ((*buf = malloc(*len)) == NULL) { |
| 175 | tls_error_set(error, "failed to allocate buffer for " | 175 | tls_error_set(error, "failed to allocate buffer for " |
| 176 | "%s file", filetype); | 176 | "%s file", filetype); |
| 177 | goto fail; | 177 | goto err; |
| 178 | } | 178 | } |
| 179 | n = read(fd, *buf, *len); | 179 | n = read(fd, *buf, *len); |
| 180 | if (n < 0 || (size_t)n != *len) { | 180 | if (n < 0 || (size_t)n != *len) { |
| 181 | tls_error_set(error, "failed to read %s file '%s'", | 181 | tls_error_set(error, "failed to read %s file '%s'", |
| 182 | filetype, filename); | 182 | filetype, filename); |
| 183 | goto fail; | 183 | goto err; |
| 184 | } | 184 | } |
| 185 | close(fd); | 185 | close(fd); |
| 186 | return 0; | 186 | return 0; |
| 187 | 187 | ||
| 188 | fail: | 188 | err: |
| 189 | if (fd != -1) | 189 | if (fd != -1) |
| 190 | close(fd); | 190 | close(fd); |
| 191 | freezero(*buf, *len); | 191 | freezero(*buf, *len); |
| @@ -571,17 +571,17 @@ tls_config_set_ciphers(struct tls_config *config, const char *ciphers) | |||
| 571 | 571 | ||
| 572 | if ((ssl_ctx = SSL_CTX_new(SSLv23_method())) == NULL) { | 572 | if ((ssl_ctx = SSL_CTX_new(SSLv23_method())) == NULL) { |
| 573 | tls_config_set_errorx(config, "out of memory"); | 573 | tls_config_set_errorx(config, "out of memory"); |
| 574 | goto fail; | 574 | goto err; |
| 575 | } | 575 | } |
| 576 | if (SSL_CTX_set_cipher_list(ssl_ctx, ciphers) != 1) { | 576 | if (SSL_CTX_set_cipher_list(ssl_ctx, ciphers) != 1) { |
| 577 | tls_config_set_errorx(config, "no ciphers for '%s'", ciphers); | 577 | tls_config_set_errorx(config, "no ciphers for '%s'", ciphers); |
| 578 | goto fail; | 578 | goto err; |
| 579 | } | 579 | } |
| 580 | 580 | ||
| 581 | SSL_CTX_free(ssl_ctx); | 581 | SSL_CTX_free(ssl_ctx); |
| 582 | return set_string(&config->ciphers, ciphers); | 582 | return set_string(&config->ciphers, ciphers); |
| 583 | 583 | ||
| 584 | fail: | 584 | err: |
| 585 | SSL_CTX_free(ssl_ctx); | 585 | SSL_CTX_free(ssl_ctx); |
| 586 | return -1; | 586 | return -1; |
| 587 | } | 587 | } |
diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c index a8835edc8f..307ae842b8 100644 --- a/src/lib/libtls/tls_ocsp.c +++ b/src/lib/libtls/tls_ocsp.c | |||
| @@ -101,23 +101,24 @@ tls_ocsp_fill_info(struct tls *ctx, int response_status, int cert_status, | |||
| 101 | tls_ocsp_asn1_parse_time(ctx, revtime, &info->revocation_time) != 0) { | 101 | tls_ocsp_asn1_parse_time(ctx, revtime, &info->revocation_time) != 0) { |
| 102 | tls_set_error(ctx, | 102 | tls_set_error(ctx, |
| 103 | "unable to parse revocation time in OCSP reply"); | 103 | "unable to parse revocation time in OCSP reply"); |
| 104 | goto error; | 104 | goto err; |
| 105 | } | 105 | } |
| 106 | if (thisupd != NULL && | 106 | if (thisupd != NULL && |
| 107 | tls_ocsp_asn1_parse_time(ctx, thisupd, &info->this_update) != 0) { | 107 | tls_ocsp_asn1_parse_time(ctx, thisupd, &info->this_update) != 0) { |
| 108 | tls_set_error(ctx, | 108 | tls_set_error(ctx, |
| 109 | "unable to parse this update time in OCSP reply"); | 109 | "unable to parse this update time in OCSP reply"); |
| 110 | goto error; | 110 | goto err; |
| 111 | } | 111 | } |
| 112 | if (nextupd != NULL && | 112 | if (nextupd != NULL && |
| 113 | tls_ocsp_asn1_parse_time(ctx, nextupd, &info->next_update) != 0) { | 113 | tls_ocsp_asn1_parse_time(ctx, nextupd, &info->next_update) != 0) { |
| 114 | tls_set_error(ctx, | 114 | tls_set_error(ctx, |
| 115 | "unable to parse next update time in OCSP reply"); | 115 | "unable to parse next update time in OCSP reply"); |
| 116 | goto error; | 116 | goto err; |
| 117 | } | 117 | } |
| 118 | ctx->ocsp->ocsp_result = info; | 118 | ctx->ocsp->ocsp_result = info; |
| 119 | return 0; | 119 | return 0; |
| 120 | error: | 120 | |
| 121 | err: | ||
| 121 | free(info); | 122 | free(info); |
| 122 | return -1; | 123 | return -1; |
| 123 | } | 124 | } |
| @@ -162,32 +163,32 @@ tls_ocsp_setup_from_peer(struct tls *ctx) | |||
| 162 | STACK_OF(OPENSSL_STRING) *ocsp_urls = NULL; | 163 | STACK_OF(OPENSSL_STRING) *ocsp_urls = NULL; |
| 163 | 164 | ||
| 164 | if ((ocsp = tls_ocsp_new()) == NULL) | 165 | if ((ocsp = tls_ocsp_new()) == NULL) |
| 165 | goto failed; | 166 | goto err; |
| 166 | 167 | ||
| 167 | /* steal state from ctx struct */ | 168 | /* steal state from ctx struct */ |
| 168 | ocsp->main_cert = SSL_get_peer_certificate(ctx->ssl_conn); | 169 | ocsp->main_cert = SSL_get_peer_certificate(ctx->ssl_conn); |
| 169 | ocsp->extra_certs = SSL_get_peer_cert_chain(ctx->ssl_conn); | 170 | ocsp->extra_certs = SSL_get_peer_cert_chain(ctx->ssl_conn); |
| 170 | if (ocsp->main_cert == NULL) { | 171 | if (ocsp->main_cert == NULL) { |
| 171 | tls_set_errorx(ctx, "no peer certificate for OCSP"); | 172 | tls_set_errorx(ctx, "no peer certificate for OCSP"); |
| 172 | goto failed; | 173 | goto err; |
| 173 | } | 174 | } |
| 174 | 175 | ||
| 175 | ocsp_urls = X509_get1_ocsp(ocsp->main_cert); | 176 | ocsp_urls = X509_get1_ocsp(ocsp->main_cert); |
| 176 | if (ocsp_urls == NULL) { | 177 | if (ocsp_urls == NULL) { |
| 177 | tls_set_errorx(ctx, "no OCSP URLs in peer certificate"); | 178 | tls_set_errorx(ctx, "no OCSP URLs in peer certificate"); |
| 178 | goto failed; | 179 | goto err; |
| 179 | } | 180 | } |
| 180 | 181 | ||
| 181 | ocsp->ocsp_url = strdup(sk_OPENSSL_STRING_value(ocsp_urls, 0)); | 182 | ocsp->ocsp_url = strdup(sk_OPENSSL_STRING_value(ocsp_urls, 0)); |
| 182 | if (ocsp->ocsp_url == NULL) { | 183 | if (ocsp->ocsp_url == NULL) { |
| 183 | tls_set_errorx(ctx, "out of memory"); | 184 | tls_set_errorx(ctx, "out of memory"); |
| 184 | goto failed; | 185 | goto err; |
| 185 | } | 186 | } |
| 186 | 187 | ||
| 187 | X509_email_free(ocsp_urls); | 188 | X509_email_free(ocsp_urls); |
| 188 | return ocsp; | 189 | return ocsp; |
| 189 | 190 | ||
| 190 | failed: | 191 | err: |
| 191 | tls_ocsp_free(ocsp); | 192 | tls_ocsp_free(ocsp); |
| 192 | X509_email_free(ocsp_urls); | 193 | X509_email_free(ocsp_urls); |
| 193 | return NULL; | 194 | return NULL; |
| @@ -206,7 +207,7 @@ tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp) | |||
| 206 | 207 | ||
| 207 | if ((br = OCSP_response_get1_basic(resp)) == NULL) { | 208 | if ((br = OCSP_response_get1_basic(resp)) == NULL) { |
| 208 | tls_set_errorx(ctx, "cannot load ocsp reply"); | 209 | tls_set_errorx(ctx, "cannot load ocsp reply"); |
| 209 | goto error; | 210 | goto err; |
| 210 | } | 211 | } |
| 211 | 212 | ||
| 212 | /* | 213 | /* |
| @@ -219,7 +220,7 @@ tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp) | |||
| 219 | if (OCSP_basic_verify(br, ctx->ocsp->extra_certs, | 220 | if (OCSP_basic_verify(br, ctx->ocsp->extra_certs, |
| 220 | SSL_CTX_get_cert_store(ctx->ssl_ctx), flags) != 1) { | 221 | SSL_CTX_get_cert_store(ctx->ssl_ctx), flags) != 1) { |
| 221 | tls_set_error(ctx, "ocsp verify failed"); | 222 | tls_set_error(ctx, "ocsp verify failed"); |
| 222 | goto error; | 223 | goto err; |
| 223 | } | 224 | } |
| 224 | 225 | ||
| 225 | /* signature OK, look inside */ | 226 | /* signature OK, look inside */ |
| @@ -227,43 +228,43 @@ tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp) | |||
| 227 | if (response_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) { | 228 | if (response_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) { |
| 228 | tls_set_errorx(ctx, "ocsp verify failed: response - %s", | 229 | tls_set_errorx(ctx, "ocsp verify failed: response - %s", |
| 229 | OCSP_response_status_str(response_status)); | 230 | OCSP_response_status_str(response_status)); |
| 230 | goto error; | 231 | goto err; |
| 231 | } | 232 | } |
| 232 | 233 | ||
| 233 | cid = tls_ocsp_get_certid(ctx->ocsp->main_cert, | 234 | cid = tls_ocsp_get_certid(ctx->ocsp->main_cert, |
| 234 | ctx->ocsp->extra_certs, ctx->ssl_ctx); | 235 | ctx->ocsp->extra_certs, ctx->ssl_ctx); |
| 235 | if (cid == NULL) { | 236 | if (cid == NULL) { |
| 236 | tls_set_errorx(ctx, "ocsp verify failed: no issuer cert"); | 237 | tls_set_errorx(ctx, "ocsp verify failed: no issuer cert"); |
| 237 | goto error; | 238 | goto err; |
| 238 | } | 239 | } |
| 239 | 240 | ||
| 240 | if (OCSP_resp_find_status(br, cid, &cert_status, &crl_reason, | 241 | if (OCSP_resp_find_status(br, cid, &cert_status, &crl_reason, |
| 241 | &revtime, &thisupd, &nextupd) != 1) { | 242 | &revtime, &thisupd, &nextupd) != 1) { |
| 242 | tls_set_errorx(ctx, "ocsp verify failed: no result for cert"); | 243 | tls_set_errorx(ctx, "ocsp verify failed: no result for cert"); |
| 243 | goto error; | 244 | goto err; |
| 244 | } | 245 | } |
| 245 | 246 | ||
| 246 | if (OCSP_check_validity(thisupd, nextupd, JITTER_SEC, | 247 | if (OCSP_check_validity(thisupd, nextupd, JITTER_SEC, |
| 247 | MAXAGE_SEC) != 1) { | 248 | MAXAGE_SEC) != 1) { |
| 248 | tls_set_errorx(ctx, | 249 | tls_set_errorx(ctx, |
| 249 | "ocsp verify failed: ocsp response not current"); | 250 | "ocsp verify failed: ocsp response not current"); |
| 250 | goto error; | 251 | goto err; |
| 251 | } | 252 | } |
| 252 | 253 | ||
| 253 | if (tls_ocsp_fill_info(ctx, response_status, cert_status, | 254 | if (tls_ocsp_fill_info(ctx, response_status, cert_status, |
| 254 | crl_reason, revtime, thisupd, nextupd) != 0) | 255 | crl_reason, revtime, thisupd, nextupd) != 0) |
| 255 | goto error; | 256 | goto err; |
| 256 | 257 | ||
| 257 | /* finally can look at status */ | 258 | /* finally can look at status */ |
| 258 | if (cert_status != V_OCSP_CERTSTATUS_GOOD && cert_status != | 259 | if (cert_status != V_OCSP_CERTSTATUS_GOOD && cert_status != |
| 259 | V_OCSP_CERTSTATUS_UNKNOWN) { | 260 | V_OCSP_CERTSTATUS_UNKNOWN) { |
| 260 | tls_set_errorx(ctx, "ocsp verify failed: revoked cert - %s", | 261 | tls_set_errorx(ctx, "ocsp verify failed: revoked cert - %s", |
| 261 | OCSP_crl_reason_str(crl_reason)); | 262 | OCSP_crl_reason_str(crl_reason)); |
| 262 | goto error; | 263 | goto err; |
| 263 | } | 264 | } |
| 264 | ret = 0; | 265 | ret = 0; |
| 265 | 266 | ||
| 266 | error: | 267 | err: |
| 267 | sk_X509_free(combined); | 268 | sk_X509_free(combined); |
| 268 | OCSP_CERTID_free(cid); | 269 | OCSP_CERTID_free(cid); |
| 269 | OCSP_BASICRESP_free(br); | 270 | OCSP_BASICRESP_free(br); |
diff --git a/src/lib/libtls/tls_util.c b/src/lib/libtls/tls_util.c index aaa3eef49f..f9df287ca8 100644 --- a/src/lib/libtls/tls_util.c +++ b/src/lib/libtls/tls_util.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_util.c,v 1.9 2017/06/22 18:03:57 jsing Exp $ */ | 1 | /* $OpenBSD: tls_util.c,v 1.10 2018/02/05 00:52:24 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> | 4 | * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> |
| @@ -43,7 +43,7 @@ tls_host_port(const char *hostport, char **host, char **port) | |||
| 43 | *port = NULL; | 43 | *port = NULL; |
| 44 | 44 | ||
| 45 | if ((s = strdup(hostport)) == NULL) | 45 | if ((s = strdup(hostport)) == NULL) |
| 46 | goto fail; | 46 | goto err; |
| 47 | 47 | ||
| 48 | h = p = s; | 48 | h = p = s; |
| 49 | 49 | ||
| @@ -66,14 +66,14 @@ tls_host_port(const char *hostport, char **host, char **port) | |||
| 66 | *p++ = '\0'; | 66 | *p++ = '\0'; |
| 67 | 67 | ||
| 68 | if (asprintf(host, "%s", h) == -1) | 68 | if (asprintf(host, "%s", h) == -1) |
| 69 | goto fail; | 69 | goto err; |
| 70 | if (asprintf(port, "%s", p) == -1) | 70 | if (asprintf(port, "%s", p) == -1) |
| 71 | goto fail; | 71 | goto err; |
| 72 | 72 | ||
| 73 | rv = 0; | 73 | rv = 0; |
| 74 | goto done; | 74 | goto done; |
| 75 | 75 | ||
| 76 | fail: | 76 | err: |
| 77 | free(*host); | 77 | free(*host); |
| 78 | *host = NULL; | 78 | *host = NULL; |
| 79 | free(*port); | 79 | free(*port); |
| @@ -126,38 +126,38 @@ tls_load_file(const char *name, size_t *len, char *password) | |||
| 126 | /* Just load the file into memory without decryption */ | 126 | /* Just load the file into memory without decryption */ |
| 127 | if (password == NULL) { | 127 | if (password == NULL) { |
| 128 | if (fstat(fd, &st) != 0) | 128 | if (fstat(fd, &st) != 0) |
| 129 | goto fail; | 129 | goto err; |
| 130 | if (st.st_size < 0) | 130 | if (st.st_size < 0) |
| 131 | goto fail; | 131 | goto err; |
| 132 | size = (size_t)st.st_size; | 132 | size = (size_t)st.st_size; |
| 133 | if ((buf = malloc(size)) == NULL) | 133 | if ((buf = malloc(size)) == NULL) |
| 134 | goto fail; | 134 | goto err; |
| 135 | n = read(fd, buf, size); | 135 | n = read(fd, buf, size); |
| 136 | if (n < 0 || (size_t)n != size) | 136 | if (n < 0 || (size_t)n != size) |
| 137 | goto fail; | 137 | goto err; |
| 138 | close(fd); | 138 | close(fd); |
| 139 | goto done; | 139 | goto done; |
| 140 | } | 140 | } |
| 141 | 141 | ||
| 142 | /* Or read the (possibly) encrypted key from file */ | 142 | /* Or read the (possibly) encrypted key from file */ |
| 143 | if ((fp = fdopen(fd, "r")) == NULL) | 143 | if ((fp = fdopen(fd, "r")) == NULL) |
| 144 | goto fail; | 144 | goto err; |
| 145 | fd = -1; | 145 | fd = -1; |
| 146 | 146 | ||
| 147 | key = PEM_read_PrivateKey(fp, NULL, tls_password_cb, password); | 147 | key = PEM_read_PrivateKey(fp, NULL, tls_password_cb, password); |
| 148 | fclose(fp); | 148 | fclose(fp); |
| 149 | if (key == NULL) | 149 | if (key == NULL) |
| 150 | goto fail; | 150 | goto err; |
| 151 | 151 | ||
| 152 | /* Write unencrypted key to memory buffer */ | 152 | /* Write unencrypted key to memory buffer */ |
| 153 | if ((bio = BIO_new(BIO_s_mem())) == NULL) | 153 | if ((bio = BIO_new(BIO_s_mem())) == NULL) |
| 154 | goto fail; | 154 | goto err; |
| 155 | if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL)) | 155 | if (!PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL)) |
| 156 | goto fail; | 156 | goto err; |
| 157 | if ((size = BIO_get_mem_data(bio, &data)) <= 0) | 157 | if ((size = BIO_get_mem_data(bio, &data)) <= 0) |
| 158 | goto fail; | 158 | goto err; |
| 159 | if ((buf = malloc(size)) == NULL) | 159 | if ((buf = malloc(size)) == NULL) |
| 160 | goto fail; | 160 | goto err; |
| 161 | memcpy(buf, data, size); | 161 | memcpy(buf, data, size); |
| 162 | 162 | ||
| 163 | BIO_free_all(bio); | 163 | BIO_free_all(bio); |
| @@ -167,7 +167,7 @@ tls_load_file(const char *name, size_t *len, char *password) | |||
| 167 | *len = size; | 167 | *len = size; |
| 168 | return (buf); | 168 | return (buf); |
| 169 | 169 | ||
| 170 | fail: | 170 | err: |
| 171 | if (fd != -1) | 171 | if (fd != -1) |
| 172 | close(fd); | 172 | close(fd); |
| 173 | freezero(buf, size); | 173 | freezero(buf, size); |
diff --git a/src/lib/libtls/tls_verify.c b/src/lib/libtls/tls_verify.c index 3bd1057d0c..acbe163ffd 100644 --- a/src/lib/libtls/tls_verify.c +++ b/src/lib/libtls/tls_verify.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_verify.c,v 1.19 2017/04/10 17:11:13 jsing Exp $ */ | 1 | /* $OpenBSD: tls_verify.c,v 1.20 2018/02/05 00:52:24 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> | 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> |
| 4 | * | 4 | * |
| @@ -215,16 +215,16 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name, | |||
| 215 | 215 | ||
| 216 | subject_name = X509_get_subject_name(cert); | 216 | subject_name = X509_get_subject_name(cert); |
| 217 | if (subject_name == NULL) | 217 | if (subject_name == NULL) |
| 218 | goto out; | 218 | goto done; |
| 219 | 219 | ||
| 220 | common_name_len = X509_NAME_get_text_by_NID(subject_name, | 220 | common_name_len = X509_NAME_get_text_by_NID(subject_name, |
| 221 | NID_commonName, NULL, 0); | 221 | NID_commonName, NULL, 0); |
| 222 | if (common_name_len < 0) | 222 | if (common_name_len < 0) |
| 223 | goto out; | 223 | goto done; |
| 224 | 224 | ||
| 225 | common_name = calloc(common_name_len + 1, 1); | 225 | common_name = calloc(common_name_len + 1, 1); |
| 226 | if (common_name == NULL) | 226 | if (common_name == NULL) |
| 227 | goto out; | 227 | goto done; |
| 228 | 228 | ||
| 229 | X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name, | 229 | X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name, |
| 230 | common_name_len + 1); | 230 | common_name_len + 1); |
| @@ -236,7 +236,7 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name, | |||
| 236 | "NUL byte in Common Name field, " | 236 | "NUL byte in Common Name field, " |
| 237 | "probably a malicious certificate", name); | 237 | "probably a malicious certificate", name); |
| 238 | rv = -1; | 238 | rv = -1; |
| 239 | goto out; | 239 | goto done; |
| 240 | } | 240 | } |
| 241 | 241 | ||
| 242 | /* | 242 | /* |
| @@ -247,13 +247,13 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name, | |||
| 247 | inet_pton(AF_INET6, name, &addrbuf) == 1) { | 247 | inet_pton(AF_INET6, name, &addrbuf) == 1) { |
| 248 | if (strcmp(common_name, name) == 0) | 248 | if (strcmp(common_name, name) == 0) |
| 249 | *cn_match = 1; | 249 | *cn_match = 1; |
| 250 | goto out; | 250 | goto done; |
| 251 | } | 251 | } |
| 252 | 252 | ||
| 253 | if (tls_match_name(common_name, name) == 0) | 253 | if (tls_match_name(common_name, name) == 0) |
| 254 | *cn_match = 1; | 254 | *cn_match = 1; |
| 255 | 255 | ||
| 256 | out: | 256 | done: |
| 257 | free(common_name); | 257 | free(common_name); |
| 258 | return rv; | 258 | return rv; |
| 259 | } | 259 | } |