summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_rsa.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_rsa.c')
-rw-r--r--src/lib/libssl/ssl_rsa.c332
1 files changed, 158 insertions, 174 deletions
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
index 140475e5fb..6ec7a5cdb1 100644
--- a/src/lib/libssl/ssl_rsa.c
+++ b/src/lib/libssl/ssl_rsa.c
@@ -57,53 +57,32 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "bio.h" 60#include <openssl/bio.h>
61#include "objects.h" 61#include <openssl/objects.h>
62#include "evp.h" 62#include <openssl/evp.h>
63#include "x509.h" 63#include <openssl/x509.h>
64#include "pem.h" 64#include <openssl/pem.h>
65#include "ssl_locl.h" 65#include "ssl_locl.h"
66 66
67#ifndef NOPROTO
68static int ssl_set_cert(CERT *c, X509 *x509); 67static int ssl_set_cert(CERT *c, X509 *x509);
69static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); 68static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
70#else 69int SSL_use_certificate(SSL *ssl, X509 *x)
71static int ssl_set_cert();
72static int ssl_set_pkey();
73#endif
74
75int SSL_use_certificate(ssl, x)
76SSL *ssl;
77X509 *x;
78 { 70 {
79 CERT *c;
80
81 if (x == NULL) 71 if (x == NULL)
82 { 72 {
83 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); 73 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
84 return(0); 74 return(0);
85 } 75 }
86 if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert)) 76 if (!ssl_cert_inst(&ssl->cert))
87 { 77 {
88 c=ssl_cert_new(); 78 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
89 if (c == NULL) 79 return(0);
90 {
91 SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
92 return(0);
93 }
94 if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
95 ssl->cert=c;
96 } 80 }
97 c=ssl->cert; 81 return(ssl_set_cert(ssl->cert,x));
98
99 return(ssl_set_cert(c,x));
100 } 82 }
101 83
102#ifndef NO_STDIO 84#ifndef NO_STDIO
103int SSL_use_certificate_file(ssl, file, type) 85int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
104SSL *ssl;
105char *file;
106int type;
107 { 86 {
108 int j; 87 int j;
109 BIO *in; 88 BIO *in;
@@ -130,7 +109,7 @@ int type;
130 else if (type == SSL_FILETYPE_PEM) 109 else if (type == SSL_FILETYPE_PEM)
131 { 110 {
132 j=ERR_R_PEM_LIB; 111 j=ERR_R_PEM_LIB;
133 x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback); 112 x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
134 } 113 }
135 else 114 else
136 { 115 {
@@ -152,10 +131,7 @@ end:
152 } 131 }
153#endif 132#endif
154 133
155int SSL_use_certificate_ASN1(ssl, len, d) 134int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
156SSL *ssl;
157int len;
158unsigned char *d;
159 { 135 {
160 X509 *x; 136 X509 *x;
161 int ret; 137 int ret;
@@ -173,11 +149,8 @@ unsigned char *d;
173 } 149 }
174 150
175#ifndef NO_RSA 151#ifndef NO_RSA
176int SSL_use_RSAPrivateKey(ssl, rsa) 152int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
177SSL *ssl;
178RSA *rsa;
179 { 153 {
180 CERT *c;
181 EVP_PKEY *pkey; 154 EVP_PKEY *pkey;
182 int ret; 155 int ret;
183 156
@@ -186,19 +159,11 @@ RSA *rsa;
186 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 159 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
187 return(0); 160 return(0);
188 } 161 }
189 162 if (!ssl_cert_inst(&ssl->cert))
190 if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert)) 163 {
191 { 164 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
192 c=ssl_cert_new(); 165 return(0);
193 if (c == NULL)
194 {
195 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
196 return(0);
197 }
198 if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
199 ssl->cert=c;
200 } 166 }
201 c=ssl->cert;
202 if ((pkey=EVP_PKEY_new()) == NULL) 167 if ((pkey=EVP_PKEY_new()) == NULL)
203 { 168 {
204 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); 169 SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
@@ -208,15 +173,13 @@ RSA *rsa;
208 CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); 173 CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
209 EVP_PKEY_assign_RSA(pkey,rsa); 174 EVP_PKEY_assign_RSA(pkey,rsa);
210 175
211 ret=ssl_set_pkey(c,pkey); 176 ret=ssl_set_pkey(ssl->cert,pkey);
212 EVP_PKEY_free(pkey); 177 EVP_PKEY_free(pkey);
213 return(ret); 178 return(ret);
214 } 179 }
215#endif 180#endif
216 181
217static int ssl_set_pkey(c,pkey) 182static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
218CERT *c;
219EVP_PKEY *pkey;
220 { 183 {
221 int i,ok=0,bad=0; 184 int i,ok=0,bad=0;
222 185
@@ -229,6 +192,12 @@ EVP_PKEY *pkey;
229 192
230 if (c->pkeys[i].x509 != NULL) 193 if (c->pkeys[i].x509 != NULL)
231 { 194 {
195 EVP_PKEY *pktmp;
196 pktmp = X509_get_pubkey(c->pkeys[i].x509);
197 EVP_PKEY_copy_parameters(pktmp,pkey);
198 EVP_PKEY_free(pktmp);
199 ERR_clear_error();
200
232#ifndef NO_RSA 201#ifndef NO_RSA
233 /* Don't check the public/private key, this is mostly 202 /* Don't check the public/private key, this is mostly
234 * for smart cards. */ 203 * for smart cards. */
@@ -284,10 +253,7 @@ EVP_PKEY *pkey;
284 253
285#ifndef NO_RSA 254#ifndef NO_RSA
286#ifndef NO_STDIO 255#ifndef NO_STDIO
287int SSL_use_RSAPrivateKey_file(ssl, file, type) 256int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
288SSL *ssl;
289char *file;
290int type;
291 { 257 {
292 int j,ret=0; 258 int j,ret=0;
293 BIO *in; 259 BIO *in;
@@ -314,7 +280,7 @@ int type;
314 { 280 {
315 j=ERR_R_PEM_LIB; 281 j=ERR_R_PEM_LIB;
316 rsa=PEM_read_bio_RSAPrivateKey(in,NULL, 282 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
317 ssl->ctx->default_passwd_callback); 283 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
318 } 284 }
319 else 285 else
320 { 286 {
@@ -334,10 +300,7 @@ end:
334 } 300 }
335#endif 301#endif
336 302
337int SSL_use_RSAPrivateKey_ASN1(ssl,d,len) 303int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
338SSL *ssl;
339unsigned char *d;
340long len;
341 { 304 {
342 int ret; 305 int ret;
343 unsigned char *p; 306 unsigned char *p;
@@ -356,11 +319,8 @@ long len;
356 } 319 }
357#endif /* !NO_RSA */ 320#endif /* !NO_RSA */
358 321
359int SSL_use_PrivateKey(ssl, pkey) 322int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
360SSL *ssl;
361EVP_PKEY *pkey;
362 { 323 {
363 CERT *c;
364 int ret; 324 int ret;
365 325
366 if (pkey == NULL) 326 if (pkey == NULL)
@@ -368,29 +328,17 @@ EVP_PKEY *pkey;
368 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 328 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
369 return(0); 329 return(0);
370 } 330 }
371 331 if (!ssl_cert_inst(&ssl->cert))
372 if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert)) 332 {
373 { 333 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
374 c=ssl_cert_new(); 334 return(0);
375 if (c == NULL)
376 {
377 SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
378 return(0);
379 }
380 if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
381 ssl->cert=c;
382 } 335 }
383 c=ssl->cert; 336 ret=ssl_set_pkey(ssl->cert,pkey);
384
385 ret=ssl_set_pkey(c,pkey);
386 return(ret); 337 return(ret);
387 } 338 }
388 339
389#ifndef NO_STDIO 340#ifndef NO_STDIO
390int SSL_use_PrivateKey_file(ssl, file, type) 341int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
391SSL *ssl;
392char *file;
393int type;
394 { 342 {
395 int j,ret=0; 343 int j,ret=0;
396 BIO *in; 344 BIO *in;
@@ -412,7 +360,7 @@ int type;
412 { 360 {
413 j=ERR_R_PEM_LIB; 361 j=ERR_R_PEM_LIB;
414 pkey=PEM_read_bio_PrivateKey(in,NULL, 362 pkey=PEM_read_bio_PrivateKey(in,NULL,
415 ssl->ctx->default_passwd_callback); 363 ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
416 } 364 }
417 else 365 else
418 { 366 {
@@ -432,11 +380,7 @@ end:
432 } 380 }
433#endif 381#endif
434 382
435int SSL_use_PrivateKey_ASN1(type,ssl,d,len) 383int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len)
436int type;
437SSL *ssl;
438unsigned char *d;
439long len;
440 { 384 {
441 int ret; 385 int ret;
442 unsigned char *p; 386 unsigned char *p;
@@ -454,36 +398,22 @@ long len;
454 return(ret); 398 return(ret);
455 } 399 }
456 400
457int SSL_CTX_use_certificate(ctx, x) 401int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
458SSL_CTX *ctx;
459X509 *x;
460 { 402 {
461 CERT *c;
462
463 if (x == NULL) 403 if (x == NULL)
464 { 404 {
465 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); 405 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
466 return(0); 406 return(0);
467 } 407 }
468 408 if (!ssl_cert_inst(&ctx->cert))
469 if (ctx->default_cert == NULL)
470 { 409 {
471 c=ssl_cert_new(); 410 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
472 if (c == NULL) 411 return(0);
473 {
474 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
475 return(0);
476 }
477 ctx->default_cert=c;
478 } 412 }
479 c=ctx->default_cert; 413 return(ssl_set_cert(ctx->cert, x));
480
481 return(ssl_set_cert(c,x));
482 } 414 }
483 415
484static int ssl_set_cert(c,x) 416static int ssl_set_cert(CERT *c, X509 *x)
485CERT *c;
486X509 *x;
487 { 417 {
488 EVP_PKEY *pkey; 418 EVP_PKEY *pkey;
489 int i,ok=0,bad=0; 419 int i,ok=0,bad=0;
@@ -499,11 +429,25 @@ X509 *x;
499 if (i < 0) 429 if (i < 0)
500 { 430 {
501 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); 431 SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
432 EVP_PKEY_free(pkey);
502 return(0); 433 return(0);
503 } 434 }
504 435
505 if (c->pkeys[i].privatekey != NULL) 436 if (c->pkeys[i].privatekey != NULL)
506 { 437 {
438 EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
439 ERR_clear_error();
440
441#ifndef NO_RSA
442 /* Don't check the public/private key, this is mostly
443 * for smart cards. */
444 if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
445 (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
446 RSA_METHOD_FLAG_NO_CHECK))
447 ok=1;
448 else
449#endif
450 {
507 if (!X509_check_private_key(x,c->pkeys[i].privatekey)) 451 if (!X509_check_private_key(x,c->pkeys[i].privatekey))
508 { 452 {
509 if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) 453 if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA))
@@ -527,10 +471,12 @@ X509 *x;
527 } 471 }
528 else 472 else
529 ok=1; 473 ok=1;
474 } /* NO_RSA */
530 } 475 }
531 else 476 else
532 ok=1; 477 ok=1;
533 478
479 EVP_PKEY_free(pkey);
534 if (bad) 480 if (bad)
535 { 481 {
536 EVP_PKEY_free(c->pkeys[i].privatekey); 482 EVP_PKEY_free(c->pkeys[i].privatekey);
@@ -548,10 +494,7 @@ X509 *x;
548 } 494 }
549 495
550#ifndef NO_STDIO 496#ifndef NO_STDIO
551int SSL_CTX_use_certificate_file(ctx, file, type) 497int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
552SSL_CTX *ctx;
553char *file;
554int type;
555 { 498 {
556 int j; 499 int j;
557 BIO *in; 500 BIO *in;
@@ -578,7 +521,7 @@ int type;
578 else if (type == SSL_FILETYPE_PEM) 521 else if (type == SSL_FILETYPE_PEM)
579 { 522 {
580 j=ERR_R_PEM_LIB; 523 j=ERR_R_PEM_LIB;
581 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback); 524 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
582 } 525 }
583 else 526 else
584 { 527 {
@@ -600,10 +543,7 @@ end:
600 } 543 }
601#endif 544#endif
602 545
603int SSL_CTX_use_certificate_ASN1(ctx, len, d) 546int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
604SSL_CTX *ctx;
605int len;
606unsigned char *d;
607 { 547 {
608 X509 *x; 548 X509 *x;
609 int ret; 549 int ret;
@@ -621,12 +561,9 @@ unsigned char *d;
621 } 561 }
622 562
623#ifndef NO_RSA 563#ifndef NO_RSA
624int SSL_CTX_use_RSAPrivateKey(ctx, rsa) 564int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
625SSL_CTX *ctx;
626RSA *rsa;
627 { 565 {
628 int ret; 566 int ret;
629 CERT *c;
630 EVP_PKEY *pkey; 567 EVP_PKEY *pkey;
631 568
632 if (rsa == NULL) 569 if (rsa == NULL)
@@ -634,18 +571,11 @@ RSA *rsa;
634 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 571 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
635 return(0); 572 return(0);
636 } 573 }
637 if (ctx->default_cert == NULL) 574 if (!ssl_cert_inst(&ctx->cert))
638 { 575 {
639 c=ssl_cert_new(); 576 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
640 if (c == NULL) 577 return(0);
641 {
642 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
643 return(0);
644 }
645 ctx->default_cert=c;
646 } 578 }
647 c=ctx->default_cert;
648
649 if ((pkey=EVP_PKEY_new()) == NULL) 579 if ((pkey=EVP_PKEY_new()) == NULL)
650 { 580 {
651 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); 581 SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
@@ -655,16 +585,13 @@ RSA *rsa;
655 CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); 585 CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
656 EVP_PKEY_assign_RSA(pkey,rsa); 586 EVP_PKEY_assign_RSA(pkey,rsa);
657 587
658 ret=ssl_set_pkey(c,pkey); 588 ret=ssl_set_pkey(ctx->cert, pkey);
659 EVP_PKEY_free(pkey); 589 EVP_PKEY_free(pkey);
660 return(ret); 590 return(ret);
661 } 591 }
662 592
663#ifndef NO_STDIO 593#ifndef NO_STDIO
664int SSL_CTX_use_RSAPrivateKey_file(ctx, file, type) 594int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
665SSL_CTX *ctx;
666char *file;
667int type;
668 { 595 {
669 int j,ret=0; 596 int j,ret=0;
670 BIO *in; 597 BIO *in;
@@ -691,7 +618,7 @@ int type;
691 { 618 {
692 j=ERR_R_PEM_LIB; 619 j=ERR_R_PEM_LIB;
693 rsa=PEM_read_bio_RSAPrivateKey(in,NULL, 620 rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
694 ctx->default_passwd_callback); 621 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
695 } 622 }
696 else 623 else
697 { 624 {
@@ -711,10 +638,7 @@ end:
711 } 638 }
712#endif 639#endif
713 640
714int SSL_CTX_use_RSAPrivateKey_ASN1(ctx,d,len) 641int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
715SSL_CTX *ctx;
716unsigned char *d;
717long len;
718 { 642 {
719 int ret; 643 int ret;
720 unsigned char *p; 644 unsigned char *p;
@@ -733,38 +657,23 @@ long len;
733 } 657 }
734#endif /* !NO_RSA */ 658#endif /* !NO_RSA */
735 659
736int SSL_CTX_use_PrivateKey(ctx, pkey) 660int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
737SSL_CTX *ctx;
738EVP_PKEY *pkey;
739 { 661 {
740 CERT *c;
741
742 if (pkey == NULL) 662 if (pkey == NULL)
743 { 663 {
744 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); 664 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
745 return(0); 665 return(0);
746 } 666 }
747 667 if (!ssl_cert_inst(&ctx->cert))
748 if (ctx->default_cert == NULL)
749 { 668 {
750 c=ssl_cert_new(); 669 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
751 if (c == NULL) 670 return(0);
752 {
753 SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
754 return(0);
755 }
756 ctx->default_cert=c;
757 } 671 }
758 c=ctx->default_cert; 672 return(ssl_set_pkey(ctx->cert,pkey));
759
760 return(ssl_set_pkey(c,pkey));
761 } 673 }
762 674
763#ifndef NO_STDIO 675#ifndef NO_STDIO
764int SSL_CTX_use_PrivateKey_file(ctx, file, type) 676int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
765SSL_CTX *ctx;
766char *file;
767int type;
768 { 677 {
769 int j,ret=0; 678 int j,ret=0;
770 BIO *in; 679 BIO *in;
@@ -786,7 +695,7 @@ int type;
786 { 695 {
787 j=ERR_R_PEM_LIB; 696 j=ERR_R_PEM_LIB;
788 pkey=PEM_read_bio_PrivateKey(in,NULL, 697 pkey=PEM_read_bio_PrivateKey(in,NULL,
789 ctx->default_passwd_callback); 698 ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
790 } 699 }
791 else 700 else
792 { 701 {
@@ -806,11 +715,8 @@ end:
806 } 715 }
807#endif 716#endif
808 717
809int SSL_CTX_use_PrivateKey_ASN1(type,ctx,d,len) 718int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
810int type; 719 long len)
811SSL_CTX *ctx;
812unsigned char *d;
813long len;
814 { 720 {
815 int ret; 721 int ret;
816 unsigned char *p; 722 unsigned char *p;
@@ -829,3 +735,81 @@ long len;
829 } 735 }
830 736
831 737
738#ifndef NO_STDIO
739/* Read a file that contains our certificate in "PEM" format,
740 * possibly followed by a sequence of CA certificates that should be
741 * sent to the peer in the Certificate message.
742 */
743int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
744 {
745 BIO *in;
746 int ret=0;
747 X509 *x=NULL;
748
749 in=BIO_new(BIO_s_file_internal());
750 if (in == NULL)
751 {
752 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
753 goto end;
754 }
755
756 if (BIO_read_filename(in,file) <= 0)
757 {
758 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
759 goto end;
760 }
761
762 x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
763 if (x == NULL)
764 {
765 SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
766 goto end;
767 }
768
769 ret=SSL_CTX_use_certificate(ctx,x);
770 if (ERR_peek_error() != 0)
771 ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
772 if (ret)
773 {
774 /* If we could set up our certificate, now proceed to
775 * the CA certificates.
776 */
777 X509 *ca;
778 int r;
779 unsigned long err;
780
781 if (ctx->extra_certs != NULL)
782 {
783 sk_X509_pop_free(ctx->extra_certs, X509_free);
784 ctx->extra_certs = NULL;
785 }
786
787 while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
788 != NULL)
789 {
790 r = SSL_CTX_add_extra_chain_cert(ctx, ca);
791 if (!r)
792 {
793 X509_free(ca);
794 ret = 0;
795 goto end;
796 }
797 /* Note that we must not free r if it was successfully
798 * added to the chain (while we must free the main
799 * certificate, since its reference count is increased
800 * by SSL_CTX_use_certificate). */
801 }
802 /* When the while loop ends, it's usually just EOF. */
803 err = ERR_peek_error();
804 if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
805 (void) ERR_get_error();
806 else
807 ret = 0; /* some real error */
808 }
809
810end:
811 if (x != NULL) X509_free(x);
812 if (in != NULL) BIO_free(in);
813 return(ret);
814 }
815#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 12:56:14 +0000