diff options
Diffstat (limited to 'src/lib/libtls/tls.c')
| -rw-r--r-- | src/lib/libtls/tls.c | 23 |
1 files changed, 3 insertions, 20 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index 783d320a9d..e0464ec8b1 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls.c,v 1.39 2016/07/06 02:32:57 jsing Exp $ */ | 1 | /* $OpenBSD: tls.c,v 1.40 2016/07/06 16:16:36 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -216,9 +216,7 @@ tls_configure_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, | |||
| 216 | 216 | ||
| 217 | if (!required && | 217 | if (!required && |
| 218 | keypair->cert_mem == NULL && | 218 | keypair->cert_mem == NULL && |
| 219 | keypair->key_mem == NULL && | 219 | keypair->key_mem == NULL) |
| 220 | keypair->cert_file == NULL && | ||
| 221 | keypair->key_file == NULL) | ||
| 222 | return(0); | 220 | return(0); |
| 223 | 221 | ||
| 224 | if (keypair->cert_mem != NULL) { | 222 | if (keypair->cert_mem != NULL) { |
| @@ -260,21 +258,6 @@ tls_configure_keypair(struct tls *ctx, SSL_CTX *ssl_ctx, | |||
| 260 | pkey = NULL; | 258 | pkey = NULL; |
| 261 | } | 259 | } |
| 262 | 260 | ||
| 263 | if (keypair->cert_file != NULL) { | ||
| 264 | if (SSL_CTX_use_certificate_chain_file(ssl_ctx, | ||
| 265 | keypair->cert_file) != 1) { | ||
| 266 | tls_set_errorx(ctx, "failed to load certificate file"); | ||
| 267 | goto err; | ||
| 268 | } | ||
| 269 | } | ||
| 270 | if (keypair->key_file != NULL) { | ||
| 271 | if (SSL_CTX_use_PrivateKey_file(ssl_ctx, | ||
| 272 | keypair->key_file, SSL_FILETYPE_PEM) != 1) { | ||
| 273 | tls_set_errorx(ctx, "failed to load private key file"); | ||
| 274 | goto err; | ||
| 275 | } | ||
| 276 | } | ||
| 277 | |||
| 278 | if (SSL_CTX_check_private_key(ssl_ctx) != 1) { | 261 | if (SSL_CTX_check_private_key(ssl_ctx) != 1) { |
| 279 | tls_set_errorx(ctx, "private/public key mismatch"); | 262 | tls_set_errorx(ctx, "private/public key mismatch"); |
| 280 | goto err; | 263 | goto err; |
| @@ -346,7 +329,7 @@ tls_configure_ssl_verify(struct tls *ctx, int verify) | |||
| 346 | goto err; | 329 | goto err; |
| 347 | } | 330 | } |
| 348 | } else if (SSL_CTX_load_verify_locations(ctx->ssl_ctx, | 331 | } else if (SSL_CTX_load_verify_locations(ctx->ssl_ctx, |
| 349 | ctx->config->ca_file, ctx->config->ca_path) != 1) { | 332 | NULL, ctx->config->ca_path) != 1) { |
| 350 | tls_set_errorx(ctx, "ssl verify setup failure"); | 333 | tls_set_errorx(ctx, "ssl verify setup failure"); |
| 351 | goto err; | 334 | goto err; |
| 352 | } | 335 | } |