generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

openssl: Use 'CURLcode result'

Browse Source 
...and some minor code style changes.
This commit is contained in:
Steve Holme 2014-11-01 16:16:56 +00:00
parent beb478a24b
commit 14b4707d9a
1 changed files with 40 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
lib/vtls/openssl.c
View File

@ -1118,8 +1118,7 @@ static int asn1_output(const ASN1_UTCTIME *tm,
in the certificate and must exactly match the IP in the URI. in the certificate and must exactly match the IP in the URI.
*/ */
static CURLcode verifyhost(struct connectdata *conn, static CURLcode verifyhost(struct connectdata *conn, X509 *server_cert)
X509 *server_cert)
{ {
int matched = -1; /* -1 is no alternative match yet, 1 means match and 0 int matched = -1; /* -1 is no alternative match yet, 1 means match and 0
means mismatch */ means mismatch */
@ -1132,7 +1131,7 @@ static CURLcode verifyhost(struct connectdata *conn,
#else #else
struct in_addr addr; struct in_addr addr;
#endif #endif
CURLcode res = CURLE_OK; CURLcode result = CURLE_OK;
#ifdef ENABLE_IPV6 #ifdef ENABLE_IPV6
if(conn->bits.ipv6_ip && if(conn->bits.ipv6_ip &&
@ -1213,7 +1212,7 @@ static CURLcode verifyhost(struct connectdata *conn,
infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname); infof(data, "\t subjectAltName does not match %s\n", conn->host.dispname);
failf(data, "SSL: no alternative certificate subject name matches " failf(data, "SSL: no alternative certificate subject name matches "
"target host name '%s'", conn->host.dispname); "target host name '%s'", conn->host.dispname);
res = CURLE_PEER_FAILED_VERIFICATION; result = CURLE_PEER_FAILED_VERIFICATION;
} }
else { else {
/* we have to look to the last occurrence of a commonName in the /* we have to look to the last occurrence of a commonName in the
@ -1260,7 +1259,7 @@ static CURLcode verifyhost(struct connectdata *conn,
/* there was a terminating zero before the end of string, this /* there was a terminating zero before the end of string, this
cannot match and we return failure! */ cannot match and we return failure! */
failf(data, "SSL: illegal cert name field"); failf(data, "SSL: illegal cert name field");
res = CURLE_PEER_FAILED_VERIFICATION; result = CURLE_PEER_FAILED_VERIFICATION;
} }
} }
} }
@ -1277,18 +1276,18 @@ static CURLcode verifyhost(struct connectdata *conn,
} }
} }
if(res) if(result)
/* error already detected, pass through */ /* error already detected, pass through */
; ;
else if(!peer_CN) { else if(!peer_CN) {
failf(data, failf(data,
"SSL: unable to obtain common name from peer certificate"); "SSL: unable to obtain common name from peer certificate");
res = CURLE_PEER_FAILED_VERIFICATION; result = CURLE_PEER_FAILED_VERIFICATION;
} }
else if(!Curl_cert_hostcheck((const char *)peer_CN, conn->host.name)) { else if(!Curl_cert_hostcheck((const char *)peer_CN, conn->host.name)) {
failf(data, "SSL: certificate subject name '%s' does not match " failf(data, "SSL: certificate subject name '%s' does not match "
"target host name '%s'", peer_CN, conn->host.dispname); "target host name '%s'", peer_CN, conn->host.dispname);
res = CURLE_PEER_FAILED_VERIFICATION; result = CURLE_PEER_FAILED_VERIFICATION;
} }
else { else {
infof(data, "\t common name: %s (matched)\n", peer_CN); infof(data, "\t common name: %s (matched)\n", peer_CN);
@ -1296,7 +1295,8 @@ static CURLcode verifyhost(struct connectdata *conn,
if(peer_CN) if(peer_CN)
OPENSSL_free(peer_CN); OPENSSL_free(peer_CN);
} }
return res;
return result;
} }
#endif /* USE_SSLEAY */ #endif /* USE_SSLEAY */
@ -1496,17 +1496,14 @@ get_ssl_version_txt(SSL_SESSION *session)
return "unknown"; return "unknown";
} }
static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
static CURLcode
ossl_connect_step1(struct connectdata *conn,
int sockindex)
{ {
CURLcode retcode = CURLE_OK; CURLcode result = CURLE_OK;
char *ciphers; char *ciphers;
struct SessionHandle *data = conn->data; struct SessionHandle *data = conn->data;
SSL_METHOD_QUAL SSL_METHOD *req_method=NULL; SSL_METHOD_QUAL SSL_METHOD *req_method = NULL;
void *ssl_sessionid=NULL; void *ssl_sessionid = NULL;
X509_LOOKUP *lookup=NULL; X509_LOOKUP *lookup = NULL;
curl_socket_t sockfd = conn->sock[sockindex]; curl_socket_t sockfd = conn->sock[sockindex];
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
long ctx_options; long ctx_options;
@ -1859,11 +1856,11 @@ ossl_connect_step1(struct connectdata *conn,
/* give application a chance to interfere with SSL set up. */ /* give application a chance to interfere with SSL set up. */
if(data->set.ssl.fsslctx) { if(data->set.ssl.fsslctx) {
retcode = (*data->set.ssl.fsslctx)(data, connssl->ctx, result = (*data->set.ssl.fsslctx)(data, connssl->ctx,
data->set.ssl.fsslctxp); data->set.ssl.fsslctxp);
if(retcode) { if(result) {
failf(data,"error signaled by ssl ctx callback"); failf(data,"error signaled by ssl ctx callback");
return retcode; return result;
} }
} }
@ -1910,6 +1907,7 @@ ossl_connect_step1(struct connectdata *conn,
} }
connssl->connecting_state = ssl_connect_2; connssl->connecting_state = ssl_connect_2;
return CURLE_OK; return CURLE_OK;
} }
@ -2167,6 +2165,7 @@ static void X509_signature(struct SessionHandle *data,
char buf[1024]; char buf[1024];
char *ptr = buf; char *ptr = buf;
int i; int i;
for(i=0; i<sig->length; i++) for(i=0; i<sig->length; i++)
ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%02x:", sig->data[i]); ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%02x:", sig->data[i]);
@ -2189,7 +2188,6 @@ static void dumpcert(struct SessionHandle *data, X509 *x, int numcert)
"Cert", biomem->data, biomem->length); "Cert", biomem->data, biomem->length);
BIO_free(bio_out); BIO_free(bio_out);
} }
/* /*
@ -2560,13 +2558,10 @@ static CURLcode servercert(struct connectdata *conn,
return retcode; return retcode;
} }
static CURLcode ossl_connect_step3(struct connectdata *conn, int sockindex)
static CURLcode
ossl_connect_step3(struct connectdata *conn,
int sockindex)
{ {
CURLcode retcode = CURLE_OK; CURLcode result = CURLE_OK;
void *old_ssl_sessionid=NULL; void *old_ssl_sessionid = NULL;
struct SessionHandle *data = conn->data; struct SessionHandle *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex]; struct ssl_connect_data *connssl = &conn->ssl[sockindex];
int incache; int incache;
@ -2602,12 +2597,13 @@ ossl_connect_step3(struct connectdata *conn,
incache = FALSE; incache = FALSE;
} }
} }
if(!incache) { if(!incache) {
retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid, result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
0 /* unknown size */); 0 /* unknown size */);
if(retcode) { if(result) {
failf(data, "failed to store ssl session"); failf(data, "failed to store ssl session");
return retcode; return result;
} }
} }
#ifdef HAVE_SSL_GET1_SESSION #ifdef HAVE_SSL_GET1_SESSION
@ -2630,11 +2626,12 @@ ossl_connect_step3(struct connectdata *conn,
if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost) if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)
(void)servercert(conn, connssl, FALSE); (void)servercert(conn, connssl, FALSE);
else else
retcode = servercert(conn, connssl, TRUE); result = servercert(conn, connssl, TRUE);
if(CURLE_OK == retcode) if(!result)
connssl->connecting_state = ssl_connect_done; connssl->connecting_state = ssl_connect_done;
return retcode;
return result;
} }
static Curl_recv ossl_recv; static Curl_recv ossl_recv;
@ -2752,32 +2749,28 @@ ossl_connect_common(struct connectdata *conn,
return CURLE_OK; return CURLE_OK;
} }
CURLcode CURLcode Curl_ossl_connect_nonblocking(struct connectdata *conn,
Curl_ossl_connect_nonblocking(struct connectdata *conn,
int sockindex, int sockindex,
bool *done) bool *done)
{ {
return ossl_connect_common(conn, sockindex, TRUE, done); return ossl_connect_common(conn, sockindex, TRUE, done);
} }
CURLcode CURLcode Curl_ossl_connect(struct connectdata *conn, int sockindex)
Curl_ossl_connect(struct connectdata *conn,
int sockindex)
{ {
CURLcode retcode; CURLcode result;
bool done = FALSE; bool done = FALSE;
retcode = ossl_connect_common(conn, sockindex, FALSE, &done); result = ossl_connect_common(conn, sockindex, FALSE, &done);
if(retcode) if(result)
return retcode; return result;
DEBUGASSERT(done); DEBUGASSERT(done);
return CURLE_OK; return CURLE_OK;
} }
bool Curl_ossl_data_pending(const struct connectdata *conn, bool Curl_ossl_data_pending(const struct connectdata *conn, int connindex)
int connindex)
{ {
if(conn->ssl[connindex].handle) if(conn->ssl[connindex].handle)
/* SSL is in use */ /* SSL is in use */