polarssl: drop use of 1.2 compatibility header.
API has changed since version 1.3. A compatibility header has been created to ensure forward compatibility for code using old API: * x509 certificate structure has been renamed to from x509_cert to x509_crt * new dedicated setter for RSA certificates ssl_set_own_cert_rsa, ssl_set_own_cert is for generic keys * ssl_default_ciphersuites has been replaced by function ssl_list_ciphersuites() This patch drops the use of the compatibly header.
This commit is contained in:
		 Gaël PORTAY
					Gaël PORTAY
				
			
				
					committed by
					
						 Daniel Stenberg
						Daniel Stenberg
					
				
			
			
				
	
			
			
			 Daniel Stenberg
						Daniel Stenberg
					
				
			
						parent
						
							7a1fb8e816
						
					
				
				
					commit
					31265376bc
				
			| @@ -31,7 +31,6 @@ | ||||
|  | ||||
| #ifdef USE_POLARSSL | ||||
|  | ||||
| #include <polarssl/compat-1.2.h> | ||||
| #include <polarssl/net.h> | ||||
| #include <polarssl/ssl.h> | ||||
| #include <polarssl/certs.h> | ||||
| @@ -184,7 +183,7 @@ polarssl_connect_step1(struct connectdata *conn, | ||||
|   memset(&connssl->cacert, 0, sizeof(x509_crt)); | ||||
|  | ||||
|   if(data->set.str[STRING_SSL_CAFILE]) { | ||||
|     ret = x509parse_crtfile(&connssl->cacert, | ||||
|     ret = x509_crt_parse_file(&connssl->cacert, | ||||
|                               data->set.str[STRING_SSL_CAFILE]); | ||||
|  | ||||
|     if(ret<0) { | ||||
| @@ -203,7 +202,7 @@ polarssl_connect_step1(struct connectdata *conn, | ||||
|   memset(&connssl->clicert, 0, sizeof(x509_crt)); | ||||
|  | ||||
|   if(data->set.str[STRING_CERT]) { | ||||
|     ret = x509parse_crtfile(&connssl->clicert, | ||||
|     ret = x509_crt_parse_file(&connssl->clicert, | ||||
|                               data->set.str[STRING_CERT]); | ||||
|  | ||||
|     if(ret) { | ||||
| @@ -219,9 +218,17 @@ polarssl_connect_step1(struct connectdata *conn, | ||||
|  | ||||
|   /* Load the client private key */ | ||||
|   if(data->set.str[STRING_KEY]) { | ||||
|     ret = x509parse_keyfile(&connssl->rsa, | ||||
|                             data->set.str[STRING_KEY], | ||||
|     pk_context pk; | ||||
|     pk_init(&pk); | ||||
|     ret = pk_parse_keyfile(&pk, data->set.str[STRING_KEY], | ||||
|                            data->set.str[STRING_KEY_PASSWD]); | ||||
|     if(ret == 0 && !pk_can_do(&pk, POLARSSL_PK_RSA)) | ||||
|       ret = POLARSSL_ERR_PK_TYPE_MISMATCH; | ||||
|     if(ret == 0) | ||||
|       rsa_copy(&connssl->rsa, pk_rsa(pk)); | ||||
|     else | ||||
|       rsa_free(&connssl->rsa); | ||||
|     pk_free(&pk); | ||||
|  | ||||
|     if(ret) { | ||||
| #ifdef POLARSSL_ERROR_C | ||||
| @@ -238,7 +245,7 @@ polarssl_connect_step1(struct connectdata *conn, | ||||
|   memset(&connssl->crl, 0, sizeof(x509_crl)); | ||||
|  | ||||
|   if(data->set.str[STRING_SSL_CRLFILE]) { | ||||
|     ret = x509parse_crlfile(&connssl->crl, | ||||
|     ret = x509_crl_parse_file(&connssl->crl, | ||||
|                               data->set.str[STRING_SSL_CRLFILE]); | ||||
|  | ||||
|     if(ret) { | ||||
| @@ -274,12 +281,7 @@ polarssl_connect_step1(struct connectdata *conn, | ||||
|               net_recv, &conn->sock[sockindex], | ||||
|               net_send, &conn->sock[sockindex]); | ||||
|  | ||||
|  | ||||
| #if POLARSSL_VERSION_NUMBER<0x01000000 | ||||
|   ssl_set_ciphers(&connssl->ssl, ssl_default_ciphers); | ||||
| #else | ||||
|   ssl_set_ciphersuites(&connssl->ssl, ssl_default_ciphersuites); | ||||
| #endif | ||||
|   ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); | ||||
|   if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) { | ||||
|     memcpy(&connssl->ssn, old_session, old_session_size); | ||||
|     infof(data, "PolarSSL re-using session\n"); | ||||
| @@ -404,15 +406,8 @@ polarssl_connect_step2(struct connectdata *conn, | ||||
|     /* If the session was resumed, there will be no peer certs */ | ||||
|     memset(buffer, 0, sizeof(buffer)); | ||||
|  | ||||
| /* PolarSSL SVN revision r1316 to r1317, matching <1.2.0 is to cover Ubuntu's | ||||
|    1.1.4 version and the like */ | ||||
| #if POLARSSL_VERSION_NUMBER<0x01020000 | ||||
|     if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ", | ||||
|                            conn->ssl[sockindex].ssl.peer_cert) != -1) | ||||
| #else | ||||
|     if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ", | ||||
|     if(x509_crt_info(buffer, sizeof(buffer), (char *)"* ", | ||||
|                      ssl_get_peer_cert(&(connssl->ssl))) != -1) | ||||
| #endif | ||||
|       infof(data, "Dumping cert info:\n%s\n", buffer); | ||||
|   } | ||||
|  | ||||
| @@ -497,8 +492,8 @@ void Curl_polarssl_close_all(struct SessionHandle *data) | ||||
| void Curl_polarssl_close(struct connectdata *conn, int sockindex) | ||||
| { | ||||
|   rsa_free(&conn->ssl[sockindex].rsa); | ||||
|   x509_free(&conn->ssl[sockindex].clicert); | ||||
|   x509_free(&conn->ssl[sockindex].cacert); | ||||
|   x509_crt_free(&conn->ssl[sockindex].clicert); | ||||
|   x509_crt_free(&conn->ssl[sockindex].cacert); | ||||
|   x509_crl_free(&conn->ssl[sockindex].crl); | ||||
|   ssl_free(&conn->ssl[sockindex].ssl); | ||||
| } | ||||
|   | ||||
		Reference in New Issue
	
	Block a user