generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

source cleanup: unify look, style and indent levels

Browse Source 
By the use of a the new lib/checksrc.pl script that checks that our
basic source style rules are followed.
This commit is contained in:
Daniel Stenberg
2011-04-20 15:17:42 +02:00
parent 592eda8e3f
commit b903186fa0
88 changed files with 1411 additions and 1577 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
lib/ssluse.c
View File

@@ -378,22 +378,22 @@ int cert_stuff(struct connectdata *conn,
params.cert = NULL;
/* Does the engine supports LOAD_CERT_CTRL ? */
if (!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
0, (void *)cmd_name, NULL)) {
if(!ENGINE_ctrl(data->state.engine, ENGINE_CTRL_GET_CMD_FROM_NAME,
0, (void *)cmd_name, NULL)) {
failf(data, "ssl engine does not support loading certificates");
return 0;
}
/* Load the certificate from the engine */
if (!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
0, &params, NULL, 1)) {
if(!ENGINE_ctrl_cmd(data->state.engine, cmd_name,
0, &params, NULL, 1)) {
failf(data, "ssl engine cannot load client cert with id"
" '%s' [%s]", cert_file,
ERR_error_string(ERR_get_error(), NULL));
return 0;
}
if (!params.cert) {
if(!params.cert) {
failf(data, "ssl engine didn't initialized the certificate "
"properly.");
return 0;
@@ -467,7 +467,7 @@ int cert_stuff(struct connectdata *conn,
return 0;
}
if (!SSL_CTX_check_private_key (ctx)) {
if(!SSL_CTX_check_private_key (ctx)) {
failf(data, "private key from PKCS12 file '%s' "
"does not match certificate in same file", cert_file);
EVP_PKEY_free(pri);
@@ -475,15 +475,15 @@ int cert_stuff(struct connectdata *conn,
return 0;
}
/* Set Certificate Verification chain */
if (ca && sk_X509_num(ca)) {
for (i = 0; i < sk_X509_num(ca); i++) {
if (!SSL_CTX_add_extra_chain_cert(ctx,sk_X509_value(ca, i))) {
if(ca && sk_X509_num(ca)) {
for(i = 0; i < sk_X509_num(ca); i++) {
if(!SSL_CTX_add_extra_chain_cert(ctx,sk_X509_value(ca, i))) {
failf(data, "cannot add certificate to certificate chain");
EVP_PKEY_free(pri);
X509_free(x509);
return 0;
}
if (!SSL_CTX_add_client_CA(ctx, sk_X509_value(ca, i))) {
if(!SSL_CTX_add_client_CA(ctx, sk_X509_value(ca, i))) {
failf(data, "cannot add certificate to client CA list");
EVP_PKEY_free(pri);
X509_free(x509);
@@ -788,10 +788,12 @@ CURLcode Curl_ossl_set_engine_default(struct SessionHandle *data)
#ifdef HAVE_OPENSSL_ENGINE_H
if(data->state.engine) {
if(ENGINE_set_default(data->state.engine, ENGINE_METHOD_ALL) > 0) {
infof(data,"set default crypto engine '%s'\n", ENGINE_get_id(data->state.engine));
infof(data,"set default crypto engine '%s'\n",
ENGINE_get_id(data->state.engine));
}
else {
failf(data, "set default crypto engine '%s' failed", ENGINE_get_id(data->state.engine));
failf(data, "set default crypto engine '%s' failed",
ENGINE_get_id(data->state.engine));
return CURLE_SSL_ENGINE_SETFAILED;
}
}
@@ -810,7 +812,7 @@ struct curl_slist *Curl_ossl_engines_list(struct SessionHandle *data)
struct curl_slist *beg = NULL;
ENGINE *e;
for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
for(e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) {
list = curl_slist_append(list, ENGINE_get_id(e));
if(list == NULL) {
curl_slist_free_all(beg);
@@ -998,7 +1000,7 @@ static int asn1_output(const ASN1_UTCTIME *tm,
return 1;
if(asn1_string[i-1] == 'Z')
gmt=TRUE;
for (i=0; i<10; i++)
for(i=0; i<10; i++)
if((asn1_string[i] > '9') || (asn1_string[i] < '0'))
return 2;
@@ -1145,7 +1147,7 @@ static CURLcode verifyhost(struct connectdata *conn,
numalts = sk_GENERAL_NAME_num(altnames);
/* loop through all alternatives while none has matched */
for (i=0; (i<numalts) && (matched != 1); i++) {
for(i=0; (i<numalts) && (matched != 1); i++) {
/* get a handle to alternative name number i */
const GENERAL_NAME *check = sk_GENERAL_NAME_value(altnames, i);
@@ -1439,10 +1441,11 @@ ossl_connect_step1(struct connectdata *conn,
default:
case CURL_SSLVERSION_DEFAULT:
#ifdef USE_TLS_SRP
if (data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
infof(data, "Set version TLSv1 for SRP authorisation\n");
req_method = TLSv1_client_method() ;
} else
}
else
#endif
/* we try to figure out version */
req_method = SSLv23_client_method();
@@ -1458,7 +1461,7 @@ ossl_connect_step1(struct connectdata *conn,
return CURLE_NOT_BUILT_IN;
#else
#ifdef USE_TLS_SRP
if (data->set.ssl.authtype == CURL_TLSAUTH_SRP)
if(data->set.ssl.authtype == CURL_TLSAUTH_SRP)
return CURLE_SSL_CONNECT_ERROR;
#endif
req_method = SSLv2_client_method();
@@ -1467,7 +1470,7 @@ ossl_connect_step1(struct connectdata *conn,
#endif
case CURL_SSLVERSION_SSLv3:
#ifdef USE_TLS_SRP
if (data->set.ssl.authtype == CURL_TLSAUTH_SRP)
if(data->set.ssl.authtype == CURL_TLSAUTH_SRP)
return CURLE_SSL_CONNECT_ERROR;
#endif
req_method = SSLv3_client_method();
@@ -1568,11 +1571,11 @@ ossl_connect_step1(struct connectdata *conn,
if(data->set.ssl.authtype == CURL_TLSAUTH_SRP) {
infof(data, "Using TLS-SRP username: %s\n", data->set.ssl.username);
if (!SSL_CTX_set_srp_username(connssl->ctx, data->set.ssl.username)) {
if(!SSL_CTX_set_srp_username(connssl->ctx, data->set.ssl.username)) {
failf(data, "Unable to set SRP user name");
return CURLE_BAD_FUNCTION_ARGUMENT;
}
if (!SSL_CTX_set_srp_password(connssl->ctx,data->set.ssl.password)) {
if(!SSL_CTX_set_srp_password(connssl->ctx,data->set.ssl.password)) {
failf(data, "failed setting SRP password");
return CURLE_BAD_FUNCTION_ARGUMENT;
}
@@ -1622,13 +1625,13 @@ ossl_connect_step1(struct connectdata *conn,
"none");
}
if (data->set.str[STRING_SSL_CRLFILE]) {
if(data->set.str[STRING_SSL_CRLFILE]) {
/* tell SSL where to find CRL file that is used to check certificate
* revocation */
lookup=X509_STORE_add_lookup(connssl->ctx->cert_store,X509_LOOKUP_file());
if ( !lookup ||
(!X509_load_crl_file(lookup,data->set.str[STRING_SSL_CRLFILE],
X509_FILETYPE_PEM)) ) {
if(!lookup ||
(!X509_load_crl_file(lookup,data->set.str[STRING_SSL_CRLFILE],
X509_FILETYPE_PEM)) ) {
failf(data,"error loading CRL file: %s\n",
data->set.str[STRING_SSL_CRLFILE]);
return CURLE_SSL_CRL_BADFILE;
@@ -1675,12 +1678,12 @@ ossl_connect_step1(struct connectdata *conn,
connssl->server_cert = 0x0;
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
if((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
#ifdef ENABLE_IPV6
(0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
(0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
#endif
sni &&
!SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
sni &&
!SSL_set_tlsext_host_name(connssl->handle, conn->host.name))
infof(data, "WARNING: failed to configure server name indication (SNI) "
"TLS extension\n");
#endif
@@ -1699,9 +1702,9 @@ ossl_connect_step1(struct connectdata *conn,
/* pass the raw socket into the SSL layers */
if(!SSL_set_fd(connssl->handle, (int)sockfd)) {
failf(data, "SSL: SSL_set_fd failed: %s",
ERR_error_string(ERR_get_error(),NULL));
return CURLE_SSL_CONNECT_ERROR;
failf(data, "SSL: SSL_set_fd failed: %s",
ERR_error_string(ERR_get_error(),NULL));
return CURLE_SSL_CONNECT_ERROR;
}
connssl->connecting_state = ssl_connect_2;
@@ -1903,15 +1906,15 @@ static void pubkey_show(struct SessionHandle *data,
#define print_pubkey_BN(_type, _name, _num) \
do { \
if (pubkey->pkey._type->_name != NULL) { \
int len = BN_num_bytes(pubkey->pkey._type->_name); \
if(len < CERTBUFFERSIZE) { \
if(pubkey->pkey._type->_name != NULL) { \
int len = BN_num_bytes(pubkey->pkey._type->_name); \
if(len < CERTBUFFERSIZE) { \
BN_bn2bin(pubkey->pkey._type->_name, (unsigned char*)bufp); \
bufp[len] = 0; \
bufp[len] = 0; \
pubkey_show(data, _num, #_type, #_name, (unsigned char*)bufp, len); \
} \
} \
} while (0)
} while(0)
static int X509V3_ext(struct SessionHandle *data,
int certnum,
@@ -1924,7 +1927,7 @@ static int X509V3_ext(struct SessionHandle *data,
/* no extensions, bail out */
return 1;
for (i=0; i<sk_X509_EXTENSION_num(exts); i++) {
for(i=0; i<sk_X509_EXTENSION_num(exts); i++) {
ASN1_OBJECT *obj;
X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
BUF_MEM *biomem;
@@ -1960,7 +1963,8 @@ static int X509V3_ext(struct SessionHandle *data,
while((biomem->data[j] == ' ') && (j<(size_t)biomem->length))
j++;
if(j<(size_t)biomem->length)
ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep, biomem->data[j]);
ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%s%c", sep,
biomem->data[j]);
}
infof(data, " %s\n", buf);
@@ -1980,7 +1984,7 @@ static void X509_signature(struct SessionHandle *data,
char buf[1024];
char *ptr = buf;
int i;
for (i=0; i<sig->length; i++)
for(i=0; i<sig->length; i++)
ptr+=snprintf(ptr, sizeof(buf)-(ptr-buf), "%02x:", sig->data[i]);
infof(data, " Signature: %s\n", buf);
@@ -2058,7 +2062,7 @@ static CURLcode get_cert_chain(struct connectdata *conn,
}
infof(data, "--- Certificate chain\n");
for (i=0; i<numcerts; i++) {
for(i=0; i<numcerts; i++) {
long value;
ASN1_INTEGER *num;
ASN1_TIME *certdate;
@@ -2089,7 +2093,7 @@ static CURLcode get_cert_chain(struct connectdata *conn,
push_certinfo(data, i, "Version", bufp); /* hex */
num=X509_get_serialNumber(x);
if (num->length <= 4) {
if(num->length <= 4) {
value = ASN1_INTEGER_get(num);
infof(data," Serial Number: %ld (0x%lx)\n", value, value);
snprintf(bufp, CERTBUFFERSIZE, "%lx", value);
@@ -2102,7 +2106,7 @@ static CURLcode get_cert_chain(struct connectdata *conn,
if(num->type == V_ASN1_NEG_INTEGER)
*ptr++='-';
for (j=0; (j<num->length) && (left>=4); j++) {
for(j=0; (j<num->length) && (left>=4); j++) {
/* TODO: length restrictions */
snprintf(ptr, 3, "%02x%c",num->data[j],
((j+1 == num->length)?'\n':':'));
@@ -2272,9 +2276,10 @@ static CURLcode servercert(struct connectdata *conn,
deallocating the certificate. */
/* e.g. match issuer name with provided issuer certificate */
if (data->set.str[STRING_SSL_ISSUERCERT]) {
if (! (fp=fopen(data->set.str[STRING_SSL_ISSUERCERT],"r"))) {
if (strict)
if(data->set.str[STRING_SSL_ISSUERCERT]) {
fp=fopen(data->set.str[STRING_SSL_ISSUERCERT],"r");
if(!fp) {
if(strict)
failf(data, "SSL: Unable to open issuer cert (%s)\n",
data->set.str[STRING_SSL_ISSUERCERT]);
X509_free(connssl->server_cert);
@@ -2282,8 +2287,8 @@ static CURLcode servercert(struct connectdata *conn,
return CURLE_SSL_ISSUER_ERROR;
}
issuer = PEM_read_X509(fp,NULL,ZERO_NULL,NULL);
if (!issuer) {
if (strict)
if(!issuer) {
if(strict)
failf(data, "SSL: Unable to read issuer cert (%s)\n",
data->set.str[STRING_SSL_ISSUERCERT]);
X509_free(connssl->server_cert);
@@ -2292,8 +2297,8 @@ static CURLcode servercert(struct connectdata *conn,
return CURLE_SSL_ISSUER_ERROR;
}
fclose(fp);
if (X509_check_issued(issuer,connssl->server_cert) != X509_V_OK) {
if (strict)
if(X509_check_issued(issuer,connssl->server_cert) != X509_V_OK) {
if(strict)
failf(data, "SSL: Certificate issuer check failed (%s)\n",
data->set.str[STRING_SSL_ISSUERCERT]);
X509_free(connssl->server_cert);
@@ -2368,14 +2373,14 @@ ossl_connect_step3(struct connectdata *conn,
#endif
incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL));
if (incache) {
if (old_ssl_sessionid != our_ssl_sessionid) {
if(incache) {
if(old_ssl_sessionid != our_ssl_sessionid) {
infof(data, "old SSL session ID is stale, removing\n");
Curl_ssl_delsessionid(conn, old_ssl_sessionid);
incache = FALSE;
}
}
if (!incache) {
if(!incache) {
retcode = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
0 /* unknown size */);
if(retcode) {