generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

cert_stuff: remove code duplication in the pkcs12 logic

Browse Source
This commit is contained in:
Daniel Stenberg 2013-06-10 16:10:44 +02:00
parent a4decb49a6
commit ce362e8eb9
1 changed files with 12 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
lib/ssluse.c
View File

@ -435,7 +435,7 @@ int cert_stuff(struct connectdata *conn,
PKCS12_PBE_add(); PKCS12_PBE_add();
if(!PKCS12_parse(p12, data->set.str[STRING_KEY_PASSWD], &pri, &x509, if(!PKCS12_parse(p12, data->set.str[STRING_KEY_PASSWD], &pri, &x509,
&ca)) { &ca)) {
failf(data, failf(data,
"could not parse PKCS12 file, check password, OpenSSL error %s", "could not parse PKCS12 file, check password, OpenSSL error %s",
ERR_error_string(ERR_get_error(), NULL) ); ERR_error_string(ERR_get_error(), NULL) );
@ -447,54 +447,42 @@ int cert_stuff(struct connectdata *conn,
if(SSL_CTX_use_certificate(ctx, x509) != 1) { if(SSL_CTX_use_certificate(ctx, x509) != 1) {
failf(data, SSL_CLIENT_CERT_ERR); failf(data, SSL_CLIENT_CERT_ERR);
EVP_PKEY_free(pri); goto fail;
X509_free(x509);
sk_X509_pop_free(ca, X509_free);
return 0;
} }
if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) { if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
failf(data, "unable to use private key from PKCS12 file '%s'", failf(data, "unable to use private key from PKCS12 file '%s'",
cert_file); cert_file);
EVP_PKEY_free(pri); goto fail;
X509_free(x509);
sk_X509_pop_free(ca, X509_free);
return 0;
} }
if(!SSL_CTX_check_private_key (ctx)) { if(!SSL_CTX_check_private_key (ctx)) {
failf(data, "private key from PKCS12 file '%s' " failf(data, "private key from PKCS12 file '%s' "
"does not match certificate in same file", cert_file); "does not match certificate in same file", cert_file);
EVP_PKEY_free(pri); goto fail;
X509_free(x509);
sk_X509_pop_free(ca, X509_free);
return 0;
} }
/* Set Certificate Verification chain */ /* Set Certificate Verification chain */
if(ca && sk_X509_num(ca)) { if(ca && sk_X509_num(ca)) {
for(i = 0; i < sk_X509_num(ca); i++) { for(i = 0; i < sk_X509_num(ca); i++) {
if(!SSL_CTX_add_extra_chain_cert(ctx,sk_X509_value(ca, i))) { if(!SSL_CTX_add_extra_chain_cert(ctx, sk_X509_value(ca, i))) {
failf(data, "cannot add certificate to certificate chain"); failf(data, "cannot add certificate to certificate chain");
EVP_PKEY_free(pri); goto fail;
X509_free(x509);
sk_X509_pop_free(ca, X509_free);
return 0;
} }
if(!SSL_CTX_add_client_CA(ctx, sk_X509_value(ca, i))) { if(!SSL_CTX_add_client_CA(ctx, sk_X509_value(ca, i))) {
failf(data, "cannot add certificate to client CA list"); failf(data, "cannot add certificate to client CA list");
EVP_PKEY_free(pri); goto fail;
X509_free(x509);
sk_X509_pop_free(ca, X509_free);
return 0;
} }
} }
} }
cert_done = 1;
fail:
EVP_PKEY_free(pri); EVP_PKEY_free(pri);
X509_free(x509); X509_free(x509);
sk_X509_pop_free(ca, X509_free); sk_X509_pop_free(ca, X509_free);
cert_done = 1;
break; if(!cert_done)
return 0; /* failure! */
#else #else
failf(data, "file type P12 for certificate not supported"); failf(data, "file type P12 for certificate not supported");
return 0; return 0;