generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

openssl: Use 'CURLcode result'

Browse Source 
More standardisation of CURLcode usage and coding style.
This commit is contained in:
Steve Holme
2014-11-01 16:30:16 +00:00
parent 14b4707d9a
commit f0b4bc12f8
1 changed files with 20 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
lib/vtls/openssl.c
View File

@@ -2432,7 +2432,7 @@ static CURLcode servercert(struct connectdata *conn,
struct ssl_connect_data *connssl, struct ssl_connect_data *connssl,
bool strict) bool strict)
{ {
CURLcode retcode = CURLE_OK; CURLcode result = CURLE_OK;
int rc; int rc;
long lerr; long lerr;
ASN1_TIME *certdate; ASN1_TIME *certdate;
@@ -2452,7 +2452,8 @@ static CURLcode servercert(struct connectdata *conn,
failf(data, "SSL: couldn't get peer certificate!"); failf(data, "SSL: couldn't get peer certificate!");
return CURLE_PEER_FAILED_VERIFICATION; return CURLE_PEER_FAILED_VERIFICATION;
} }
infof (data, "Server certificate:\n");
infof(data, "Server certificate:\n");
rc = x509_name_oneline(X509_get_subject_name(connssl->server_cert), rc = x509_name_oneline(X509_get_subject_name(connssl->server_cert),
buffer, BUFSIZE); buffer, BUFSIZE);
@@ -2467,11 +2468,11 @@ static CURLcode servercert(struct connectdata *conn,
infof(data, "\t expire date: %s\n", buffer); infof(data, "\t expire date: %s\n", buffer);
if(data->set.ssl.verifyhost) { if(data->set.ssl.verifyhost) {
retcode = verifyhost(conn, connssl->server_cert); result = verifyhost(conn, connssl->server_cert);
if(retcode) { if(result) {
X509_free(connssl->server_cert); X509_free(connssl->server_cert);
connssl->server_cert = NULL; connssl->server_cert = NULL;
return retcode; return result;
} }
} }
@@ -2480,7 +2481,7 @@ static CURLcode servercert(struct connectdata *conn,
if(rc) { if(rc) {
if(strict) if(strict)
failf(data, "SSL: couldn't get X509-issuer name!"); failf(data, "SSL: couldn't get X509-issuer name!");
retcode = CURLE_SSL_CONNECT_ERROR; result = CURLE_SSL_CONNECT_ERROR;
} }
else { else {
infof(data, "\t issuer: %s\n", buffer); infof(data, "\t issuer: %s\n", buffer);
@@ -2490,7 +2491,7 @@ static CURLcode servercert(struct connectdata *conn,
/* e.g. match issuer name with provided issuer certificate */ /* e.g. match issuer name with provided issuer certificate */
if(data->set.str[STRING_SSL_ISSUERCERT]) { if(data->set.str[STRING_SSL_ISSUERCERT]) {
fp=fopen(data->set.str[STRING_SSL_ISSUERCERT],"r"); fp = fopen(data->set.str[STRING_SSL_ISSUERCERT], "r");
if(!fp) { if(!fp) {
if(strict) if(strict)
failf(data, "SSL: Unable to open issuer cert (%s)", failf(data, "SSL: Unable to open issuer cert (%s)",
@@ -2499,7 +2500,8 @@ static CURLcode servercert(struct connectdata *conn,
connssl->server_cert = NULL; connssl->server_cert = NULL;
return CURLE_SSL_ISSUER_ERROR; return CURLE_SSL_ISSUER_ERROR;
} }
issuer = PEM_read_X509(fp,NULL,ZERO_NULL,NULL);
issuer = PEM_read_X509(fp, NULL, ZERO_NULL, NULL);
if(!issuer) { if(!issuer) {
if(strict) if(strict)
failf(data, "SSL: Unable to read issuer cert (%s)", failf(data, "SSL: Unable to read issuer cert (%s)",
@@ -2509,7 +2511,9 @@ static CURLcode servercert(struct connectdata *conn,
fclose(fp); fclose(fp);
return CURLE_SSL_ISSUER_ERROR; return CURLE_SSL_ISSUER_ERROR;
} }
fclose(fp); fclose(fp);
if(X509_check_issued(issuer,connssl->server_cert) != X509_V_OK) { if(X509_check_issued(issuer,connssl->server_cert) != X509_V_OK) {
if(strict) if(strict)
failf(data, "SSL: Certificate issuer check failed (%s)", failf(data, "SSL: Certificate issuer check failed (%s)",
@@ -2519,13 +2523,15 @@ static CURLcode servercert(struct connectdata *conn,
connssl->server_cert = NULL; connssl->server_cert = NULL;
return CURLE_SSL_ISSUER_ERROR; return CURLE_SSL_ISSUER_ERROR;
} }
infof(data, "\t SSL certificate issuer check ok (%s)\n", infof(data, "\t SSL certificate issuer check ok (%s)\n",
data->set.str[STRING_SSL_ISSUERCERT]); data->set.str[STRING_SSL_ISSUERCERT]);
X509_free(issuer); X509_free(issuer);
} }
lerr = data->set.ssl.certverifyresult= lerr = data->set.ssl.certverifyresult =
SSL_get_verify_result(connssl->handle); SSL_get_verify_result(connssl->handle);
if(data->set.ssl.certverifyresult != X509_V_OK) { if(data->set.ssl.certverifyresult != X509_V_OK) {
if(data->set.ssl.verifypeer) { if(data->set.ssl.verifypeer) {
/* We probably never reach this, because SSL_connect() will fail /* We probably never reach this, because SSL_connect() will fail
@@ -2533,7 +2539,7 @@ static CURLcode servercert(struct connectdata *conn,
if(strict) if(strict)
failf(data, "SSL certificate verify result: %s (%ld)", failf(data, "SSL certificate verify result: %s (%ld)",
X509_verify_cert_error_string(lerr), lerr); X509_verify_cert_error_string(lerr), lerr);
retcode = CURLE_PEER_FAILED_VERIFICATION; result = CURLE_PEER_FAILED_VERIFICATION;
} }
else else
infof(data, "\t SSL certificate verify result: %s (%ld)," infof(data, "\t SSL certificate verify result: %s (%ld),"
@@ -2545,9 +2551,9 @@ static CURLcode servercert(struct connectdata *conn,
} }
ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY]; ptr = data->set.str[STRING_SSL_PINNEDPUBLICKEY];
if(retcode == CURLE_OK && ptr) { if(!result && ptr) {
retcode = pkp_pin_peer_pubkey(connssl->server_cert, ptr); result = pkp_pin_peer_pubkey(connssl->server_cert, ptr);
if(retcode != CURLE_OK) if(result)
failf(data, "SSL: public key does not match pinned public key!"); failf(data, "SSL: public key does not match pinned public key!");
} }
@@ -2555,7 +2561,7 @@ static CURLcode servercert(struct connectdata *conn,
connssl->server_cert = NULL; connssl->server_cert = NULL;
connssl->connecting_state = ssl_connect_done; connssl->connecting_state = ssl_connect_done;
return retcode; return result;
} }
static CURLcode ossl_connect_step3(struct connectdata *conn, int sockindex) static CURLcode ossl_connect_step3(struct connectdata *conn, int sockindex)