-/* $OpenBSD: ssl.c,v 1.61 2014/04/19 14:09:19 gilles Exp $ */
+/* $OpenBSD: ssl.c,v 1.62 2014/04/29 10:08:55 reyk Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
{
DH *dh;
SSL_CTX *ctx;
-
- ctx = ssl_ctx_create();
- if (!ssl_ctx_use_certificate_chain(ctx,
- pki->pki_cert, pki->pki_cert_len))
- goto err;
- if (!ssl_ctx_use_private_key(ctx,
- pki->pki_key, pki->pki_key_len))
- goto err;
+ ctx = ssl_ctx_create(pki->pki_cert, pki->pki_cert_len,
+ pki->pki_key, pki->pki_key_len);
- if (!SSL_CTX_check_private_key(ctx))
- goto err;
if (!SSL_CTX_set_session_id_context(ctx,
(const unsigned char *)pki->pki_name,
strlen(pki->pki_name) + 1))
}
SSL_CTX *
-ssl_ctx_create()
+ssl_ctx_create(char *cert, off_t cert_len, char *key, off_t key_len)
{
SSL_CTX *ctx;
fatal("ssl_ctx_create: could not set cipher list");
}
+ if (cert != NULL && key != NULL) {
+ if (!ssl_ctx_use_certificate_chain(ctx, cert, cert_len)) {
+ ssl_error("ssl_ctx_create");
+ fatal("ssl_ctx_create: invalid certificate chain");
+ } else if (!ssl_ctx_use_private_key(ctx, key, key_len)) {
+ ssl_error("ssl_ctx_create");
+ fatal("ssl_ctx_create: could not use private key");
+ } else if (!SSL_CTX_check_private_key(ctx)) {
+ ssl_error("ssl_ctx_create");
+ fatal("ssl_ctx_create: invalid private key");
+ }
+ }
+
return (ctx);
}
-/* $OpenBSD: ssl.h,v 1.5 2014/02/04 13:44:41 eric Exp $ */
+/* $OpenBSD: ssl.h,v 1.6 2014/04/29 10:08:55 reyk Exp $ */
/*
* Copyright (c) 2013 Gilles Chehade <gilles@poolp.org>
*
/* ssl.c */
void ssl_init(void);
int ssl_setup(SSL_CTX **, struct pki *);
-SSL_CTX *ssl_ctx_create(void);
+SSL_CTX *ssl_ctx_create(char *, off_t, char *, off_t);
int ssl_cmp(struct pki *, struct pki *);
DH *get_dh1024(void);
DH *get_dh_from_memory(char *, size_t);
-/* $OpenBSD: ssl_smtpd.c,v 1.4 2014/02/04 13:44:41 eric Exp $ */
+/* $OpenBSD: ssl_smtpd.c,v 1.5 2014/04/29 10:08:55 reyk Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
- ctx = ssl_ctx_create();
-
- if (cert != NULL && key != NULL) {
- if (!ssl_ctx_use_certificate_chain(ctx, cert, cert_len))
- goto err;
- else if (!ssl_ctx_use_private_key(ctx, key, key_len))
- goto err;
- else if (!SSL_CTX_check_private_key(ctx))
- goto err;
- }
+ ctx = ssl_ctx_create(cert, cert_len, key, key_len);
if ((ssl = SSL_new(ctx)) == NULL)
goto err;
int (*cb)(SSL *,int *,void *) = sni;
log_debug("debug: session_start_ssl: switching to SSL");
- if (!ssl_ctx_use_certificate_chain(ssl_ctx, cert, cert_len))
- goto err;
- else if (!ssl_ctx_use_private_key(ssl_ctx, key, key_len))
- goto err;
- else if (!SSL_CTX_check_private_key(ssl_ctx))
- goto err;
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, dummy_verify);
projects / openbsd / commitdiff