-/* $OpenBSD: ssl.h,v 1.182 2021/02/20 08:33:17 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.183 2021/03/19 19:51:07 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+#if defined(LIBRESSL_INTERNAL)
+int SSL_use_certificate_chain_file(SSL *ssl, const char *file);
+#endif
int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
-/* $OpenBSD: ssl_rsa.c,v 1.31 2019/03/25 16:46:48 jsing Exp $ */
+/* $OpenBSD: ssl_rsa.c,v 1.32 2021/03/19 19:51:07 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
static int ssl_set_cert(CERT *c, X509 *x509);
static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
-static int ssl_ctx_use_certificate_chain_bio(SSL_CTX *, BIO *);
+static int use_certificate_chain_bio(BIO *in, CERT *cert,
+ pem_password_cb *passwd_cb, void *passwd_arg);
+static int use_certificate_chain_file(const char *file, CERT *cert,
+ pem_password_cb *passwd_cb, void *passwd_arg);
int
SSL_use_certificate(SSL *ssl, X509 *x)
* sent to the peer in the Certificate message.
*/
static int
-ssl_ctx_use_certificate_chain_bio(SSL_CTX *ctx, BIO *in)
+use_certificate_chain_bio(BIO *in, CERT *cert, pem_password_cb *passwd_cb,
+ void *passwd_arg)
{
X509 *ca, *x = NULL;
unsigned long err;
int ret = 0;
- if ((x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
- ctx->default_passwd_callback_userdata)) == NULL) {
+ if ((x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_arg)) ==
+ NULL) {
SSLerrorx(ERR_R_PEM_LIB);
goto err;
}
- if (!SSL_CTX_use_certificate(ctx, x))
+ if (!ssl_set_cert(cert, x))
goto err;
- if (!ssl_cert_set0_chain(ctx->internal->cert, NULL))
+ if (!ssl_cert_set0_chain(cert, NULL))
goto err;
/* Process any additional CA certificates. */
- while ((ca = PEM_read_bio_X509(in, NULL,
- ctx->default_passwd_callback,
- ctx->default_passwd_callback_userdata)) != NULL) {
- if (!ssl_cert_add0_chain_cert(ctx->internal->cert, ca)) {
+ while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_arg)) !=
+ NULL) {
+ if (!ssl_cert_add0_chain_cert(cert, ca)) {
X509_free(ca);
goto err;
}
}
int
-SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
+use_certificate_chain_file(const char *file, CERT *cert,
+ pem_password_cb *passwd_cb, void *passwd_arg)
{
BIO *in;
int ret = 0;
goto end;
}
- ret = ssl_ctx_use_certificate_chain_bio(ctx, in);
+ ret = use_certificate_chain_bio(in, cert, passwd_cb, passwd_arg);
end:
BIO_free(in);
return (ret);
}
+int
+SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
+{
+ return use_certificate_chain_file(file, ctx->internal->cert,
+ ctx->default_passwd_callback,
+ ctx->default_passwd_callback_userdata);
+}
+
+int
+SSL_use_certificate_chain_file(SSL *ssl, const char *file)
+{
+ return use_certificate_chain_file(file, ssl->cert,
+ ssl->ctx->default_passwd_callback,
+ ssl->ctx->default_passwd_callback_userdata);
+}
+
int
SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len)
{
goto end;
}
- ret = ssl_ctx_use_certificate_chain_bio(ctx, in);
+ ret = use_certificate_chain_bio(in, ctx->internal->cert,
+ ctx->default_passwd_callback,
+ ctx->default_passwd_callback_userdata);
end:
BIO_free(in);
projects / openbsd / commitdiff