-/* $OpenBSD: tls.c,v 1.40 2016/07/06 16:16:36 jsing Exp $ */
+/* $OpenBSD: tls.c,v 1.41 2016/07/07 14:09:03 jsing Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
if (!required &&
keypair->cert_mem == NULL &&
- keypair->key_mem == NULL)
+ keypair->key_mem == NULL &&
+ keypair->cert_file == NULL &&
+ keypair->key_file == NULL)
return(0);
if (keypair->cert_mem != NULL) {
pkey = NULL;
}
+ if (keypair->cert_file != NULL) {
+ if (SSL_CTX_use_certificate_chain_file(ssl_ctx,
+ keypair->cert_file) != 1) {
+ tls_set_errorx(ctx, "failed to load certificate file");
+ goto err;
+ }
+ }
+ if (keypair->key_file != NULL) {
+ if (SSL_CTX_use_PrivateKey_file(ssl_ctx,
+ keypair->key_file, SSL_FILETYPE_PEM) != 1) {
+ tls_set_errorx(ctx, "failed to load private key file");
+ goto err;
+ }
+ }
+
if (SSL_CTX_check_private_key(ssl_ctx) != 1) {
tls_set_errorx(ctx, "private/public key mismatch");
goto err;
goto err;
}
} else if (SSL_CTX_load_verify_locations(ctx->ssl_ctx,
- NULL, ctx->config->ca_path) != 1) {
+ ctx->config->ca_file, ctx->config->ca_path) != 1) {
tls_set_errorx(ctx, "ssl verify setup failure");
goto err;
}
-/* $OpenBSD: tls_config.c,v 1.20 2016/07/06 16:47:18 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.21 2016/07/07 14:09:03 jsing Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#include <sys/stat.h>
-
#include <ctype.h>
#include <errno.h>
-#include <fcntl.h>
#include <stdlib.h>
-#include <unistd.h>
#include <tls.h>
#include "tls_internal.h"
return 0;
}
-static int
-load_file(struct tls_error *error, const char *filetype, const char *filename,
- char **buf, size_t *len)
-{
- struct stat st;
- int fd = -1;
-
- free(*buf);
- *buf = NULL;
- *len = 0;
-
- if ((fd = open(filename, O_RDONLY)) == -1) {
- tls_error_set(error, "failed to open %s file '%s'",
- filetype, filename);
- goto fail;
- }
- if (fstat(fd, &st) != 0) {
- tls_error_set(error, "failed to stat %s file '%s'",
- filetype, filename);
- goto fail;
- }
- *len = (size_t)st.st_size;
- if ((*buf = malloc(*len)) == NULL) {
- tls_error_set(error, "failed to allocate buffer for "
- "%s file '%s'", filetype, filename);
- goto fail;
- }
- if (read(fd, *buf, *len) != *len) {
- tls_error_set(error, "failed to read %s file '%s'",
- filetype, filename);
- goto fail;
- }
- close(fd);
- return 0;
-
- fail:
- if (fd != -1)
- close(fd);
- if (*buf != NULL)
- explicit_bzero(*buf, *len);
- free(*buf);
- *buf = NULL;
- *len = 0;
-
- return -1;
-}
-
static struct tls_keypair *
tls_keypair_new()
{
}
static int
-tls_keypair_set_cert_file(struct tls_keypair *keypair, struct tls_error *error,
- const char *cert_file)
+tls_keypair_set_cert_file(struct tls_keypair *keypair, const char *cert_file)
{
- return load_file(error, "certificate", cert_file, &keypair->cert_mem,
- &keypair->cert_len);
+ return set_string(&keypair->cert_file, cert_file);
}
static int
}
static int
-tls_keypair_set_key_file(struct tls_keypair *keypair, struct tls_error *error,
- const char *key_file)
+tls_keypair_set_key_file(struct tls_keypair *keypair, const char *key_file)
{
- if (keypair->key_mem != NULL)
- explicit_bzero(keypair->key_mem, keypair->key_len);
- return load_file(error, "key", key_file, &keypair->key_mem,
- &keypair->key_len);
+ return set_string(&keypair->key_file, key_file);
}
static int
tls_keypair_clear(keypair);
+ free((char *)keypair->cert_file);
free(keypair->cert_mem);
+ free((char *)keypair->key_file);
free(keypair->key_mem);
free(keypair);
free(config->error.msg);
+ free((char *)config->ca_file);
free((char *)config->ca_mem);
free((char *)config->ca_path);
free((char *)config->ciphers);
int
tls_config_set_ca_file(struct tls_config *config, const char *ca_file)
{
- return load_file(&config->error, "CA", ca_file, &config->ca_mem,
- &config->ca_len);
+ return set_string(&config->ca_file, ca_file);
}
int
int
tls_config_set_cert_file(struct tls_config *config, const char *cert_file)
{
- return tls_keypair_set_cert_file(config->keypair, &config->error,
- cert_file);
+ return tls_keypair_set_cert_file(config->keypair, cert_file);
}
int
int
tls_config_set_key_file(struct tls_config *config, const char *key_file)
{
- return tls_keypair_set_key_file(config->keypair, &config->error,
- key_file);
+ return tls_keypair_set_key_file(config->keypair, key_file);
}
int
projects / openbsd / commitdiff