diff options
| author | Dr. Stephen Henson <steve@openssl.org> | 2015-05-07 14:59:08 +0100 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2015-05-08 18:43:44 +0100 |
| commit | fae4772c24b89526f70c74fa14a85c5c16bced9a (patch) | |
| tree | 63cda484e407591545c1232404004104a4c90b9c /ssl/ssl_rsa.c | |
| parent | 9a3bf97315aa121441777bf1bc4bea3c5e00af29 (diff) | |
Add SSL_use_certificate_chain_file function
Add SSL_use_certiicate_chain file functions: this is works the same
way as SSL_CTX_use_certificate_chain_file but for an SSL structure.
Update SSL_CONF code to use the new function.
Update docs.
Update ordinals.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'ssl/ssl_rsa.c')
| -rw-r--r-- | ssl/ssl_rsa.c | 45 |
1 files changed, 33 insertions, 12 deletions
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 305b185a4c..31ce9bdbd1 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -641,7 +641,7 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, * followed by a sequence of CA certificates that should be sent to the peer * in the Certificate message. */ -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) +static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) { BIO *in; int ret = 0; @@ -652,23 +652,26 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) in = BIO_new(BIO_s_file_internal()); if (in == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); + SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB); + SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB); goto end; } x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); if (x == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); + SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); goto end; } - ret = SSL_CTX_use_certificate(ctx, x); + if (ctx) + ret = SSL_CTX_use_certificate(ctx, x); + else + ret = SSL_use_certificate(ssl, x); if (ERR_peek_error() != 0) ret = 0; /* Key/certificate mismatch doesn't imply @@ -682,7 +685,12 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) int r; unsigned long err; - if (!SSL_CTX_clear_chain_certs(ctx)) { + if (ctx) + r = SSL_CTX_clear_chain_certs(ctx); + else + r = SSL_clear_chain_certs(ssl); + + if (r == 0) { ret = 0; goto end; } @@ -691,17 +699,20 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) ctx->default_passwd_callback, ctx->default_passwd_callback_userdata)) != NULL) { - r = SSL_CTX_add0_chain_cert(ctx, ca); + if (ctx) + r = SSL_CTX_add0_chain_cert(ctx, ca); + else + r = SSL_add0_chain_cert(ssl, ca); + /* + * Note that we must not free ca if it was successfully added to + * the chain (while we must free the main certificate, since its + * reference count is increased by SSL_CTX_use_certificate). + */ if (!r) { X509_free(ca); ret = 0; goto end; } - /* - * Note that we must not free r if it was successfully added to - * the chain (while we must free the main certificate, since its - * reference count is increased by SSL_CTX_use_certificate). - */ } /* When the while loop ends, it's usually just EOF. */ err = ERR_peek_last_error(); @@ -717,6 +728,16 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) BIO_free(in); return (ret); } + +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) +{ + return use_certificate_chain_file(ctx, NULL, file); +} + +int SSL_use_certificate_chain_file(SSL *ssl, const char *file) +{ + return use_certificate_chain_file(NULL, ssl, file); +} #endif #ifndef OPENSSL_NO_TLSEXT |