From 347b95091fcbfa5aef513e47583923c326f16f33 Mon Sep 17 00:00:00 2001 From: "Thierry FOURNIER / OZON.IO" Date: Wed, 23 Nov 2016 10:49:45 +0100 Subject: [PATCH 2/4] MINOR: ssl: split load cert in two parts --- src/ssl_sock.c | 54 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 37 insertions(+), 17 deletions(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index ebeded8..76b5b79 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1873,42 +1873,34 @@ static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch) * 1 on SSL Failure * 2 on file not found */ -static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err) +static int ssl_sock_load_crt_bio_into_ckch(BIO *in, struct cert_key_and_chain *ckch, char **err) { - BIO *in; X509 *ca = NULL; int ret = 1; ssl_sock_free_cert_key_and_chain_contents(ckch); - in = BIO_new(BIO_s_file()); - if (in == NULL) - goto end; - - if (BIO_read_filename(in, path) <= 0) - goto end; - /* Read Private Key */ ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL); if (ckch->key == NULL) { - memprintf(err, "%sunable to load private key from file '%s'.\n", - err && *err ? *err : "", path); + memprintf(err, "%sunable to load private key", + err && *err ? *err : ""); goto end; } /* Seek back to beginning of file */ if (BIO_reset(in) == -1) { - memprintf(err, "%san error occurred while reading the file '%s'.\n", - err && *err ? *err : "", path); + memprintf(err, "%san error occurred", + err && *err ? *err : ""); goto end; } /* Read Certificate */ ckch->cert = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL); if (ckch->cert == NULL) { - memprintf(err, "%sunable to load certificate from file '%s'.\n", - err && *err ? *err : "", path); + memprintf(err, "%sunable to load certificate", + err && *err ? *err : ""); goto end; } @@ -1923,8 +1915,8 @@ static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_an } ret = ERR_get_error(); if (ret && (ERR_GET_LIB(ret) != ERR_LIB_PEM && ERR_GET_REASON(ret) != PEM_R_NO_START_LINE)) { - memprintf(err, "%sunable to load certificate chain from file '%s'.\n", - err && *err ? *err : "", path); + memprintf(err, "%sunable to load certificate chain", + err && *err ? *err : ""); ret = 1; goto end; } @@ -1944,6 +1936,34 @@ end: return ret; } +static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err) +{ + BIO *in; + int ret = 1; + + in = BIO_new(BIO_s_file()); + if (in == NULL) + goto end; + + if (BIO_read_filename(in, path) <= 0) + goto end; + + if (ssl_sock_load_crt_bio_into_ckch(in, ckch, err) != 0) { + memprintf(err, "Loading file '%s': %s", path, *err); + goto end; + } + + ret = 0; + +end: + + ERR_clear_error(); + if (in) + BIO_free(in); + + return ret; +} + /* Loads the info in ckch into ctx * Currently, this does not process any information about ocsp, dhparams or * sctl -- 2.9.5