提交 0996dc54 编写于 作者: V Viktor Dukhovni

Refactor apps load_certs/load_crls to work incrementally

Reviewed-by: NRichard Levitte <levitte@openssl.org>
上级 6e8beabc
......@@ -921,13 +921,13 @@ static int load_certs_crls(const char *file, int format,
BIO_free(bio);
if (pcerts) {
if (pcerts && *pcerts == NULL) {
*pcerts = sk_X509_new_null();
if (!*pcerts)
goto end;
}
if (pcrls) {
if (pcrls && *pcrls == NULL) {
*pcrls = sk_X509_CRL_new_null();
if (!*pcrls)
goto end;
......@@ -986,24 +986,22 @@ void* app_malloc(int sz, const char *what)
return vp;
}
STACK_OF(X509) *load_certs(const char *file, int format,
const char *pass, ENGINE *e, const char *desc)
/*
* Initialize or extend, if *certs != NULL, a certificate stack.
*/
int load_certs(const char *file, STACK_OF(X509) **certs, int format,
const char *pass, ENGINE *e, const char *desc)
{
STACK_OF(X509) *certs;
if (!load_certs_crls(file, format, pass, e, desc, &certs, NULL))
return NULL;
return certs;
return load_certs_crls(file, format, pass, e, desc, certs, NULL);
}
STACK_OF(X509_CRL) *load_crls(const char *file, int format,
const char *pass, ENGINE *e, const char *desc)
/*
* Initialize or extend, if *crls != NULL, a certificate stack.
*/
int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
const char *pass, ENGINE *e, const char *desc)
{
STACK_OF(X509_CRL) *crls;
if (!load_certs_crls(file, format, pass, e, desc, NULL, &crls))
return NULL;
return crls;
return load_certs_crls(file, format, pass, e, desc, NULL, crls);
}
#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
......
......@@ -443,12 +443,10 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
const char *pass, ENGINE *e, const char *key_descrip);
STACK_OF(X509) *load_certs(const char *file, int format,
const char *pass, ENGINE *e,
const char *cert_descrip);
STACK_OF(X509_CRL) *load_crls(const char *file, int format,
const char *pass, ENGINE *e,
const char *cert_descrip);
int load_certs(const char *file, STACK_OF(X509) **certs, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
const char *pass, ENGINE *e, const char *cert_descrip);
X509_STORE *setup_verify(char *CAfile, char *CApath,
int noCAfile, int noCApath);
int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
......
......@@ -735,8 +735,8 @@ int cms_main(int argc, char **argv)
}
if (certfile) {
if ((other = load_certs(certfile, FORMAT_PEM, NULL, e,
"certificate file")) == NULL) {
if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
"certificate file")) {
ERR_print_errors(bio_err);
goto end;
}
......
......@@ -533,9 +533,8 @@ int ocsp_main(int argc, char **argv)
rca_cert = load_cert(rca_filename, FORMAT_PEM,
NULL, NULL, "CA certificate");
if (rcertfile) {
rother = load_certs(rcertfile, FORMAT_PEM,
NULL, NULL, "responder other certificates");
if (!rother)
if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL, NULL,
"responder other certificates"))
goto end;
}
rkey = load_key(rkeyfile, FORMAT_PEM, 0, NULL, NULL,
......@@ -578,9 +577,8 @@ int ocsp_main(int argc, char **argv)
goto end;
}
if (sign_certfile) {
sign_other = load_certs(sign_certfile, FORMAT_PEM,
NULL, NULL, "signer certificates");
if (!sign_other)
if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL, NULL,
"signer certificates"))
goto end;
}
key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL,
......@@ -702,9 +700,8 @@ int ocsp_main(int argc, char **argv)
if (vpmtouched)
X509_STORE_set1_param(store, vpm);
if (verify_certfile) {
verify_other = load_certs(verify_certfile, FORMAT_PEM,
NULL, NULL, "validator certificate");
if (!verify_other)
if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL, NULL,
"validator certificate"))
goto end;
}
......
......@@ -395,9 +395,8 @@ int pkcs12_main(int argc, char **argv)
/* Load in all certs in input file */
if (!(options & NOCERTS)) {
certs = load_certs(infile, FORMAT_PEM, NULL, e,
"certificates");
if (!certs)
if (!load_certs(infile, &certs, FORMAT_PEM, NULL, e,
"certificates"))
goto export_end;
if (key) {
......@@ -425,13 +424,9 @@ int pkcs12_main(int argc, char **argv)
/* Add any more certificates asked for */
if (certfile) {
STACK_OF(X509) *morecerts = NULL;
if ((morecerts = load_certs(certfile, FORMAT_PEM, NULL, e,
"certificates from certfile")) == NULL)
if (!load_certs(certfile, &certs, FORMAT_PEM, NULL, e,
"certificates from certfile"))
goto export_end;
while (sk_X509_num(morecerts) > 0)
sk_X509_push(certs, sk_X509_shift(morecerts));
sk_X509_free(morecerts);
}
/* If chaining get chain from user cert */
......
......@@ -1002,9 +1002,8 @@ int load_excert(SSL_EXCERT **pexc)
if (!exc->key)
return 0;
if (exc->chainfile) {
exc->chain = load_certs(exc->chainfile, FORMAT_PEM,
NULL, NULL, "Server Chain");
if (!exc->chain)
if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL,
NULL, "Server Chain"))
return 0;
}
}
......
......@@ -1331,9 +1331,8 @@ int s_client_main(int argc, char **argv)
}
if (chain_file) {
chain = load_certs(chain_file, FORMAT_PEM,
NULL, e, "client certificate chain");
if (!chain)
if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL, e,
"client certificate chain"))
goto end;
}
......
......@@ -1507,9 +1507,8 @@ int s_server_main(int argc, char *argv[])
goto end;
}
if (s_chain_file) {
s_chain = load_certs(s_chain_file, FORMAT_PEM,
NULL, e, "server certificate chain");
if (!s_chain)
if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL, e,
"server certificate chain"))
goto end;
}
......@@ -1587,9 +1586,8 @@ int s_server_main(int argc, char *argv[])
goto end;
}
if (s_dchain_file) {
s_dchain = load_certs(s_dchain_file, FORMAT_PEM,
NULL, e, "second server certificate chain");
if (!s_dchain)
if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL, e,
"second server certificate chain"))
goto end;
}
......
......@@ -468,8 +468,8 @@ int smime_main(int argc, char **argv)
}
if (certfile) {
if ((other = load_certs(certfile, FORMAT_PEM, NULL,
e, "certificate file")) == NULL) {
if (!load_certs(certfile, &other, FORMAT_PEM, NULL, e,
"certificate file")) {
ERR_print_errors(bio_err);
goto end;
}
......
......@@ -208,22 +208,19 @@ int verify_main(int argc, char **argv)
ERR_clear_error();
if (untfile) {
untrusted = load_certs(untfile, FORMAT_PEM,
NULL, e, "untrusted certificates");
if (!untrusted)
if (!load_certs(untfile, &untrusted, FORMAT_PEM, NULL, e,
"untrusted certificates"))
goto end;
}
if (trustfile) {
trusted = load_certs(trustfile, FORMAT_PEM,
NULL, e, "trusted certificates");
if (!trusted)
if (!load_certs(trustfile, &trusted, FORMAT_PEM, NULL, e,
"trusted certificates"))
goto end;
}
if (crlfile) {
crls = load_crls(crlfile, FORMAT_PEM, NULL, e, "other CRLs");
if (!crls)
if (!load_crls(crlfile, &crls, FORMAT_PEM, NULL, e, "other CRLs"))
goto end;
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册