Skip to content

O
openssl

btwise / openssl

通知 1
Star 0
Fork 0
O
openssl

体验新版 GitCode,发现更多精彩内容 >>

提交 3208fc59 编写于 作者: D Dr. Stephen Henson
浏览文件
操作

add support for client certificate callbak, fix memory leak

上级 87adf1fa
显示空白变更内容
内联 并排
Showing with 25 addition and 4 deletion
apps/s_cb.c
浏览文件 @ 3208fc59
...@@ -1192,12 +1192,17 @@ int args_excert(char ***pargs, int *pargc, ...@@ -1192,12 +1192,17 @@ int args_excert(char ***pargs, int *pargc,
{ {
char *arg = **pargs, *argn = (*pargs)[1]; char *arg = **pargs, *argn = (*pargs)[1];
SSL_EXCERT *exc = *pexc; SSL_EXCERT *exc = *pexc;
if (!exc && !ssl_excert_prepend(&exc)) if (!exc)
{
if (ssl_excert_prepend(&exc))
*pexc = exc;
else
{ {
BIO_printf(err, "Error initialising xcert\n"); BIO_printf(err, "Error initialising xcert\n");
*badarg = 1; *badarg = 1;
goto err; goto err;
} }
}
if (strcmp(arg, "-xcert") == 0) if (strcmp(arg, "-xcert") == 0)
{ {
if (!argn) if (!argn)
......
apps/s_client.c
浏览文件 @ 3208fc59
...@@ -558,6 +558,7 @@ int MAIN(int, char **); ...@@ -558,6 +558,7 @@ int MAIN(int, char **);
int MAIN(int argc, char **argv) int MAIN(int argc, char **argv)
{ {
unsigned int off=0, clr=0; unsigned int off=0, clr=0;
int cert_flags=0;
SSL *con=NULL; SSL *con=NULL;
#ifndef OPENSSL_NO_KRB5 #ifndef OPENSSL_NO_KRB5
KSSL_CTX *kctx; KSSL_CTX *kctx;
...@@ -628,6 +629,7 @@ int MAIN(int argc, char **argv) ...@@ -628,6 +629,7 @@ int MAIN(int argc, char **argv)
int srp_lateuser = 0; int srp_lateuser = 0;
SRP_ARG srp_arg = {NULL,NULL,0,0,0,1024}; SRP_ARG srp_arg = {NULL,NULL,0,0,0,1024};
#endif #endif
SSL_EXCERT *exc = NULL;
meth=SSLv23_client_method(); meth=SSLv23_client_method();
...@@ -715,6 +717,12 @@ int MAIN(int argc, char **argv) ...@@ -715,6 +717,12 @@ int MAIN(int argc, char **argv)
} }
else if (strcmp(*argv,"-verify_return_error") == 0) else if (strcmp(*argv,"-verify_return_error") == 0)
verify_return_error = 1; verify_return_error = 1;
else if (args_excert(&argv, &argc, &badarg, bio_err, &exc))
{
if (badarg)
goto bad;
continue;
}
else if (strcmp(*argv,"-prexit") == 0) else if (strcmp(*argv,"-prexit") == 0)
prexit=1; prexit=1;
else if (strcmp(*argv,"-crlf") == 0) else if (strcmp(*argv,"-crlf") == 0)
...@@ -994,6 +1002,8 @@ int MAIN(int argc, char **argv) ...@@ -994,6 +1002,8 @@ int MAIN(int argc, char **argv)
keymatexportlen=atoi(*(++argv)); keymatexportlen=atoi(*(++argv));
if (keymatexportlen == 0) goto bad; if (keymatexportlen == 0) goto bad;
} }
else if (strcmp(*argv, "-cert_strict") == 0)
cert_flags |= SSL_CERT_FLAG_TLS_STRICT;
else else
{ {
BIO_printf(bio_err,"unknown option %s\n",*argv); BIO_printf(bio_err,"unknown option %s\n",*argv);
...@@ -1099,6 +1109,9 @@ bad: ...@@ -1099,6 +1109,9 @@ bad:
} }
} }
if (!load_excert(&exc, bio_err))
goto end;
if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
&& !RAND_status()) && !RAND_status())
{ {
...@@ -1174,6 +1187,8 @@ bad: ...@@ -1174,6 +1187,8 @@ bad:
if (clr) if (clr)
SSL_CTX_clear_options(ctx, clr); SSL_CTX_clear_options(ctx, clr);
if (cert_flags) SSL_CTX_set_cert_flags(ctx, cert_flags);
if (exc) ssl_ctx_set_excert(ctx, exc);
/* DTLS: partial reads end up discarding unread UDP bytes :-( /* DTLS: partial reads end up discarding unread UDP bytes :-(
* Setting read ahead solves this problem. * Setting read ahead solves this problem.
*/ */
...@@ -1957,6 +1972,7 @@ end: ...@@ -1957,6 +1972,7 @@ end:
EVP_PKEY_free(key); EVP_PKEY_free(key);
if (pass) if (pass)
OPENSSL_free(pass); OPENSSL_free(pass);
ssl_excert_free(exc);
if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); } if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); } if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); } if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册