Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
368888bc
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
368888bc
编写于
6月 01, 2008
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add client cert engine to SSL routines.
上级
eafd6e51
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
56 addition
and
4 deletion
+56
-4
CHANGES
CHANGES
+3
-0
ssl/d1_clnt.c
ssl/d1_clnt.c
+1
-2
ssl/s3_clnt.c
ssl/s3_clnt.c
+22
-2
ssl/ssl.h
ssl/ssl.h
+7
-0
ssl/ssl_locl.h
ssl/ssl_locl.h
+1
-0
ssl/ssl_sess.c
ssl/ssl_sess.c
+22
-0
未找到文件。
CHANGES
浏览文件 @
368888bc
...
...
@@ -4,6 +4,9 @@
Changes between 0.9.8g and 0.9.9 [xx XXX xxxx]
*) Expand ENGINE to support engine supplied SSL client certificate functions.
[Steve Henson]
*) Revamp of LHASH to provide stronger type-checking. Still to come:
STACK, TXT_DB, bsearch, qsort.
[Ben Laurie]
...
...
ssl/d1_clnt.c
浏览文件 @
368888bc
...
...
@@ -1096,8 +1096,7 @@ int dtls1_send_client_certificate(SSL *s)
* ssl->rwstate=SSL_X509_LOOKUP; return(-1);
* We then get retied later */
i
=
0
;
if
(
s
->
ctx
->
client_cert_cb
!=
NULL
)
i
=
s
->
ctx
->
client_cert_cb
(
s
,
&
(
x509
),
&
(
pkey
));
i
=
ssl_do_client_cert_cb
(
s
,
&
x509
,
&
pkey
);
if
(
i
<
0
)
{
s
->
rwstate
=
SSL_X509_LOOKUP
;
...
...
ssl/s3_clnt.c
浏览文件 @
368888bc
...
...
@@ -160,6 +160,9 @@
#include <openssl/dh.h>
#endif
#include <openssl/bn.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
static
const
SSL_METHOD
*
ssl3_get_client_method
(
int
ver
);
static
int
ca_dn_cmp
(
const
X509_NAME
*
const
*
a
,
const
X509_NAME
*
const
*
b
);
...
...
@@ -2723,8 +2726,7 @@ int ssl3_send_client_certificate(SSL *s)
* ssl->rwstate=SSL_X509_LOOKUP; return(-1);
* We then get retied later */
i
=
0
;
if
(
s
->
ctx
->
client_cert_cb
!=
NULL
)
i
=
s
->
ctx
->
client_cert_cb
(
s
,
&
(
x509
),
&
(
pkey
));
i
=
ssl_do_client_cert_cb
(
s
,
&
x509
,
&
pkey
);
if
(
i
<
0
)
{
s
->
rwstate
=
SSL_X509_LOOKUP
;
...
...
@@ -2948,3 +2950,21 @@ static int ssl3_check_finished(SSL *s)
return
1
;
}
#endif
int
ssl_do_client_cert_cb
(
SSL
*
s
,
X509
**
px509
,
EVP_PKEY
**
ppkey
)
{
int
i
=
0
;
#ifndef OPENSSL_NO_ENGINE
if
(
s
->
ctx
->
client_cert_engine
)
{
i
=
ENGINE_load_ssl_client_cert
(
s
->
ctx
->
client_cert_engine
,
s
,
SSL_get_client_CA_list
(
s
),
px509
,
ppkey
,
NULL
,
NULL
);
if
(
i
!=
0
)
return
i
;
}
#endif
if
(
s
->
ctx
->
client_cert_cb
)
i
=
s
->
ctx
->
client_cert_cb
(
s
,
px509
,
ppkey
);
return
i
;
}
ssl/ssl.h
浏览文件 @
368888bc
...
...
@@ -798,6 +798,12 @@ struct ssl_ctx_st
*/
unsigned
int
max_send_fragment
;
#ifndef OPENSSL_ENGINE
/* Engine to pass requests for client certs to
*/
ENGINE
*
client_cert_engine
;
#endif
#ifndef OPENSSL_NO_TLSEXT
/* TLS extensions servername callback */
int
(
*
tlsext_servername_callback
)(
SSL
*
,
int
*
,
void
*
);
...
...
@@ -879,6 +885,7 @@ void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,
void
(
*
SSL_CTX_get_info_callback
(
SSL_CTX
*
ctx
))(
const
SSL
*
ssl
,
int
type
,
int
val
);
void
SSL_CTX_set_client_cert_cb
(
SSL_CTX
*
ctx
,
int
(
*
client_cert_cb
)(
SSL
*
ssl
,
X509
**
x509
,
EVP_PKEY
**
pkey
));
int
(
*
SSL_CTX_get_client_cert_cb
(
SSL_CTX
*
ctx
))(
SSL
*
ssl
,
X509
**
x509
,
EVP_PKEY
**
pkey
);
int
SSL_CTX_set_client_cert_engine
(
SSL_CTX
*
ctx
,
ENGINE
*
e
);
void
SSL_CTX_set_cookie_generate_cb
(
SSL_CTX
*
ctx
,
int
(
*
app_gen_cookie_cb
)(
SSL
*
ssl
,
unsigned
char
*
cookie
,
unsigned
int
*
cookie_len
));
void
SSL_CTX_set_cookie_verify_cb
(
SSL_CTX
*
ctx
,
int
(
*
app_verify_cookie_cb
)(
SSL
*
ssl
,
unsigned
char
*
cookie
,
unsigned
int
cookie_len
));
...
...
ssl/ssl_locl.h
浏览文件 @
368888bc
...
...
@@ -927,6 +927,7 @@ int ssl3_get_cert_status(SSL *s);
int
ssl3_get_server_done
(
SSL
*
s
);
int
ssl3_send_client_verify
(
SSL
*
s
);
int
ssl3_send_client_certificate
(
SSL
*
s
);
int
ssl_do_client_cert_cb
(
SSL
*
s
,
X509
**
px509
,
EVP_PKEY
**
ppkey
);
int
ssl3_send_client_key_exchange
(
SSL
*
s
);
int
ssl3_get_key_exchange
(
SSL
*
s
);
int
ssl3_get_server_certificate
(
SSL
*
s
);
...
...
ssl/ssl_sess.c
浏览文件 @
368888bc
...
...
@@ -138,6 +138,9 @@
#include <stdio.h>
#include <openssl/lhash.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#include "ssl_locl.h"
static
void
SSL_SESSION_list_remove
(
SSL_CTX
*
ctx
,
SSL_SESSION
*
s
);
...
...
@@ -998,6 +1001,25 @@ int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PK
return
ctx
->
client_cert_cb
;
}
#ifndef OPENSSL_NO_ENGINE
int
SSL_CTX_set_client_cert_engine
(
SSL_CTX
*
ctx
,
ENGINE
*
e
)
{
if
(
!
ENGINE_init
(
e
))
{
SSLerr
(
SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE
,
ERR_R_ENGINE_LIB
);
return
0
;
}
if
(
!
ENGINE_get_ssl_client_cert_function
(
e
))
{
SSLerr
(
SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE
,
SSL_R_NO_CLIENT_CERT_METHOD
);
ENGINE_finish
(
e
);
return
0
;
}
ctx
->
client_cert_engine
=
e
;
return
1
;
}
#endif
void
SSL_CTX_set_cookie_generate_cb
(
SSL_CTX
*
ctx
,
int
(
*
cb
)(
SSL
*
ssl
,
unsigned
char
*
cookie
,
unsigned
int
*
cookie_len
))
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录