Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
d628885e
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
d628885e
编写于
3月 09, 2014
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Simplify ssl_add_cert_chain logic.
上级
ab0f8804
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
37 addition
and
44 deletion
+37
-44
ssl/ssl_cert.c
ssl/ssl_cert.c
+37
-44
未找到文件。
ssl/ssl_cert.c
浏览文件 @
d628885e
...
...
@@ -1113,81 +1113,74 @@ static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
int
ssl_add_cert_chain
(
SSL
*
s
,
CERT_PKEY
*
cpk
,
unsigned
long
*
l
)
{
BUF_MEM
*
buf
=
s
->
init_buf
;
int
no_chain
;
int
i
;
X509
*
x
;
STACK_OF
(
X509
)
*
extra_certs
;
X509_STORE
*
chain_store
;
if
(
cpk
)
x
=
cpk
->
x509
;
else
x
=
NULL
;
/* TLSv1 sends a chain with nothing in it, instead of an alert */
if
(
!
BUF_MEM_grow_clean
(
buf
,
10
))
{
SSLerr
(
SSL_F_SSL_ADD_CERT_CHAIN
,
ERR_R_BUF_LIB
);
return
0
;
}
if
(
s
->
cert
->
chain_store
)
chain_store
=
s
->
cert
->
chain_store
;
else
chain_store
=
s
->
ctx
->
cert_store
;
if
(
!
cpk
||
!
cpk
->
x509
)
return
1
;
x
=
cpk
->
x509
;
/* If we have a certificate specific chain use it, else use
* parent ctx.
*/
if
(
cpk
&&
cpk
->
chain
)
if
(
cpk
->
chain
)
extra_certs
=
cpk
->
chain
;
else
extra_certs
=
s
->
ctx
->
extra_certs
;
if
((
s
->
mode
&
SSL_MODE_NO_AUTO_CHAIN
)
||
extra_certs
)
no_chain
=
1
;
chain_store
=
NULL
;
else
if
(
s
->
cert
->
chain_store
)
chain_store
=
s
->
cert
->
chain_store
;
else
no_chain
=
0
;
chain_store
=
s
->
ctx
->
cert_store
;
/* TLSv1 sends a chain with nothing in it, instead of an alert */
if
(
!
BUF_MEM_grow_clean
(
buf
,
10
))
{
SSLerr
(
SSL_F_SSL_ADD_CERT_CHAIN
,
ERR_R_BUF_LIB
);
return
0
;
}
if
(
x
!=
NULL
)
if
(
chain_store
)
{
if
(
no_chain
)
X509_STORE_CTX
xs_ctx
;
if
(
!
X509_STORE_CTX_init
(
&
xs_ctx
,
chain_store
,
x
,
NULL
))
{
if
(
!
ssl_add_cert_to_buf
(
buf
,
l
,
x
))
return
0
;
SSLerr
(
SSL_F_SSL_ADD_CERT_CHAIN
,
ERR_R_X509_LIB
);
return
(
0
)
;
}
else
X509_verify_cert
(
&
xs_ctx
);
/* Don't leave errors in the queue */
ERR_clear_error
();
for
(
i
=
0
;
i
<
sk_X509_num
(
xs_ctx
.
chain
);
i
++
)
{
X509_STORE_CTX
xs_ctx
;
x
=
sk_X509_value
(
xs_ctx
.
chain
,
i
)
;
if
(
!
X509_STORE_CTX_init
(
&
xs_ctx
,
chain_store
,
x
,
NULL
))
{
SSLerr
(
SSL_F_SSL_ADD_CERT_CHAIN
,
ERR_R_X509_LIB
);
return
(
0
);
}
X509_verify_cert
(
&
xs_ctx
);
/* Don't leave errors in the queue */
ERR_clear_error
();
for
(
i
=
0
;
i
<
sk_X509_num
(
xs_ctx
.
chain
);
i
++
)
if
(
!
ssl_add_cert_to_buf
(
buf
,
l
,
x
))
{
x
=
sk_X509_value
(
xs_ctx
.
chain
,
i
);
if
(
!
ssl_add_cert_to_buf
(
buf
,
l
,
x
))
{
X509_STORE_CTX_cleanup
(
&
xs_ctx
);
return
0
;
}
X509_STORE_CTX_cleanup
(
&
xs_ctx
);
return
0
;
}
X509_STORE_CTX_cleanup
(
&
xs_ctx
);
}
X509_STORE_CTX_cleanup
(
&
xs_ctx
);
}
for
(
i
=
0
;
i
<
sk_X509_num
(
extra_certs
);
i
++
)
else
{
x
=
sk_X509_value
(
extra_certs
,
i
);
if
(
!
ssl_add_cert_to_buf
(
buf
,
l
,
x
))
return
0
;
for
(
i
=
0
;
i
<
sk_X509_num
(
extra_certs
);
i
++
)
{
x
=
sk_X509_value
(
extra_certs
,
i
);
if
(
!
ssl_add_cert_to_buf
(
buf
,
l
,
x
))
return
0
;
}
}
return
1
;
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录