提交 ce33b42b 编写于 作者: D Dr. Stephen Henson

oops, not yet ;-)

上级 579d5534
......@@ -285,19 +285,6 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
return 1;
}
typedef struct
{
X509 *cert;
EVP_PKEY *key;
STACK_OF(X509) *chain;
struct ssl_excert_st *next;
} SSL_EXCERT;
static int set_cert_cb(SSL *ssl, void *arg)
{
return 1;
}
int ssl_print_sigalgs(BIO *out, SSL *s)
{
int i, nsig;
......
......@@ -3161,13 +3161,6 @@ int ssl3_send_client_certificate(SSL *s)
if (s->state == SSL3_ST_CW_CERT_A)
{
/* Let cert callback update client certificates if required */
if (s->cert->cert_cb
&& s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0)
{
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
return 0;
}
if (ssl3_check_client_certificate(s))
s->state=SSL3_ST_CW_CERT_C;
else
......
......@@ -1341,14 +1341,6 @@ int ssl3_get_client_hello(SSL *s)
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
goto f_err;
}
/* Let cert callback update server certificates if required */
if (s->cert->cert_cb
&& s->cert->cert_cb(s, s->cert->cert_cb_arg) <= 0)
{
al=SSL_AD_INTERNAL_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CERT_CB_ERROR);
goto f_err;
}
ciphers=NULL;
c=ssl3_choose_cipher(s,s->session->ciphers,
SSL_get_ciphers(s));
......
......@@ -1759,7 +1759,6 @@ int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
void SSL_set_verify(SSL *s, int mode,
int (*callback)(int ok,X509_STORE_CTX *ctx));
void SSL_set_verify_depth(SSL *s, int depth);
void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg), void *arg);
#ifndef OPENSSL_NO_RSA
int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
#endif
......@@ -1838,7 +1837,6 @@ void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
int (*callback)(int, X509_STORE_CTX *));
void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb)(SSL *ssl, void *arg), void *arg);
#ifndef OPENSSL_NO_RSA
int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
#endif
......@@ -1894,7 +1892,6 @@ char *SSL_get_srp_username(SSL *s);
char *SSL_get_srp_userinfo(SSL *s);
#endif
void SSL_certs_clear(SSL *s);
void SSL_free(SSL *ssl);
int SSL_accept(SSL *ssl);
int SSL_connect(SSL *ssl);
......@@ -2390,7 +2387,6 @@ void ERR_load_SSL_strings(void);
#define SSL_R_CA_DN_TOO_LONG 132
#define SSL_R_CCS_RECEIVED_EARLY 133
#define SSL_R_CERTIFICATE_VERIFY_FAILED 134
#define SSL_R_CERT_CB_ERROR 371
#define SSL_R_CERT_LENGTH_MISMATCH 135
#define SSL_R_CHALLENGE_IS_DIFFERENT 136
#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
......
......@@ -345,9 +345,6 @@ CERT *ssl_cert_dup(CERT *cert)
ret->sigalgs = NULL;
ret->sigalgslen = 0;
ret->cert_cb = cert->cert_cb;
ret->cert_cb_arg = cert->cert_cb_arg;
return(ret);
#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
......@@ -366,36 +363,21 @@ err:
EC_KEY_free(ret->ecdh_tmp);
#endif
ssl_cert_clear_certs(ret);
for (i = 0; i < SSL_PKEY_NUM; i++)
{
CERT_PKEY *rpk = ret->pkeys + i;
if (rpk->x509 != NULL)
X509_free(rpk->x509);
if (rpk->privatekey != NULL)
EVP_PKEY_free(rpk->privatekey);
if (rpk->chain)
sk_X509_pop_free(rpk->chain, X509_free);
}
return NULL;
}
/* Free up and clear all certificates and chains */
void ssl_cert_clear_certs(CERT *c)
{
int i;
for (i = 0; i<SSL_PKEY_NUM; i++)
{
CERT_PKEY *cpk = c->pkeys + i;
if (cpk->x509)
{
X509_free(cpk->x509);
cpk->x509 = NULL;
}
if (cpk->privatekey)
{
EVP_PKEY_free(cpk->privatekey);
cpk->privatekey = NULL;
}
if (cpk->chain)
{
sk_X509_pop_free(cpk->chain, X509_free);
cpk->chain = NULL;
}
}
}
void ssl_cert_free(CERT *c)
{
......@@ -427,8 +409,20 @@ void ssl_cert_free(CERT *c)
if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);
#endif
ssl_cert_clear_certs(c);
for (i=0; i<SSL_PKEY_NUM; i++)
{
CERT_PKEY *cpk = c->pkeys + i;
if (cpk->x509 != NULL)
X509_free(cpk->x509);
if (cpk->privatekey != NULL)
EVP_PKEY_free(cpk->privatekey);
if (cpk->chain)
sk_X509_pop_free(cpk->chain, X509_free);
#if 0
if (c->pkeys[i].publickey != NULL)
EVP_PKEY_free(c->pkeys[i].publickey);
#endif
}
if (c->sigalgs)
OPENSSL_free(c->sigalgs);
OPENSSL_free(c);
......@@ -516,12 +510,6 @@ int ssl_cert_add1_chain_cert(CERT *c, X509 *x)
return 1;
}
void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg)
{
c->cert_cb = cb;
c->cert_cb_arg = arg;
}
SESS_CERT *ssl_sess_cert_new(void)
{
SESS_CERT *ret;
......
......@@ -345,7 +345,6 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"},
{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"},
{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
{ERR_REASON(SSL_R_CERT_CB_ERROR) ,"cert cb error"},
{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"},
{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
......
......@@ -526,12 +526,6 @@ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
return X509_VERIFY_PARAM_set1(ssl->param, vpm);
}
void SSL_certs_clear(SSL *s)
{
if (s->cert)
ssl_cert_clear_certs(s->cert);
}
void SSL_free(SSL *s)
{
int i;
......@@ -2043,16 +2037,6 @@ void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
X509_VERIFY_PARAM_set_depth(ctx->param, depth);
}
void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb)(SSL *ssl, void *arg), void *arg)
{
ssl_cert_set_cert_cb(c->cert, cb, arg);
}
void SSL_set_cert_cb(SSL *s, int (*cb)(SSL *ssl, void *arg), void *arg)
{
ssl_cert_set_cert_cb(s->cert, cb, arg);
}
void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
{
CERT_PKEY *cpk;
......
......@@ -512,15 +512,6 @@ typedef struct cert_st
TLS_SIGALGS *sigalgs;
/* Size of above array */
size_t sigalgslen;
/* Certificate setup callback: if set is called whenever a
* certificate may be required (client or server). the callback
* can then examine any appropriate parameters and setup any
* certificates required. This allows advanced applications
* to select certificates on the fly: for example based on
* supported signature algorithms or curves.
*/
int (*cert_cb)(SSL *ssl, void *arg);
void *cert_cb_arg;
int references; /* >1 only if SSL_copy_session_id is used */
} CERT;
......@@ -831,7 +822,6 @@ int ssl_clear_bad_session(SSL *s);
CERT *ssl_cert_new(void);
CERT *ssl_cert_dup(CERT *cert);
int ssl_cert_inst(CERT **o);
void ssl_cert_clear_certs(CERT *c);
void ssl_cert_free(CERT *c);
SESS_CERT *ssl_sess_cert_new(void);
void ssl_sess_cert_free(SESS_CERT *sc);
......@@ -859,7 +849,6 @@ int ssl_cert_set0_chain(CERT *c, STACK_OF(X509) *chain);
int ssl_cert_set1_chain(CERT *c, STACK_OF(X509) *chain);
int ssl_cert_add0_chain_cert(CERT *c, X509 *x);
int ssl_cert_add1_chain_cert(CERT *c, X509 *x);
void ssl_cert_set_cert_cb(CERT *c, int (*cb)(SSL *ssl, void *arg), void *arg);
int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册