Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
fdb78f3d
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
fdb78f3d
编写于
12月 02, 2012
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
New option to add CRLs for s_client and s_server.
上级
95ea5318
变更
8
隐藏空白更改
内联
并排
Showing
8 changed file
with
165 addition
and
55 deletion
+165
-55
CHANGES
CHANGES
+3
-0
apps/apps.c
apps/apps.c
+49
-0
apps/apps.h
apps/apps.h
+1
-0
apps/crl.c
apps/crl.c
+0
-50
apps/s_apps.h
apps/s_apps.h
+3
-1
apps/s_cb.c
apps/s_cb.c
+29
-2
apps/s_client.c
apps/s_client.c
+39
-1
apps/s_server.c
apps/s_server.c
+41
-1
未找到文件。
CHANGES
浏览文件 @
fdb78f3d
...
...
@@ -4,6 +4,9 @@
Changes between 1.0.x and 1.1.0 [xx XXX xxxx]
*) New options -CRL and -CRLform for s_client and s_server for CRLs.
[Steve Henson]
*) Extend OCSP I/O functions so they can be used for simple general purpose
HTTP as well as OCSP. New wrapper function which can be used to download
CRLs using the OCSP API.
...
...
apps/apps.c
浏览文件 @
fdb78f3d
...
...
@@ -929,6 +929,55 @@ end:
return
(
x
);
}
X509_CRL
*
load_crl
(
char
*
infile
,
int
format
)
{
X509_CRL
*
x
=
NULL
;
BIO
*
in
=
NULL
;
if
(
format
==
FORMAT_HTTP
)
{
load_cert_crl_http
(
infile
,
bio_err
,
NULL
,
&
x
);
return
x
;
}
in
=
BIO_new
(
BIO_s_file
());
if
(
in
==
NULL
)
{
ERR_print_errors
(
bio_err
);
goto
end
;
}
if
(
infile
==
NULL
)
BIO_set_fp
(
in
,
stdin
,
BIO_NOCLOSE
);
else
{
if
(
BIO_read_filename
(
in
,
infile
)
<=
0
)
{
perror
(
infile
);
goto
end
;
}
}
if
(
format
==
FORMAT_ASN1
)
x
=
d2i_X509_CRL_bio
(
in
,
NULL
);
else
if
(
format
==
FORMAT_PEM
)
x
=
PEM_read_bio_X509_CRL
(
in
,
NULL
,
NULL
,
NULL
);
else
{
BIO_printf
(
bio_err
,
"bad input format specified for input crl
\n
"
);
goto
end
;
}
if
(
x
==
NULL
)
{
BIO_printf
(
bio_err
,
"unable to load CRL
\n
"
);
ERR_print_errors
(
bio_err
);
goto
end
;
}
end:
BIO_free
(
in
);
return
(
x
);
}
EVP_PKEY
*
load_key
(
BIO
*
err
,
const
char
*
file
,
int
format
,
int
maybe_stdin
,
const
char
*
pass
,
ENGINE
*
e
,
const
char
*
key_descrip
)
{
...
...
apps/apps.h
浏览文件 @
fdb78f3d
...
...
@@ -245,6 +245,7 @@ int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
int
add_oid_section
(
BIO
*
err
,
CONF
*
conf
);
X509
*
load_cert
(
BIO
*
err
,
const
char
*
file
,
int
format
,
const
char
*
pass
,
ENGINE
*
e
,
const
char
*
cert_descrip
);
X509_CRL
*
load_crl
(
char
*
infile
,
int
format
);
int
load_cert_crl_http
(
const
char
*
url
,
BIO
*
err
,
X509
**
pcert
,
X509_CRL
**
pcrl
);
EVP_PKEY
*
load_key
(
BIO
*
err
,
const
char
*
file
,
int
format
,
int
maybe_stdin
,
...
...
apps/crl.c
浏览文件 @
fdb78f3d
...
...
@@ -93,7 +93,6 @@ static const char *crl_usage[]={
NULL
};
static
X509_CRL
*
load_crl
(
char
*
file
,
int
format
);
static
BIO
*
bio_out
=
NULL
;
int
MAIN
(
int
,
char
**
);
...
...
@@ -401,52 +400,3 @@ end:
apps_shutdown
();
OPENSSL_EXIT
(
ret
);
}
static
X509_CRL
*
load_crl
(
char
*
infile
,
int
format
)
{
X509_CRL
*
x
=
NULL
;
BIO
*
in
=
NULL
;
if
(
format
==
FORMAT_HTTP
)
{
load_cert_crl_http
(
infile
,
bio_err
,
NULL
,
&
x
);
return
x
;
}
in
=
BIO_new
(
BIO_s_file
());
if
(
in
==
NULL
)
{
ERR_print_errors
(
bio_err
);
goto
end
;
}
if
(
infile
==
NULL
)
BIO_set_fp
(
in
,
stdin
,
BIO_NOCLOSE
);
else
{
if
(
BIO_read_filename
(
in
,
infile
)
<=
0
)
{
perror
(
infile
);
goto
end
;
}
}
if
(
format
==
FORMAT_ASN1
)
x
=
d2i_X509_CRL_bio
(
in
,
NULL
);
else
if
(
format
==
FORMAT_PEM
)
x
=
PEM_read_bio_X509_CRL
(
in
,
NULL
,
NULL
,
NULL
);
else
{
BIO_printf
(
bio_err
,
"bad input format specified for input crl
\n
"
);
goto
end
;
}
if
(
x
==
NULL
)
{
BIO_printf
(
bio_err
,
"unable to load CRL
\n
"
);
ERR_print_errors
(
bio_err
);
goto
end
;
}
end:
BIO_free
(
in
);
return
(
x
);
}
apps/s_apps.h
浏览文件 @
fdb78f3d
...
...
@@ -201,7 +201,9 @@ int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
int
*
badarg
,
BIO
*
err
,
STACK_OF
(
OPENSSL_STRING
)
**
pstr
);
int
args_ssl_call
(
SSL_CTX
*
ctx
,
BIO
*
err
,
SSL_CONF_CTX
*
cctx
,
STACK_OF
(
OPENSSL_STRING
)
*
str
,
int
no_ecdhe
);
int
ssl_ctx_add_crls
(
SSL_CTX
*
ctx
,
STACK_OF
(
X509_CRL
)
*
crls
);
int
ssl_load_stores
(
SSL_CTX
*
ctx
,
const
char
*
vfyCApath
,
const
char
*
vfyCAfile
,
const
char
*
chCApath
,
const
char
*
chCAfile
);
const
char
*
chCApath
,
const
char
*
chCAfile
,
STACK_OF
(
X509_CRL
)
*
crls
);
#endif
apps/s_cb.c
浏览文件 @
fdb78f3d
...
...
@@ -293,7 +293,6 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
ERR_print_errors
(
bio_err
);
return
0
;
}
return
1
;
}
...
...
@@ -1670,9 +1669,36 @@ int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
return
1
;
}
static
int
add_crls_store
(
X509_STORE
*
st
,
STACK_OF
(
X509_CRL
)
*
crls
)
{
X509_CRL
*
crl
;
int
i
;
if
(
crls
)
{
for
(
i
=
0
;
i
<
sk_X509_CRL_num
(
crls
);
i
++
)
{
crl
=
sk_X509_CRL_value
(
crls
,
i
);
X509_STORE_add_crl
(
st
,
crl
);
}
}
return
1
;
}
int
ssl_ctx_add_crls
(
SSL_CTX
*
ctx
,
STACK_OF
(
X509_CRL
)
*
crls
)
{
X509_STORE
*
st
;
if
(
crls
)
{
st
=
SSL_CTX_get_cert_store
(
ctx
);
add_crls_store
(
st
,
crls
);
}
return
1
;
}
int
ssl_load_stores
(
SSL_CTX
*
ctx
,
const
char
*
vfyCApath
,
const
char
*
vfyCAfile
,
const
char
*
chCApath
,
const
char
*
chCAfile
)
const
char
*
chCApath
,
const
char
*
chCAfile
,
STACK_OF
(
X509_CRL
)
*
crls
)
{
X509_STORE
*
vfy
=
NULL
,
*
ch
=
NULL
;
int
rv
=
0
;
...
...
@@ -1681,6 +1707,7 @@ int ssl_load_stores(SSL_CTX *ctx,
vfy
=
X509_STORE_new
();
if
(
!
X509_STORE_load_locations
(
vfy
,
vfyCAfile
,
vfyCApath
))
goto
err
;
add_crls_store
(
vfy
,
crls
);
SSL_CTX_set1_verify_cert_store
(
ctx
,
vfy
);
}
if
(
chCApath
||
chCAfile
)
...
...
apps/s_client.c
浏览文件 @
fdb78f3d
...
...
@@ -639,6 +639,10 @@ int MAIN(int argc, char **argv)
SSL_CONF_CTX
*
cctx
=
NULL
;
STACK_OF
(
OPENSSL_STRING
)
*
ssl_args
=
NULL
;
char
*
crl_file
=
NULL
;
int
crl_format
=
FORMAT_PEM
;
STACK_OF
(
X509_CRL
)
*
crls
=
NULL
;
meth
=
SSLv23_client_method
();
apps_startup
();
...
...
@@ -708,6 +712,11 @@ int MAIN(int argc, char **argv)
if
(
--
argc
<
1
)
goto
bad
;
cert_file
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-CRL"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
crl_file
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-sess_out"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
...
...
@@ -723,6 +732,11 @@ int MAIN(int argc, char **argv)
if
(
--
argc
<
1
)
goto
bad
;
cert_format
=
str2fmt
(
*
(
++
argv
));
}
else
if
(
strcmp
(
*
argv
,
"-CRLform"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
crl_format
=
str2fmt
(
*
(
++
argv
));
}
else
if
(
args_verify
(
&
argv
,
&
argc
,
&
badarg
,
bio_err
,
&
vpm
))
{
if
(
badarg
)
...
...
@@ -1128,6 +1142,26 @@ bad:
}
}
if
(
crl_file
)
{
X509_CRL
*
crl
;
crl
=
load_crl
(
crl_file
,
crl_format
);
if
(
!
crl
)
{
BIO_puts
(
bio_err
,
"Error loading CRL
\n
"
);
ERR_print_errors
(
bio_err
);
goto
end
;
}
crls
=
sk_X509_CRL_new_null
();
if
(
!
crls
||
!
sk_X509_CRL_push
(
crls
,
crl
))
{
BIO_puts
(
bio_err
,
"Error adding CRL
\n
"
);
ERR_print_errors
(
bio_err
);
X509_CRL_free
(
crl
);
goto
end
;
}
}
if
(
!
load_excert
(
&
exc
,
bio_err
))
goto
end
;
...
...
@@ -1179,7 +1213,7 @@ bad:
goto
end
;
}
if
(
!
ssl_load_stores
(
ctx
,
vfyCApath
,
vfyCAfile
,
chCApath
,
chCAfile
))
if
(
!
ssl_load_stores
(
ctx
,
vfyCApath
,
vfyCAfile
,
chCApath
,
chCAfile
,
crls
))
{
BIO_printf
(
bio_err
,
"Error loading store locations
\n
"
);
ERR_print_errors
(
bio_err
);
...
...
@@ -1241,6 +1275,8 @@ bad:
/* goto end; */
}
ssl_ctx_add_crls
(
ctx
,
crls
);
if
(
!
set_cert_key_stuff
(
ctx
,
cert
,
key
,
NULL
,
build_chain
))
goto
end
;
...
...
@@ -1983,6 +2019,8 @@ end:
if
(
ctx
!=
NULL
)
SSL_CTX_free
(
ctx
);
if
(
cert
)
X509_free
(
cert
);
if
(
crls
)
sk_X509_CRL_pop_free
(
crls
,
X509_CRL_free
);
if
(
key
)
EVP_PKEY_free
(
key
);
if
(
pass
)
...
...
apps/s_server.c
浏览文件 @
fdb78f3d
...
...
@@ -999,6 +999,10 @@ int MAIN(int argc, char *argv[])
SSL_CONF_CTX
*
cctx
=
NULL
;
STACK_OF
(
OPENSSL_STRING
)
*
ssl_args
=
NULL
;
char
*
crl_file
=
NULL
;
int
crl_format
=
FORMAT_PEM
;
STACK_OF
(
X509_CRL
)
*
crls
=
NULL
;
meth
=
SSLv23_server_method
();
local_argc
=
argc
;
...
...
@@ -1077,6 +1081,11 @@ int MAIN(int argc, char *argv[])
if
(
--
argc
<
1
)
goto
bad
;
s_cert_file
=
*
(
++
argv
);
}
else
if
(
strcmp
(
*
argv
,
"-CRL"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
crl_file
=
*
(
++
argv
);
}
#ifndef OPENSSL_NO_TLSEXT
else
if
(
strcmp
(
*
argv
,
"-authz"
)
==
0
)
{
...
...
@@ -1167,6 +1176,11 @@ int MAIN(int argc, char *argv[])
no_cache
=
1
;
else
if
(
strcmp
(
*
argv
,
"-ext_cache"
)
==
0
)
ext_cache
=
1
;
else
if
(
strcmp
(
*
argv
,
"-CRLform"
)
==
0
)
{
if
(
--
argc
<
1
)
goto
bad
;
crl_format
=
str2fmt
(
*
(
++
argv
));
}
else
if
(
args_verify
(
&
argv
,
&
argc
,
&
badarg
,
bio_err
,
&
vpm
))
{
if
(
badarg
)
...
...
@@ -1567,6 +1581,26 @@ bad:
}
#endif
if
(
crl_file
)
{
X509_CRL
*
crl
;
crl
=
load_crl
(
crl_file
,
crl_format
);
if
(
!
crl
)
{
BIO_puts
(
bio_err
,
"Error loading CRL
\n
"
);
ERR_print_errors
(
bio_err
);
goto
end
;
}
crls
=
sk_X509_CRL_new_null
();
if
(
!
crls
||
!
sk_X509_CRL_push
(
crls
,
crl
))
{
BIO_puts
(
bio_err
,
"Error adding CRL
\n
"
);
ERR_print_errors
(
bio_err
);
X509_CRL_free
(
crl
);
goto
end
;
}
}
if
(
s_dcert_file
)
{
...
...
@@ -1702,10 +1736,12 @@ bad:
if
(
vpm
)
SSL_CTX_set1_param
(
ctx
,
vpm
);
ssl_ctx_add_crls
(
ctx
,
crls
);
if
(
!
args_ssl_call
(
ctx
,
bio_err
,
cctx
,
ssl_args
,
no_ecdhe
))
goto
end
;
if
(
!
ssl_load_stores
(
ctx
,
vfyCApath
,
vfyCAfile
,
chCApath
,
chCAfile
))
if
(
!
ssl_load_stores
(
ctx
,
vfyCApath
,
vfyCAfile
,
chCApath
,
chCAfile
,
crls
))
{
BIO_printf
(
bio_err
,
"Error loading store locations
\n
"
);
ERR_print_errors
(
bio_err
);
...
...
@@ -1768,6 +1804,8 @@ bad:
if
(
vpm
)
SSL_CTX_set1_param
(
ctx2
,
vpm
);
ssl_ctx_add_crls
(
ctx2
,
crls
);
if
(
!
args_ssl_call
(
ctx2
,
bio_err
,
cctx
,
ssl_args
,
no_ecdhe
))
goto
end
;
}
...
...
@@ -1973,6 +2011,8 @@ end:
if
(
ctx
!=
NULL
)
SSL_CTX_free
(
ctx
);
if
(
s_cert
)
X509_free
(
s_cert
);
if
(
crls
)
sk_X509_CRL_pop_free
(
crls
,
X509_CRL_free
);
if
(
s_dcert
)
X509_free
(
s_dcert
);
if
(
s_key
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录