axtls.c: cleanup (b88ead62) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

lib/axtls.c

+47 −49

Original line number	Diff line number	Diff line
		@@ -182,7 +182,7 @@ Curl_axtls_connect(struct connectdata *conn,

		/* Load the trusted CA cert bundle file */
		if(data->set.ssl.CAfile) {
		if(ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, data->set.ssl.CAfile, NULL) \
		if(ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, data->set.ssl.CAfile, NULL)
		!= SSL_OK){
		infof(data, "error reading ca cert file %s \n",
		data->set.ssl.CAfile);
		@@ -208,10 +208,10 @@ Curl_axtls_connect(struct connectdata *conn,
		i=0;
		/* Instead of trying to analyze cert type here, let axTLS try them all. */
		while(cert_types[i] != 0){
		ssl_fcn_return = ssl_obj_load(ssl_ctx, cert_types[i], \
		ssl_fcn_return = ssl_obj_load(ssl_ctx, cert_types[i],
		data->set.str[STRING_CERT], NULL);
		if(ssl_fcn_return == SSL_OK){
		infof(data, "successfully read cert file %s \n", \
		infof(data, "successfully read cert file %s \n",
		data->set.str[STRING_CERT]);
		break;
		}
		@@ -219,7 +219,7 @@ Curl_axtls_connect(struct connectdata *conn,
		}
		/* Tried all cert types, none worked. */
		if(cert_types[i] == 0){
		failf(data, "%s is not x509 or pkcs12 format", \
		failf(data, "%s is not x509 or pkcs12 format",
		data->set.str[STRING_CERT]);
		Curl_axtls_close(conn, sockindex);
		return CURLE_SSL_CERTPROBLEM;
		@@ -233,10 +233,10 @@ Curl_axtls_connect(struct connectdata *conn,
		i=0;
		/* Instead of trying to analyze key type here, let axTLS try them all. */
		while(key_types[i] != 0){
		ssl_fcn_return = ssl_obj_load(ssl_ctx, key_types[i], \
		ssl_fcn_return = ssl_obj_load(ssl_ctx, key_types[i],
		data->set.str[STRING_KEY], NULL);
		if(ssl_fcn_return == SSL_OK){
		infof(data, "successfully read key file %s \n", \
		infof(data, "successfully read key file %s \n",
		data->set.str[STRING_KEY]);
		break;
		}
		@@ -244,7 +244,7 @@ Curl_axtls_connect(struct connectdata *conn,
		}
		/* Tried all key types, none worked. */
		if(key_types[i] == 0){
		failf(data, "Failure: %s is not a supported key file", \
		failf(data, "Failure: %s is not a supported key file",
		data->set.str[STRING_KEY]);
		Curl_axtls_close(conn, sockindex);
		return CURLE_SSL_CONNECT_ERROR;
		@@ -261,8 +261,8 @@ Curl_axtls_connect(struct connectdata *conn,
		if(!Curl_ssl_getsessionid(conn, (void **) &ssl_sessionid, &ssl_idsize)) {
		/* we got a session id, use it! */
		infof (data, "SSL re-using session ID\n");
		ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex], \
		ssl_sessionid, ssl_idsize);
		ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex],
		ssl_sessionid, (uint8_t)ssl_idsize);
		}
		else
		ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex], NULL, 0);
		@@ -317,7 +317,7 @@ Curl_axtls_connect(struct connectdata *conn,
		/* Put our freshly minted SSL session in cache */
		ssl_idsize = ssl_get_session_id_size(ssl);
		ssl_sessionid = ssl_get_session_id(ssl);
		if(Curl_ssl_addsessionid(conn, (void *) ssl_sessionid, ssl_idsize) \
		if(Curl_ssl_addsessionid(conn, (void *) ssl_sessionid, ssl_idsize)
		!= CURLE_OK)
		infof (data, "failed to add session to cache\n");

		@@ -332,10 +332,7 @@ static ssize_t axtls_send(struct connectdata *conn,
		size_t len,
		CURLcode *err)
		{
		/* ssl_write() returns 'int' while write() and send() returns
		'size_t' */
		char error_buffer[120]; /* Comply with OpenSSL, which documents that this
		must be at least 120 bytes long. */
		/* ssl_write() returns 'int' while write() and send() returns 'size_t' */
		int rc = ssl_write(conn->ssl[sockindex].ssl, mem, (int)len);

		infof(conn->data, " axtls_send\n");
		@@ -484,6 +481,7 @@ int Curl_axtls_check_cxn(struct connectdata *conn)

		void Curl_axtls_session_free(void *ptr)
		{
		(void)ptr;
		/* free the ID */
		/* both ssluse.c and gtls.c do something here, but axTLS's OpenSSL
		compatibility layer does nothing, so we do nothing too. */