Loading lib/ssluse.c +12 −24 Original line number Diff line number Diff line Loading @@ -447,54 +447,42 @@ int cert_stuff(struct connectdata *conn, if(SSL_CTX_use_certificate(ctx, x509) != 1) { failf(data, SSL_CLIENT_CERT_ERR); EVP_PKEY_free(pri); X509_free(x509); sk_X509_pop_free(ca, X509_free); return 0; goto fail; } if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) { failf(data, "unable to use private key from PKCS12 file '%s'", cert_file); EVP_PKEY_free(pri); X509_free(x509); sk_X509_pop_free(ca, X509_free); return 0; goto fail; } if(!SSL_CTX_check_private_key (ctx)) { failf(data, "private key from PKCS12 file '%s' " "does not match certificate in same file", cert_file); EVP_PKEY_free(pri); X509_free(x509); sk_X509_pop_free(ca, X509_free); return 0; goto fail; } /* Set Certificate Verification chain */ if(ca && sk_X509_num(ca)) { for(i = 0; i < sk_X509_num(ca); i++) { if(!SSL_CTX_add_extra_chain_cert(ctx, sk_X509_value(ca, i))) { failf(data, "cannot add certificate to certificate chain"); EVP_PKEY_free(pri); X509_free(x509); sk_X509_pop_free(ca, X509_free); return 0; goto fail; } if(!SSL_CTX_add_client_CA(ctx, sk_X509_value(ca, i))) { failf(data, "cannot add certificate to client CA list"); EVP_PKEY_free(pri); X509_free(x509); sk_X509_pop_free(ca, X509_free); return 0; goto fail; } } } cert_done = 1; fail: EVP_PKEY_free(pri); X509_free(x509); sk_X509_pop_free(ca, X509_free); cert_done = 1; break; if(!cert_done) return 0; /* failure! */ #else failf(data, "file type P12 for certificate not supported"); return 0; Loading Loading
lib/ssluse.c +12 −24 Original line number Diff line number Diff line Loading @@ -447,54 +447,42 @@ int cert_stuff(struct connectdata *conn, if(SSL_CTX_use_certificate(ctx, x509) != 1) { failf(data, SSL_CLIENT_CERT_ERR); EVP_PKEY_free(pri); X509_free(x509); sk_X509_pop_free(ca, X509_free); return 0; goto fail; } if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) { failf(data, "unable to use private key from PKCS12 file '%s'", cert_file); EVP_PKEY_free(pri); X509_free(x509); sk_X509_pop_free(ca, X509_free); return 0; goto fail; } if(!SSL_CTX_check_private_key (ctx)) { failf(data, "private key from PKCS12 file '%s' " "does not match certificate in same file", cert_file); EVP_PKEY_free(pri); X509_free(x509); sk_X509_pop_free(ca, X509_free); return 0; goto fail; } /* Set Certificate Verification chain */ if(ca && sk_X509_num(ca)) { for(i = 0; i < sk_X509_num(ca); i++) { if(!SSL_CTX_add_extra_chain_cert(ctx, sk_X509_value(ca, i))) { failf(data, "cannot add certificate to certificate chain"); EVP_PKEY_free(pri); X509_free(x509); sk_X509_pop_free(ca, X509_free); return 0; goto fail; } if(!SSL_CTX_add_client_CA(ctx, sk_X509_value(ca, i))) { failf(data, "cannot add certificate to client CA list"); EVP_PKEY_free(pri); X509_free(x509); sk_X509_pop_free(ca, X509_free); return 0; goto fail; } } } cert_done = 1; fail: EVP_PKEY_free(pri); X509_free(x509); sk_X509_pop_free(ca, X509_free); cert_done = 1; break; if(!cert_done) return 0; /* failure! */ #else failf(data, "file type P12 for certificate not supported"); return 0; Loading
