projects
/
privoxy.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
OpenSSL ssl_store_cert(): Fix an error message
[privoxy.git]
/
openssl.c
diff --git
a/openssl.c
b/openssl.c
index
cfcc59e
..
e697310
100644
(file)
--- a/
openssl.c
+++ b/
openssl.c
@@
-58,7
+58,7
@@
#define VALID_DATETIME_FMT "%y%m%d%H%M%SZ"
#define VALID_DATETIME_BUFLEN 16
#define VALID_DATETIME_FMT "%y%m%d%H%M%SZ"
#define VALID_DATETIME_BUFLEN 16
-static int generate_
webpage
_certificate(struct client_state *csp);
+static int generate_
host
_certificate(struct client_state *csp);
static void free_client_ssl_structures(struct client_state *csp);
static void free_server_ssl_structures(struct client_state *csp);
static int ssl_store_cert(struct client_state *csp, X509* crt);
static void free_client_ssl_structures(struct client_state *csp);
static void free_server_ssl_structures(struct client_state *csp);
static int ssl_store_cert(struct client_state *csp, X509* crt);
@@
-308,7
+308,7
@@
static int ssl_store_cert(struct client_state *csp, X509* crt)
*/
if (!PEM_write_bio_X509(bio, crt))
{
*/
if (!PEM_write_bio_X509(bio, crt))
{
- log_ssl_errors(LOG_LEVEL_ERROR, "PEM_write_X509() failed");
+ log_ssl_errors(LOG_LEVEL_ERROR, "PEM_write_
bio_
X509() failed");
ret = -1;
goto exit;
}
ret = -1;
goto exit;
}
@@
-783,11
+783,11
@@
extern int create_client_ssl_connection(struct client_state *csp)
*/
privoxy_mutex_lock(&certificate_mutex);
*/
privoxy_mutex_lock(&certificate_mutex);
- ret = generate_
webpage
_certificate(csp);
+ ret = generate_
host
_certificate(csp);
if (ret < 0)
{
log_error(LOG_LEVEL_ERROR,
if (ret < 0)
{
log_error(LOG_LEVEL_ERROR,
- "
Generate_webpage
_certificate failed: %d", ret);
+ "
generate_host
_certificate failed: %d", ret);
privoxy_mutex_unlock(&certificate_mutex);
ret = -1;
goto exit;
privoxy_mutex_unlock(&certificate_mutex);
ret = -1;
goto exit;
@@
-1287,7
+1287,7
@@
extern int ssl_base64_encode(unsigned char *dst, size_t dlen, size_t *olen,
const unsigned char *src, size_t slen)
{
*olen = 4 * ((slen/3) + ((slen%3) ? 1 : 0)) + 1;
const unsigned char *src, size_t slen)
{
*olen = 4 * ((slen/3) + ((slen%3) ? 1 : 0)) + 1;
- if (*olen
<
dlen)
+ if (*olen
>
dlen)
{
return ENOBUFS;
}
{
return ENOBUFS;
}
@@
-1472,39
+1472,41
@@
exit:
static int generate_key(struct client_state *csp, char **key_buf)
{
int ret = 0;
static int generate_key(struct client_state *csp, char **key_buf)
{
int ret = 0;
- char* key_file_path
= NULL
;
- BIGNUM *exp
= BN_new()
;
- RSA *rsa
= RSA_new()
;
- EVP_PKEY *key
= EVP_PKEY_new()
;
+ char* key_file_path;
+ BIGNUM *exp;
+ RSA *rsa;
+ EVP_PKEY *key;
- if (exp == NULL || rsa == NULL || key == NULL)
+ key_file_path = make_certs_path(csp->config->certificate_directory,
+ (char *)csp->http->hash_of_host_hex, KEY_FILE_TYPE);
+ if (key_file_path == NULL)
{
{
- log_ssl_errors(LOG_LEVEL_ERROR, "RSA key memory allocation failure");
- ret = -1;
- goto exit;
+ return -1;
}
}
- if (BN_set_word(exp, RSA_KEY_PUBLIC_EXPONENT) != 1)
+ /*
+ * Test if key already exists. If so, we don't have to create it again.
+ */
+ if (file_exists(key_file_path) == 1)
{
{
- log_ssl_errors(LOG_LEVEL_ERROR, "Setting RSA key exponent failed");
- ret = -1;
- goto exit;
+ freez(key_file_path);
+ return 0;
}
}
- key_file_path = make_certs_path(csp->config->certificate_directory,
- (char *)csp->http->hash_of_host_hex, KEY_FILE_TYPE);
- if (key_file_path == NULL)
+ exp = BN_new();
+ rsa = RSA_new();
+ key = EVP_PKEY_new();
+ if (exp == NULL || rsa == NULL || key == NULL)
{
{
+ log_ssl_errors(LOG_LEVEL_ERROR, "RSA key memory allocation failure");
ret = -1;
goto exit;
}
ret = -1;
goto exit;
}
- /*
- * Test if key already exists. If so, we don't have to create it again.
- */
- if (file_exists(key_file_path) == 1)
+ if (BN_set_word(exp, RSA_KEY_PUBLIC_EXPONENT) != 1)
{
{
- ret = 0;
+ log_ssl_errors(LOG_LEVEL_ERROR, "Setting RSA key exponent failed");
+ ret = -1;
goto exit;
}
goto exit;
}
@@
-1616,8
+1618,6
@@
static int ssl_certificate_is_invalid(const char *cert_file)
if (!(cert = ssl_certificate_load(cert_file)))
{
if (!(cert = ssl_certificate_load(cert_file)))
{
- log_ssl_errors(LOG_LEVEL_ERROR,
- "Error reading certificate file %s", cert_file);
return 1;
}
return 1;
}
@@
-1709,7
+1709,7
@@
static int set_subject_alternative_name(X509 *cert, X509 *issuer, const char *ho
/*********************************************************************
*
/*********************************************************************
*
- * Function : generate_
webpage
_certificate
+ * Function : generate_
host
_certificate
*
* Description : Creates certificate file in presetted directory.
* If certificate already exists, no other certificate
*
* Description : Creates certificate file in presetted directory.
* If certificate already exists, no other certificate
@@
-1725,7
+1725,7
@@
static int set_subject_alternative_name(X509 *cert, X509 *issuer, const char *ho
* 1 => Certificate created
*
*********************************************************************/
* 1 => Certificate created
*
*********************************************************************/
-static int generate_
webpage
_certificate(struct client_state *csp)
+static int generate_
host
_certificate(struct client_state *csp)
{
char *key_buf = NULL; /* Buffer for created key */
X509 *issuer_cert = NULL;
{
char *key_buf = NULL; /* Buffer for created key */
X509 *issuer_cert = NULL;
@@
-1942,7
+1942,7
@@
static int generate_webpage_certificate(struct client_state *csp)
serial_num = BN_new();
if (!serial_num)
{
serial_num = BN_new();
if (!serial_num)
{
- log_error(LOG_LEVEL_ERROR, "generate_
webpage
_certificate: memory error");
+ log_error(LOG_LEVEL_ERROR, "generate_
host
_certificate: memory error");
ret = -1;
goto exit;
}
ret = -1;
goto exit;
}