return -1;
}
+ if (enforce_sane_certificate_state(cert_opt.output_file,
+ cert_opt.subject_key))
+ {
+ freez(cert_opt.output_file);
+ freez(cert_opt.subject_key);
+
+ return -1;
+ }
+
if (file_exists(cert_opt.output_file) == 1)
{
/* The file exists, but is it valid? */
}
}
- if (file_exists(cert_opt.output_file) == 0 &&
- file_exists(cert_opt.subject_key) == 1)
- {
- log_error(LOG_LEVEL_ERROR,
- "A website key already exists but there's no matching certificate. "
- "Removing %s before creating a new key and certificate.",
- cert_opt.subject_key);
- if (unlink(cert_opt.subject_key))
- {
- log_error(LOG_LEVEL_ERROR, "Failed to unlink %s: %E",
- cert_opt.subject_key);
-
- freez(cert_opt.output_file);
- freez(cert_opt.subject_key);
-
- return -1;
- }
- }
-
/*
* Create key for requested host
*/
{
char buf[CERT_INFO_BUF_SIZE];
char *encoded_text;
+#define CERT_INFO_PREFIX ""
mbedtls_x509_crt_info(buf, sizeof(buf), CERT_INFO_PREFIX, crt);
encoded_text = html_encode(buf);
#error mbedTLS needs to be compiled with md5 support
#else
memset(csp->http->hash_of_host, 0, sizeof(csp->http->hash_of_host));
- mbedtls_md5((unsigned char *)csp->http->host, strlen(csp->http->host),
- csp->http->hash_of_host);
+ ret = mbedtls_md5_ret((unsigned char *)csp->http->host,
+ strlen(csp->http->host), csp->http->hash_of_host);
+ if (ret != 0)
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Failed to generate md5 hash of host %s: %d",
+ csp->http->host, ret);
+ return -1;
+ }
/* Converting hash into string with hex */
size_t i = 0;
*********************************************************************/
extern void ssl_crt_verify_info(char *buf, size_t size, struct client_state *csp)
{
- mbedtls_x509_crt_verify_info(buf, size, " ", csp->server_cert_verification_result);
+ char *last_byte;
+
+ mbedtls_x509_crt_verify_info(buf, size, "",
+ csp->server_cert_verification_result);
+ last_byte = buf + strlen(buf)-1;
+ if (*last_byte == '\n')
+ {
+ /* Overwrite trailing new line character */
+ *last_byte = '\0';
+ }
}
projects / privoxy.git / blobdiff