X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=openssl.c;h=e3717af5db842e5135a0e2e0d60694c1613f061c;hp=2c065cc50aa3f2476fdd1ac63962caa0fb40c282;hb=9476a25ff5683725af2d86a83735395208e4d961;hpb=c83713758e9465e03ec3b0228c433e6f2d843352

diff --git a/openssl.c b/openssl.c
index 2c065cc5..e3717af5 100644
--- a/openssl.c
+++ b/openssl.c
@@ -396,6 +396,7 @@ static int ssl_store_cert(struct client_state *csp, X509* crt)
    }
    else
    {
+      int i;
       if (bs->type == V_ASN1_NEG_INTEGER)
       {
          if (BIO_puts(bio, " (Negative)") < 0)
@@ -405,7 +406,7 @@ static int ssl_store_cert(struct client_state *csp, X509* crt)
             goto exit;
          }
       }
-      for (int i = 0; i < bs->length; i++)
+      for (i = 0; i < bs->length; i++)
       {
          if (BIO_printf(bio, "%02x%c", bs->data[i],
                ((i + 1 == bs->length) ? '\n' : ':')) <= 0)
@@ -653,6 +654,13 @@ static int ssl_store_cert(struct client_state *csp, X509* crt)
    BIO_write(bio, &zero, 1);
 
    len = BIO_get_mem_data(bio, &bio_mem_data);
+   if (len <= 0)
+   {
+      log_error(LOG_LEVEL_ERROR, "BIO_get_mem_data() returned %d "
+         "while gathering certificate information", len);
+      ret = -1;
+      goto exit;
+   }
    encoded_text = html_encode(bio_mem_data);
    if (encoded_text == NULL)
    {
@@ -735,7 +743,6 @@ extern int create_client_ssl_connection(struct client_state *csp)
    struct ssl_attr *ssl_attr = &csp->ssl_client_attr;
    /* Paths to certificates file and key file */
    char *key_file  = NULL;
-   char *ca_file   = NULL;
    char *cert_file = NULL;
    int ret = 0;
    SSL *ssl;
@@ -759,7 +766,6 @@ extern int create_client_ssl_connection(struct client_state *csp)
    /*
     * Preparing paths to certificates files and key file
     */
-   ca_file   = csp->config->ca_cert_file;
    cert_file = make_certs_path(csp->config->certificate_directory,
       (const char *)csp->http->hash_of_host_hex, CERT_FILE_TYPE);
    key_file  = make_certs_path(csp->config->certificate_directory,
@@ -1142,7 +1148,8 @@ extern int create_server_ssl_connection(struct client_state *csp)
    chain = SSL_get_peer_cert_chain(ssl);
    if (chain)
    {
-      for (int i = 0; i < sk_X509_num(chain); i++)
+      int i;
+      for (i = 0; i < sk_X509_num(chain); i++)
       {
          if (ssl_store_cert(csp, sk_X509_value(chain, i)) != 0)
          {
@@ -1795,6 +1802,25 @@ static int generate_webpage_certificate(struct client_state *csp)
       }
    }
 
+   if (file_exists(cert_opt.output_file) == 0 &&
+       file_exists(cert_opt.subject_key) == 1)
+   {
+      log_error(LOG_LEVEL_ERROR,
+         "A website key already exists but there's no matching certificate. "
+         "Removing %s before creating a new key and certificate.",
+         cert_opt.subject_key);
+      if (unlink(cert_opt.subject_key))
+      {
+         log_error(LOG_LEVEL_ERROR, "Failed to unlink %s: %E",
+            cert_opt.subject_key);
+
+         freez(cert_opt.output_file);
+         freez(cert_opt.subject_key);
+
+         return -1;
+      }
+   }
+
    /*
     * Create key for requested host
     */