X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=openssl.c;h=e6973103ed057c4208d469564eb15f50941df5ea;hp=cfcc59e8b1efa6bbce978e8708abe654ba7ed1c5;hb=691c4f59e98481dd056abbab8b86d5a4294481a5;hpb=1b53e0968d329557c1b7ed00f50a6be5efbb2a58

diff --git a/openssl.c b/openssl.c
index cfcc59e8..e6973103 100644
--- a/openssl.c
+++ b/openssl.c
@@ -58,7 +58,7 @@
 #define VALID_DATETIME_FMT                       "%y%m%d%H%M%SZ"
 #define VALID_DATETIME_BUFLEN                    16
 
-static int generate_webpage_certificate(struct client_state *csp);
+static int generate_host_certificate(struct client_state *csp);
 static void free_client_ssl_structures(struct client_state *csp);
 static void free_server_ssl_structures(struct client_state *csp);
 static int ssl_store_cert(struct client_state *csp, X509* crt);
@@ -308,7 +308,7 @@ static int ssl_store_cert(struct client_state *csp, X509* crt)
     */
    if (!PEM_write_bio_X509(bio, crt))
    {
-      log_ssl_errors(LOG_LEVEL_ERROR, "PEM_write_X509() failed");
+      log_ssl_errors(LOG_LEVEL_ERROR, "PEM_write_bio_X509() failed");
       ret = -1;
       goto exit;
    }
@@ -783,11 +783,11 @@ extern int create_client_ssl_connection(struct client_state *csp)
     */
    privoxy_mutex_lock(&certificate_mutex);
 
-   ret = generate_webpage_certificate(csp);
+   ret = generate_host_certificate(csp);
    if (ret < 0)
    {
       log_error(LOG_LEVEL_ERROR,
-         "Generate_webpage_certificate failed: %d", ret);
+         "generate_host_certificate failed: %d", ret);
       privoxy_mutex_unlock(&certificate_mutex);
       ret = -1;
       goto exit;
@@ -1287,7 +1287,7 @@ extern int ssl_base64_encode(unsigned char *dst, size_t dlen, size_t *olen,
                              const unsigned char *src, size_t slen)
 {
    *olen = 4 * ((slen/3)  + ((slen%3) ? 1 : 0)) + 1;
-   if (*olen < dlen)
+   if (*olen > dlen)
    {
       return ENOBUFS;
    }
@@ -1472,39 +1472,41 @@ exit:
 static int generate_key(struct client_state *csp, char **key_buf)
 {
    int ret = 0;
-   char* key_file_path = NULL;
-   BIGNUM *exp = BN_new();
-   RSA *rsa = RSA_new();
-   EVP_PKEY *key = EVP_PKEY_new();
+   char* key_file_path;
+   BIGNUM *exp;
+   RSA *rsa;
+   EVP_PKEY *key;
 
-   if (exp == NULL || rsa == NULL || key == NULL)
+   key_file_path = make_certs_path(csp->config->certificate_directory,
+      (char *)csp->http->hash_of_host_hex, KEY_FILE_TYPE);
+   if (key_file_path == NULL)
    {
-      log_ssl_errors(LOG_LEVEL_ERROR, "RSA key memory allocation failure");
-      ret = -1;
-      goto exit;
+      return -1;
    }
 
-   if (BN_set_word(exp, RSA_KEY_PUBLIC_EXPONENT) != 1)
+   /*
+    * Test if key already exists. If so, we don't have to create it again.
+    */
+   if (file_exists(key_file_path) == 1)
    {
-      log_ssl_errors(LOG_LEVEL_ERROR, "Setting RSA key exponent failed");
-      ret = -1;
-      goto exit;
+      freez(key_file_path);
+      return 0;
    }
 
-   key_file_path = make_certs_path(csp->config->certificate_directory,
-      (char *)csp->http->hash_of_host_hex, KEY_FILE_TYPE);
-   if (key_file_path == NULL)
+   exp = BN_new();
+   rsa = RSA_new();
+   key = EVP_PKEY_new();
+   if (exp == NULL || rsa == NULL || key == NULL)
    {
+      log_ssl_errors(LOG_LEVEL_ERROR, "RSA key memory allocation failure");
       ret = -1;
       goto exit;
    }
 
-   /*
-    * Test if key already exists. If so, we don't have to create it again.
-    */
-   if (file_exists(key_file_path) == 1)
+   if (BN_set_word(exp, RSA_KEY_PUBLIC_EXPONENT) != 1)
    {
-      ret = 0;
+      log_ssl_errors(LOG_LEVEL_ERROR, "Setting RSA key exponent failed");
+      ret = -1;
       goto exit;
    }
 
@@ -1616,8 +1618,6 @@ static int ssl_certificate_is_invalid(const char *cert_file)
 
    if (!(cert = ssl_certificate_load(cert_file)))
    {
-      log_ssl_errors(LOG_LEVEL_ERROR,
-         "Error reading certificate file %s", cert_file);
       return 1;
    }
 
@@ -1709,7 +1709,7 @@ static int set_subject_alternative_name(X509 *cert, X509 *issuer, const char *ho
 
 /*********************************************************************
  *
- * Function    :  generate_webpage_certificate
+ * Function    :  generate_host_certificate
  *
  * Description :  Creates certificate file in presetted directory.
  *                If certificate already exists, no other certificate
@@ -1725,7 +1725,7 @@ static int set_subject_alternative_name(X509 *cert, X509 *issuer, const char *ho
  *                 1 => Certificate created
  *
  *********************************************************************/
-static int generate_webpage_certificate(struct client_state *csp)
+static int generate_host_certificate(struct client_state *csp)
 {
    char *key_buf = NULL;    /* Buffer for created key */
    X509 *issuer_cert = NULL;
@@ -1942,7 +1942,7 @@ static int generate_webpage_certificate(struct client_state *csp)
    serial_num = BN_new();
    if (!serial_num)
    {
-      log_error(LOG_LEVEL_ERROR, "generate_webpage_certificate: memory error");
+      log_error(LOG_LEVEL_ERROR, "generate_host_certificate: memory error");
       ret = -1;
       goto exit;
    }