From: Fabian Keil Date: Sat, 16 Jan 2021 13:52:55 +0000 (+0100) Subject: Factor out enforce_sane_certificate_state() X-Git-Tag: v_3_0_30~96 X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=e6c7a0409aed822fc6a8ad8028b7e7bde0b711ac Factor out enforce_sane_certificate_state() --- diff --git a/openssl.c b/openssl.c index e6973103..d27f9187 100644 --- a/openssl.c +++ b/openssl.c @@ -1764,6 +1764,15 @@ static int generate_host_certificate(struct client_state *csp) return -1; } + if (enforce_sane_certificate_state(cert_opt.output_file, + cert_opt.subject_key)) + { + freez(cert_opt.output_file); + freez(cert_opt.subject_key); + + return -1; + } + if (file_exists(cert_opt.output_file) == 1) { /* The file exists, but is it valid? */ @@ -1802,25 +1811,6 @@ static int generate_host_certificate(struct client_state *csp) } } - if (file_exists(cert_opt.output_file) == 0 && - file_exists(cert_opt.subject_key) == 1) - { - log_error(LOG_LEVEL_ERROR, - "A website key already exists but there's no matching certificate. " - "Removing %s before creating a new key and certificate.", - cert_opt.subject_key); - if (unlink(cert_opt.subject_key)) - { - log_error(LOG_LEVEL_ERROR, "Failed to unlink %s: %E", - cert_opt.subject_key); - - freez(cert_opt.output_file); - freez(cert_opt.subject_key); - - return -1; - } - } - /* * Create key for requested host */ diff --git a/ssl.c b/ssl.c index 58f0bb3b..ebcac3f2 100644 --- a/ssl.c +++ b/ssl.c @@ -1310,6 +1310,15 @@ static int generate_host_certificate(struct client_state *csp) return -1; } + if (enforce_sane_certificate_state(cert_opt.output_file, + cert_opt.subject_key)) + { + freez(cert_opt.output_file); + freez(cert_opt.subject_key); + + return -1; + } + if (file_exists(cert_opt.output_file) == 1) { /* The file exists, but is it valid? */ @@ -1348,25 +1357,6 @@ static int generate_host_certificate(struct client_state *csp) } } - if (file_exists(cert_opt.output_file) == 0 && - file_exists(cert_opt.subject_key) == 1) - { - log_error(LOG_LEVEL_ERROR, - "A website key already exists but there's no matching certificate. " - "Removing %s before creating a new key and certificate.", - cert_opt.subject_key); - if (unlink(cert_opt.subject_key)) - { - log_error(LOG_LEVEL_ERROR, "Failed to unlink %s: %E", - cert_opt.subject_key); - - freez(cert_opt.output_file); - freez(cert_opt.subject_key); - - return -1; - } - } - /* * Create key for requested host */ diff --git a/ssl_common.c b/ssl_common.c index 41f05757..6d2e11f6 100644 --- a/ssl_common.c +++ b/ssl_common.c @@ -31,6 +31,7 @@ #include #include +#include #include "config.h" #include "project.h" #include "miscutil.h" @@ -698,3 +699,37 @@ extern int host_is_ip_address(const char *host) return 1; } + + +/********************************************************************* + * + * Function : enforce_sane_certificate_state + * + * Description : Makes sure the certificate state is sane. + * + * Parameters : + * 1 : certificate = Path to the potentionally existing certifcate. + * 2 : key = Path to the potentionally existing key. + * + * Returns : -1 => Error + * 0 => Certificate state is sane + * + *********************************************************************/ +extern int enforce_sane_certificate_state(const char *certificate, const char *key) +{ + if (file_exists(certificate) == 0 && file_exists(key) == 1) + { + log_error(LOG_LEVEL_ERROR, + "A website key already exists but there's no matching certificate. " + "Removing %s before creating a new key and certificate.", key); + if (unlink(key)) + { + log_error(LOG_LEVEL_ERROR, "Failed to unlink %s: %E", key); + + return -1; + } + } + + return 0; + +} diff --git a/ssl_common.h b/ssl_common.h index 3caa17cf..5075ca8e 100644 --- a/ssl_common.h +++ b/ssl_common.h @@ -74,5 +74,6 @@ extern unsigned long get_certificate_serial(struct client_state *csp); extern int get_certificate_valid_from_date(char *buffer, size_t buffer_size, const char *fmt); extern int get_certificate_valid_to_date(char *buffer, size_t buffer_size, const char *fmt); extern int host_is_ip_address(const char *host); +extern int enforce_sane_certificate_state(const char *certificate, const char *key); #endif /* ndef SSL_COMMON_H_INCLUDED */