projects
/
privoxy.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
ssl_send_certificate_error(): Remove a 'dead nested assignment'
[privoxy.git]
/
openssl.c
diff --git
a/openssl.c
b/openssl.c
index
4dac8ea
..
4b1fceb
100644
(file)
--- a/
openssl.c
+++ b/
openssl.c
@@
-8,7
+8,7
@@
*
* Copyright : Written by and Copyright (c) 2020 Maxim Antonov <mantonov@gmail.com>
* Copyright (C) 2017 Vaclav Svec. FIT CVUT.
*
* Copyright : Written by and Copyright (c) 2020 Maxim Antonov <mantonov@gmail.com>
* Copyright (C) 2017 Vaclav Svec. FIT CVUT.
- * Copyright (C) 2018-202
0
by Fabian Keil <fk@fabiankeil.de>
+ * Copyright (C) 2018-202
2
by Fabian Keil <fk@fabiankeil.de>
*
* This program is free software; you can redistribute it
* and/or modify it under the terms of the GNU General
*
* This program is free software; you can redistribute it
* and/or modify it under the terms of the GNU General
@@
-38,6
+38,13
@@
#include <openssl/pem.h>
#include <openssl/md5.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include <openssl/md5.h>
#include <openssl/x509v3.h>
+#ifdef _WIN32
+/* https://www.openssl.org/docs/faq.html
+ I’ve compiled a program under Windows and it crashes: Why?
+ tl,dr: because it needs this include:
+*/
+#include <openssl/applink.c>
+#endif /* _WIN32 */
#include "config.h"
#include "project.h"
#include "config.h"
#include "project.h"
@@
-302,7
+309,7
@@
static int ssl_store_cert(struct client_state *csp, X509 *crt)
last->next = malloc_or_die(sizeof(struct certs_chain));
last->next->next = NULL;
memset(last->next->info_buf, 0, sizeof(last->next->info_buf));
last->next = malloc_or_die(sizeof(struct certs_chain));
last->next->next = NULL;
memset(last->next->info_buf, 0, sizeof(last->next->info_buf));
-
memset(last->next->file_buf, 0, sizeof(last->next->file_buf))
;
+
last->next->file_buf = NULL
;
/*
* Saving certificate file into buffer
/*
* Saving certificate file into buffer
@@
-316,15
+323,18
@@
static int ssl_store_cert(struct client_state *csp, X509 *crt)
len = BIO_get_mem_data(bio, &bio_mem_data);
len = BIO_get_mem_data(bio, &bio_mem_data);
- if (len > (sizeof(last->file_buf) - 1))
+ last->file_buf = malloc((size_t)len + 1);
+ if (last->file_buf == NULL)
{
log_error(LOG_LEVEL_ERROR,
{
log_error(LOG_LEVEL_ERROR,
- "X509 PEM cert len %ld is larger than buffer len %lu",
- len, sizeof(last->file_buf) - 1);
- len = sizeof(last->file_buf) - 1;
+ "Failed to allocate %lu bytes to store the X509 PEM certificate",
+ len + 1);
+ ret = -1;
+ goto exit;
}
strncpy(last->file_buf, bio_mem_data, (size_t)len);
}
strncpy(last->file_buf, bio_mem_data, (size_t)len);
+ last->file_buf[len] = '\0';
BIO_free(bio);
bio = BIO_new(BIO_s_mem());
if (!bio)
BIO_free(bio);
bio = BIO_new(BIO_s_mem());
if (!bio)
@@
-787,17
+797,16
@@
extern int create_client_ssl_connection(struct client_state *csp)
* certificate and key inconsistence must be locked.
*/
privoxy_mutex_lock(&certificate_mutex);
* certificate and key inconsistence must be locked.
*/
privoxy_mutex_lock(&certificate_mutex);
-
ret = generate_host_certificate(csp);
ret = generate_host_certificate(csp);
+ privoxy_mutex_unlock(&certificate_mutex);
+
if (ret < 0)
{
log_error(LOG_LEVEL_ERROR,
"generate_host_certificate failed: %d", ret);
if (ret < 0)
{
log_error(LOG_LEVEL_ERROR,
"generate_host_certificate failed: %d", ret);
- privoxy_mutex_unlock(&certificate_mutex);
ret = -1;
goto exit;
}
ret = -1;
goto exit;
}
- privoxy_mutex_unlock(&certificate_mutex);
if (!(ssl_attr->openssl_attr.ctx = SSL_CTX_new(SSLv23_server_method())))
{
if (!(ssl_attr->openssl_attr.ctx = SSL_CTX_new(SSLv23_server_method())))
{
@@
-1152,6
+1161,11
@@
extern int create_server_ssl_connection(struct client_state *csp)
goto exit;
}
goto exit;
}
+ /*
+ * XXX: Do we really have to do this always?
+ * Probably it's sufficient to do if the verification fails
+ * in which case we're sending the certificates to the client.
+ */
chain = SSL_get_peer_cert_chain(ssl);
if (chain)
{
chain = SSL_get_peer_cert_chain(ssl);
if (chain)
{
@@
-1978,7
+1992,7
@@
static int generate_host_certificate(struct client_state *csp)
goto exit;
}
goto exit;
}
- issuer_name = X509_get_
issuer
_name(issuer_cert);
+ issuer_name = X509_get_
subject
_name(issuer_cert);
/*
* Loading keys from file or from buffer
/*
* Loading keys from file or from buffer