moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2025-02-28 17:31:46 -05:00
Code Issues Releases Wiki Activity

nss: refactor fmt_nickname() -> dup_nickname()

Browse Source 
Do not use artificial nicknames for certificates from files.
This commit is contained in:
Kamil Dudka 2011-08-26 14:53:26 +02:00
parent f6980bbf24
commit 052a08ff59
1 changed files with 14 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
lib/nss.c
View File

@ -278,17 +278,16 @@ static int is_file(const char *filename)
return 0; return 0;
} }
/* Return on heap allocated filename/nickname of a certificate. The returned /* Check if the given string is filename or nickname of a certificate. If the
* string should be later deallocated using free(). *is_nickname is set to * given string is recognized as filename, return NULL. If the given string is
* TRUE if the given string is treated as nickname; FALSE if the given string * recognized as nickname, return a duplicated string. The returned string
* is treated as file name. * should be later deallocated using free(). If the OOM failure occurs, we
* return NULL, too.
*/ */
static char *fmt_nickname(struct SessionHandle *data, enum dupstring cert_kind, static char* dup_nickname(struct SessionHandle *data, enum dupstring cert_kind)
bool *is_nickname)
{ {
const char *str = data->set.str[cert_kind]; const char *str = data->set.str[cert_kind];
const char *n; const char *n;
*is_nickname = TRUE;
if(!is_file(str)) if(!is_file(str))
/* no such file exists, use the string as nickname */ /* no such file exists, use the string as nickname */
@ -303,10 +302,7 @@ static char *fmt_nickname(struct SessionHandle *data, enum dupstring cert_kind,
} }
/* we'll use the PEM reader to read the certificate from file */ /* we'll use the PEM reader to read the certificate from file */
*is_nickname = FALSE; return NULL;
n++; /* skip last slash */
return aprintf("PEM Token #%d:%s", 1, n);
} }
#ifdef HAVE_PK11_CREATEGENERICOBJECT #ifdef HAVE_PK11_CREATEGENERICOBJECT
@ -1352,17 +1348,11 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
} }
if(data->set.str[STRING_CERT]) { if(data->set.str[STRING_CERT]) {
bool is_nickname; char *nickname = dup_nickname(data, STRING_CERT);
char *nickname = fmt_nickname(data, STRING_CERT, &is_nickname); if(!nickname && !cert_stuff(conn, sockindex, data->set.str[STRING_CERT],
if(!nickname) data->set.str[STRING_KEY]))
return CURLE_OUT_OF_MEMORY;
if(!is_nickname && !cert_stuff(conn, sockindex, data->set.str[STRING_CERT],
data->set.str[STRING_KEY])) {
/* failf() is already done in cert_stuff() */ /* failf() is already done in cert_stuff() */
free(nickname);
return CURLE_SSL_CERTPROBLEM; return CURLE_SSL_CERTPROBLEM;
}
/* store the nickname for SelectClientCert() called during handshake */ /* store the nickname for SelectClientCert() called during handshake */
connssl->client_nickname = nickname; connssl->client_nickname = nickname;
@ -1420,16 +1410,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
if(data->set.str[STRING_SSL_ISSUERCERT]) { if(data->set.str[STRING_SSL_ISSUERCERT]) {
SECStatus ret = SECFailure; SECStatus ret = SECFailure;
bool is_nickname; char *nickname = dup_nickname(data, STRING_SSL_ISSUERCERT);
char *nickname = fmt_nickname(data, STRING_SSL_ISSUERCERT, &is_nickname); if(nickname) {
if(!nickname)
return CURLE_OUT_OF_MEMORY;
if(is_nickname)
/* we support only nicknames in case of STRING_SSL_ISSUERCERT for now */ /* we support only nicknames in case of STRING_SSL_ISSUERCERT for now */
ret = check_issuer_cert(connssl->handle, nickname); ret = check_issuer_cert(connssl->handle, nickname);
free(nickname);
free(nickname); }
if(SECFailure == ret) { if(SECFailure == ret) {
infof(data,"SSL certificate issuer check failed\n"); infof(data,"SSL certificate issuer check failed\n");