moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Code Issues Releases Wiki Activity

openssl: use local stack for temp storage

Browse Source
This commit is contained in:
Daniel Stenberg 2017-04-25 15:28:50 +02:00
parent 7ee52c25f3
commit 799c7048dc
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/vtls/openssl.c
View File

@ -236,8 +236,8 @@ static CURLcode Curl_ossl_seed(struct Curl_easy *data)
/* we have the "SSL is seeded" boolean static to prevent multiple /* we have the "SSL is seeded" boolean static to prevent multiple
time-consuming seedings in vain */ time-consuming seedings in vain */
static bool ssl_seeded = FALSE; static bool ssl_seeded = FALSE;
char *buf = data->state.buffer; /* point to the big buffer */
int nread=0; int nread=0;
char fname[256];
if(ssl_seeded) if(ssl_seeded)
return CURLE_OK; return CURLE_OK;
@ -297,11 +297,11 @@ static CURLcode Curl_ossl_seed(struct Curl_easy *data)
} while(!rand_enough()); } while(!rand_enough());
/* generates a default path for the random seed file */ /* generates a default path for the random seed file */
buf[0]=0; /* blank it first */ fname[0]=0; /* blank it first */
RAND_file_name(buf, BUFSIZE); RAND_file_name(fname, sizeof(fname));
if(buf[0]) { if(fname[0]) {
/* we got a file name to try */ /* we got a file name to try */
nread += RAND_load_file(buf, RAND_LOAD_LENGTH); nread += RAND_load_file(fname, RAND_LOAD_LENGTH);
if(rand_enough()) if(rand_enough())
return nread; return nread;
} }
@ -2807,7 +2807,7 @@ static CURLcode servercert(struct connectdata *conn,
struct Curl_easy *data = conn->data; struct Curl_easy *data = conn->data;
X509 *issuer; X509 *issuer;
FILE *fp; FILE *fp;
char *buffer = data->state.buffer; char buffer[2048];
const char *ptr; const char *ptr;
long * const certverifyresult = SSL_IS_PROXY() ? long * const certverifyresult = SSL_IS_PROXY() ?
&data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult; &data->set.proxy_ssl.certverifyresult : &data->set.ssl.certverifyresult;
@ -2830,7 +2830,7 @@ static CURLcode servercert(struct connectdata *conn,
infof(data, "%s certificate:\n", SSL_IS_PROXY() ? "Proxy" : "Server"); infof(data, "%s certificate:\n", SSL_IS_PROXY() ? "Proxy" : "Server");
rc = x509_name_oneline(X509_get_subject_name(connssl->server_cert), rc = x509_name_oneline(X509_get_subject_name(connssl->server_cert),
buffer, BUFSIZE); buffer, sizeof(buffer));
infof(data, " subject: %s\n", rc?"[NONE]":buffer); infof(data, " subject: %s\n", rc?"[NONE]":buffer);
ASN1_TIME_print(mem, X509_get0_notBefore(connssl->server_cert)); ASN1_TIME_print(mem, X509_get0_notBefore(connssl->server_cert));
@ -2855,7 +2855,7 @@ static CURLcode servercert(struct connectdata *conn,
} }
rc = x509_name_oneline(X509_get_issuer_name(connssl->server_cert), rc = x509_name_oneline(X509_get_issuer_name(connssl->server_cert),
buffer, BUFSIZE); buffer, sizeof(buffer));
if(rc) { if(rc) {
if(strict) if(strict)
failf(data, "SSL: couldn't get X509-issuer name!"); failf(data, "SSL: couldn't get X509-issuer name!");