mirror of
https://github.com/moparisthebest/curl
synced 2024-12-23 16:48:49 -05:00
parent
02346abc32
commit
9b5f2ad329
@ -73,6 +73,17 @@ struct ssl_backend_data
|
||||
static Curl_recv mesalink_recv;
|
||||
static Curl_send mesalink_send;
|
||||
|
||||
static int do_file_type(const char *type)
|
||||
{
|
||||
if(!type || !type[0])
|
||||
return SSL_FILETYPE_PEM;
|
||||
if(strcasecompare(type, "PEM"))
|
||||
return SSL_FILETYPE_PEM;
|
||||
if(strcasecompare(type, "DER"))
|
||||
return SSL_FILETYPE_ASN1;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/*
|
||||
* This function loads all the client/CA certificates and CRLs. Setup the TLS
|
||||
* layer and do all necessary magic.
|
||||
@ -83,9 +94,6 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex)
|
||||
char *ciphers;
|
||||
struct Curl_easy *data = conn->data;
|
||||
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
|
||||
const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
|
||||
const char *const ssl_cafile = SSL_CONN_CONFIG(CAfile);
|
||||
const char *const ssl_capath = SSL_CONN_CONFIG(CApath);
|
||||
struct in_addr addr4;
|
||||
#ifdef ENABLE_IPV6
|
||||
struct in6_addr addr6;
|
||||
@ -142,21 +150,25 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex)
|
||||
}
|
||||
|
||||
SSL_CTX_set_verify(
|
||||
BACKEND->ctx, verifypeer ? SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
|
||||
BACKEND->ctx, SSL_CONN_CONFIG(verifypeer) ?
|
||||
SSL_VERIFY_PEER : SSL_VERIFY_NONE, NULL);
|
||||
|
||||
if(ssl_cafile || ssl_capath) {
|
||||
if(!SSL_CTX_load_verify_locations(BACKEND->ctx, ssl_cafile, ssl_capath)) {
|
||||
if(verifypeer) {
|
||||
if(SSL_CONN_CONFIG(CAfile) || SSL_CONN_CONFIG(CApath)) {
|
||||
if(!SSL_CTX_load_verify_locations(BACKEND->ctx, SSL_CONN_CONFIG(CAfile),
|
||||
SSL_CONN_CONFIG(CApath))) {
|
||||
if(SSL_CONN_CONFIG(verifypeer)) {
|
||||
failf(data,
|
||||
"error setting certificate verify locations:\n"
|
||||
" CAfile: %s\n CApath: %s",
|
||||
ssl_cafile ? ssl_cafile : "none",
|
||||
ssl_capath ? ssl_capath : "none");
|
||||
SSL_CONN_CONFIG(CAfile) ?
|
||||
SSL_CONN_CONFIG(CAfile) : "none",
|
||||
SSL_CONN_CONFIG(CApath) ?
|
||||
SSL_CONN_CONFIG(CApath) : "none");
|
||||
return CURLE_SSL_CACERT_BADFILE;
|
||||
}
|
||||
infof(data,
|
||||
"error setting certificate verify locations,"
|
||||
" continuing anyway:\n");
|
||||
"error setting certificate verify locations,"
|
||||
" continuing anyway:\n");
|
||||
}
|
||||
else {
|
||||
infof(data, "successfully set certificate verify locations:\n");
|
||||
@ -164,8 +176,32 @@ mesalink_connect_step1(struct connectdata *conn, int sockindex)
|
||||
infof(data,
|
||||
" CAfile: %s\n"
|
||||
" CApath: %s\n",
|
||||
ssl_cafile ? ssl_cafile : "none",
|
||||
ssl_capath ? ssl_capath : "none");
|
||||
SSL_CONN_CONFIG(CAfile)?
|
||||
SSL_CONN_CONFIG(CAfile): "none",
|
||||
SSL_CONN_CONFIG(CApath)?
|
||||
SSL_CONN_CONFIG(CApath): "none");
|
||||
}
|
||||
|
||||
if(SSL_SET_OPTION(cert) && SSL_SET_OPTION(key)) {
|
||||
int file_type = do_file_type(SSL_SET_OPTION(cert_type));
|
||||
|
||||
if(SSL_CTX_use_certificate_chain_file(BACKEND->ctx, SSL_SET_OPTION(cert),
|
||||
file_type) != 1) {
|
||||
failf(data, "unable to use client certificate (no key or wrong pass"
|
||||
" phrase?)");
|
||||
return CURLE_SSL_CONNECT_ERROR;
|
||||
}
|
||||
|
||||
file_type = do_file_type(SSL_SET_OPTION(key_type));
|
||||
if(SSL_CTX_use_PrivateKey_file(BACKEND->ctx, SSL_SET_OPTION(key),
|
||||
file_type) != 1) {
|
||||
failf(data, "unable to set private key");
|
||||
return CURLE_SSL_CONNECT_ERROR;
|
||||
}
|
||||
infof(data,
|
||||
"client cert: %s\n",
|
||||
SSL_CONN_CONFIG(clientcert)?
|
||||
SSL_CONN_CONFIG(clientcert): "none");
|
||||
}
|
||||
|
||||
ciphers = SSL_CONN_CONFIG(cipher_list);
|
||||
|
Loading…
Reference in New Issue
Block a user