mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
removed the use of the global array for the password that was necessary
for OpenSSL versions prior to 0.9.4, this is conditional and should still work with older versions.
This commit is contained in:
parent
2d68ea45d8
commit
bd0afd8db4
27
lib/ssluse.c
27
lib/ssluse.c
@ -42,21 +42,29 @@
|
|||||||
#include "memdebug.h"
|
#include "memdebug.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if OPENSSL_VERSION_NUMBER >= 0x00904100L
|
||||||
|
#define HAVE_USERDATA_IN_PWD_CALLBACK 1
|
||||||
|
#else
|
||||||
|
#undef HAVE_USERDATA_IN_PWD_CALLBACK
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef HAVE_USERDATA_IN_PWD_CALLBACK
|
||||||
static char global_passwd[64];
|
static char global_passwd[64];
|
||||||
|
#endif
|
||||||
|
|
||||||
static int passwd_callback(char *buf, int num, int verify
|
static int passwd_callback(char *buf, int num, int verify
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x00904100L
|
#if HAVE_USERDATA_IN_PWD_CALLBACK
|
||||||
/* This was introduced in 0.9.4, we can set this
|
/* This was introduced in 0.9.4, we can set this
|
||||||
using SSL_CTX_set_default_passwd_cb_userdata()
|
using SSL_CTX_set_default_passwd_cb_userdata()
|
||||||
*/
|
*/
|
||||||
, void *userdata
|
, void *global_passwd
|
||||||
#endif
|
#endif
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
if(verify)
|
if(verify)
|
||||||
fprintf(stderr, "%s\n", buf);
|
fprintf(stderr, "%s\n", buf);
|
||||||
else {
|
else {
|
||||||
if(num > strlen(global_passwd)) {
|
if(num > (int)strlen((char *)global_passwd)) {
|
||||||
strcpy(buf, global_passwd);
|
strcpy(buf, global_passwd);
|
||||||
return strlen(buf);
|
return strlen(buf);
|
||||||
}
|
}
|
||||||
@ -68,7 +76,10 @@ static
|
|||||||
bool seed_enough(struct connectdata *conn, /* unused for now */
|
bool seed_enough(struct connectdata *conn, /* unused for now */
|
||||||
int nread)
|
int nread)
|
||||||
{
|
{
|
||||||
|
conn = NULL; /* to prevent compiler warnings */
|
||||||
#ifdef HAVE_RAND_STATUS
|
#ifdef HAVE_RAND_STATUS
|
||||||
|
nread = 0; /* to prevent compiler warnings */
|
||||||
|
|
||||||
/* only available in OpenSSL 0.9.5a and later */
|
/* only available in OpenSSL 0.9.5a and later */
|
||||||
if(RAND_status())
|
if(RAND_status())
|
||||||
return TRUE;
|
return TRUE;
|
||||||
@ -171,11 +182,18 @@ int cert_stuff(struct connectdata *conn,
|
|||||||
X509 *x509;
|
X509 *x509;
|
||||||
|
|
||||||
if(data->cert_passwd) {
|
if(data->cert_passwd) {
|
||||||
|
#ifndef HAVE_USERDATA_IN_PWD_CALLBACK
|
||||||
/*
|
/*
|
||||||
* If password has been given, we store that in the global
|
* If password has been given, we store that in the global
|
||||||
* area (*shudder*) for a while:
|
* area (*shudder*) for a while:
|
||||||
*/
|
*/
|
||||||
strcpy(global_passwd, data->cert_passwd);
|
strcpy(global_passwd, data->cert_passwd);
|
||||||
|
#else
|
||||||
|
/*
|
||||||
|
* We set the password in the callback userdata
|
||||||
|
*/
|
||||||
|
SSL_CTX_set_default_passwd_cb_userdata(conn->ssl.ctx, data->cert_passwd);
|
||||||
|
#endif
|
||||||
/* Set passwd callback: */
|
/* Set passwd callback: */
|
||||||
SSL_CTX_set_default_passwd_cb(conn->ssl.ctx, passwd_callback);
|
SSL_CTX_set_default_passwd_cb(conn->ssl.ctx, passwd_callback);
|
||||||
}
|
}
|
||||||
@ -214,9 +232,10 @@ int cert_stuff(struct connectdata *conn,
|
|||||||
failf(data, "Private key does not match the certificate public key\n");
|
failf(data, "Private key does not match the certificate public key\n");
|
||||||
return(0);
|
return(0);
|
||||||
}
|
}
|
||||||
|
#ifndef HAVE_USERDATA_IN_PWD_CALLBACK
|
||||||
/* erase it now */
|
/* erase it now */
|
||||||
memset(global_passwd, 0, sizeof(global_passwd));
|
memset(global_passwd, 0, sizeof(global_passwd));
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
return(1);
|
return(1);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user