[TLS backends] Miscellaneous fixes

* Certificate fingerprint length functions return an "int", so use an int when calculating the length * Clean up the OpenSSL certificate fingerprint if() and indentation mess
2016-04-27 21:43:54 +00:00 · 2016-04-27 21:43:54 +00:00 · e3760ba710
commit e3760ba710
parent d6acb43769
3 changed files with 23 additions and 21 deletions
--- a/librb/src/gnutls.c
+++ b/librb/src/gnutls.c
@ -602,14 +602,14 @@ rb_get_ssl_strerror(rb_fde_t *F)
 	return gnutls_strerror(F->ssl_errno);
 }

-static unsigned int
+static int
 make_certfp(gnutls_x509_crt_t cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
 {
 	gnutls_digest_algorithm_t algo;
 	uint8_t digest[RB_SSL_CERTFP_LEN * 2];
 	size_t digest_size;
 	bool spki = false;
-	unsigned int len;
+	int len;

 	switch(method)
 	{
--- a/librb/src/mbedtls.c
+++ b/librb/src/mbedtls.c
@ -544,7 +544,7 @@ make_certfp(const mbedtls_x509_crt *peer_cert, uint8_t certfp[RB_SSL_CERTFP_LEN]
 	mbedtls_md_type_t md_type;
 	bool spki = false;
 	int ret;
-	size_t len;
+	int len;

 	switch (method)
 	{
--- a/librb/src/openssl.c
+++ b/librb/src/openssl.c
@ -710,13 +710,13 @@ rb_get_ssl_strerror(rb_fde_t *F)
 	return get_ssl_error(F->ssl_errno);
 }

-static unsigned int
+static int
 make_certfp(X509 *cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
 {
 	const ASN1_ITEM *it;
 	const EVP_MD *evp;
 	void *data;
-	unsigned int len;
+	int len;

 	switch(method)
 	{
@ -762,6 +762,7 @@ make_certfp(X509 *cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
 int
 rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
 {
+	int len = 0;
 	X509 *cert;
 	int res;

@ -769,25 +770,26 @@ rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
 		return 0;

 	cert = SSL_get_peer_certificate((SSL *) F->ssl);
-	if(cert != NULL)
+	if(cert == NULL)
+		return 0;
+
+	res = SSL_get_verify_result((SSL *) F->ssl);
+	switch(res)
 	{
-		res = SSL_get_verify_result((SSL *) F->ssl);
-		if(
-			res == X509_V_OK ||
-			res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
-			res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
-			res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
-			res == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ||
-			res == X509_V_ERR_CERT_UNTRUSTED)
-		{
-			unsigned int len = make_certfp(cert, certfp, method);
-			X509_free(cert);
-			return len;
-		}
-		X509_free(cert);
+	case X509_V_OK:
+	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+	case X509_V_ERR_CERT_UNTRUSTED:
+		len = make_certfp(cert, certfp, method);
+
+	default:	/* to silence code inspectors */
+		break;
 	}

-	return 0;
+	X509_free(cert);
+	return len;
 }

 int