[TLS backends] Miscellaneous fixes
* Certificate fingerprint length functions return an "int", so use an int when calculating the length * Clean up the OpenSSL certificate fingerprint if() and indentation mess
This commit is contained in:
parent
d6acb43769
commit
e3760ba710
3 changed files with 23 additions and 21 deletions
|
@ -602,14 +602,14 @@ rb_get_ssl_strerror(rb_fde_t *F)
|
||||||
return gnutls_strerror(F->ssl_errno);
|
return gnutls_strerror(F->ssl_errno);
|
||||||
}
|
}
|
||||||
|
|
||||||
static unsigned int
|
static int
|
||||||
make_certfp(gnutls_x509_crt_t cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
|
make_certfp(gnutls_x509_crt_t cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
|
||||||
{
|
{
|
||||||
gnutls_digest_algorithm_t algo;
|
gnutls_digest_algorithm_t algo;
|
||||||
uint8_t digest[RB_SSL_CERTFP_LEN * 2];
|
uint8_t digest[RB_SSL_CERTFP_LEN * 2];
|
||||||
size_t digest_size;
|
size_t digest_size;
|
||||||
bool spki = false;
|
bool spki = false;
|
||||||
unsigned int len;
|
int len;
|
||||||
|
|
||||||
switch(method)
|
switch(method)
|
||||||
{
|
{
|
||||||
|
|
|
@ -544,7 +544,7 @@ make_certfp(const mbedtls_x509_crt *peer_cert, uint8_t certfp[RB_SSL_CERTFP_LEN]
|
||||||
mbedtls_md_type_t md_type;
|
mbedtls_md_type_t md_type;
|
||||||
bool spki = false;
|
bool spki = false;
|
||||||
int ret;
|
int ret;
|
||||||
size_t len;
|
int len;
|
||||||
|
|
||||||
switch (method)
|
switch (method)
|
||||||
{
|
{
|
||||||
|
|
|
@ -710,13 +710,13 @@ rb_get_ssl_strerror(rb_fde_t *F)
|
||||||
return get_ssl_error(F->ssl_errno);
|
return get_ssl_error(F->ssl_errno);
|
||||||
}
|
}
|
||||||
|
|
||||||
static unsigned int
|
static int
|
||||||
make_certfp(X509 *cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
|
make_certfp(X509 *cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
|
||||||
{
|
{
|
||||||
const ASN1_ITEM *it;
|
const ASN1_ITEM *it;
|
||||||
const EVP_MD *evp;
|
const EVP_MD *evp;
|
||||||
void *data;
|
void *data;
|
||||||
unsigned int len;
|
int len;
|
||||||
|
|
||||||
switch(method)
|
switch(method)
|
||||||
{
|
{
|
||||||
|
@ -762,6 +762,7 @@ make_certfp(X509 *cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
|
||||||
int
|
int
|
||||||
rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
|
rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
|
||||||
{
|
{
|
||||||
|
int len = 0;
|
||||||
X509 *cert;
|
X509 *cert;
|
||||||
int res;
|
int res;
|
||||||
|
|
||||||
|
@ -769,25 +770,26 @@ rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
cert = SSL_get_peer_certificate((SSL *) F->ssl);
|
cert = SSL_get_peer_certificate((SSL *) F->ssl);
|
||||||
if(cert != NULL)
|
if(cert == NULL)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
res = SSL_get_verify_result((SSL *) F->ssl);
|
||||||
|
switch(res)
|
||||||
{
|
{
|
||||||
res = SSL_get_verify_result((SSL *) F->ssl);
|
case X509_V_OK:
|
||||||
if(
|
case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
|
||||||
res == X509_V_OK ||
|
case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
|
||||||
res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
|
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
|
||||||
res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
|
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
|
||||||
res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
|
case X509_V_ERR_CERT_UNTRUSTED:
|
||||||
res == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ||
|
len = make_certfp(cert, certfp, method);
|
||||||
res == X509_V_ERR_CERT_UNTRUSTED)
|
|
||||||
{
|
default: /* to silence code inspectors */
|
||||||
unsigned int len = make_certfp(cert, certfp, method);
|
break;
|
||||||
X509_free(cert);
|
|
||||||
return len;
|
|
||||||
}
|
|
||||||
X509_free(cert);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
X509_free(cert);
|
||||||
|
return len;
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
|
|
Loading…
Reference in a new issue