[TLS backends] Miscellaneous fixes

* Certificate fingerprint length functions return an "int", so use an
  int when calculating the length
* Clean up the OpenSSL certificate fingerprint if() and indentation mess
This commit is contained in:
Aaron Jones 2016-04-27 21:43:54 +00:00
parent d6acb43769
commit e3760ba710
No known key found for this signature in database
GPG key ID: 6E854C0FAAD4CEA4
3 changed files with 23 additions and 21 deletions

View file

@ -602,14 +602,14 @@ rb_get_ssl_strerror(rb_fde_t *F)
return gnutls_strerror(F->ssl_errno); return gnutls_strerror(F->ssl_errno);
} }
static unsigned int static int
make_certfp(gnutls_x509_crt_t cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method) make_certfp(gnutls_x509_crt_t cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
{ {
gnutls_digest_algorithm_t algo; gnutls_digest_algorithm_t algo;
uint8_t digest[RB_SSL_CERTFP_LEN * 2]; uint8_t digest[RB_SSL_CERTFP_LEN * 2];
size_t digest_size; size_t digest_size;
bool spki = false; bool spki = false;
unsigned int len; int len;
switch(method) switch(method)
{ {

View file

@ -544,7 +544,7 @@ make_certfp(const mbedtls_x509_crt *peer_cert, uint8_t certfp[RB_SSL_CERTFP_LEN]
mbedtls_md_type_t md_type; mbedtls_md_type_t md_type;
bool spki = false; bool spki = false;
int ret; int ret;
size_t len; int len;
switch (method) switch (method)
{ {

View file

@ -710,13 +710,13 @@ rb_get_ssl_strerror(rb_fde_t *F)
return get_ssl_error(F->ssl_errno); return get_ssl_error(F->ssl_errno);
} }
static unsigned int static int
make_certfp(X509 *cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method) make_certfp(X509 *cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
{ {
const ASN1_ITEM *it; const ASN1_ITEM *it;
const EVP_MD *evp; const EVP_MD *evp;
void *data; void *data;
unsigned int len; int len;
switch(method) switch(method)
{ {
@ -762,6 +762,7 @@ make_certfp(X509 *cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
int int
rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method) rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
{ {
int len = 0;
X509 *cert; X509 *cert;
int res; int res;
@ -769,25 +770,26 @@ rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
return 0; return 0;
cert = SSL_get_peer_certificate((SSL *) F->ssl); cert = SSL_get_peer_certificate((SSL *) F->ssl);
if(cert != NULL) if(cert == NULL)
return 0;
res = SSL_get_verify_result((SSL *) F->ssl);
switch(res)
{ {
res = SSL_get_verify_result((SSL *) F->ssl); case X509_V_OK:
if( case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
res == X509_V_OK || case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN || case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE || case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT || case X509_V_ERR_CERT_UNTRUSTED:
res == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY || len = make_certfp(cert, certfp, method);
res == X509_V_ERR_CERT_UNTRUSTED)
{ default: /* to silence code inspectors */
unsigned int len = make_certfp(cert, certfp, method); break;
X509_free(cert);
return len;
}
X509_free(cert);
} }
return 0; X509_free(cert);
return len;
} }
int int