Revert diff r1320:r1314.

author: Joe Orton <notroj@users.noreply.github.com> 2008-02-06 11:12:09 +0000
committer: Joe Orton <notroj@users.noreply.github.com> 2008-02-06 11:12:09 +0000
commit: 394cbc135fcfc7b4dc7edf117b1756eebce6f89b (patch)
tree: 66940d63e45c406ddc48c05d74c25cc02b807912 /src/ne_gnutls.c
parent: 31d2d1a35bbe9d795140bc01f547d73144a18639 (diff)
download: neon-git-394cbc135fcfc7b4dc7edf117b1756eebce6f89b.tar.gz
1 files changed, 10 insertions, 45 deletions
diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c
index 924f635..c807ff7 100644
--- a/src/ne_gnutls.c
+++ b/src/ne_gnutls.c
@@ -1,6 +1,6 @@
 /*
    neon SSL/TLS support using GNU TLS
-   Copyright (C) 2002-2008, Joe Orton <joe@manyfish.co.uk>
+   Copyright (C) 2002-2007, Joe Orton <joe@manyfish.co.uk>
    Copyright (C) 2004, Aleix Conchillo Flaque <aleix@member.fsf.org>
 
    This library is free software; you can redistribute it and/or
@@ -69,7 +69,6 @@ struct ne_ssl_certificate_s {
 struct ne_ssl_client_cert_s {
     gnutls_pkcs12 p12;
     int decrypted; /* non-zero if successfully decrypted. */
-    int keyless;
     ne_ssl_certificate cert;
     gnutls_x509_privkey pkey;
     char *friendly_name;
@@ -503,18 +502,13 @@ static ne_ssl_client_cert *dup_client_cert(const ne_ssl_client_cert *cc)
     ne_ssl_client_cert *newcc = ne_calloc(sizeof *newcc);
 
     newcc->decrypted = 1;
-    
-    if (cc->keyless) {
-        newcc->keyless = 1;
-    }
-    else {
-        ret = gnutls_x509_privkey_init(&newcc->pkey);
-        if (ret != 0) goto dup_error;
-        
-        ret = gnutls_x509_privkey_cpy(newcc->pkey, cc->pkey);
-        if (ret != 0) goto dup_error;
-    }    
 
+    ret = gnutls_x509_privkey_init(&newcc->pkey);
+    if (ret != 0) goto dup_error;
+
+    ret = gnutls_x509_privkey_cpy(newcc->pkey, cc->pkey);
+    if (ret != 0) goto dup_error;
+    
     newcc->cert.subject = x509_crt_copy(cc->cert.subject);
     if (!newcc->cert.subject) goto dup_error;
 
@@ -820,8 +814,7 @@ static int read_to_datum(const char *filename, gnutls_datum *datum)
 
 /* Parses a PKCS#12 structure and loads the certificate, private key
  * and friendly name if possible.  Returns zero on success, non-zero
- * on error. pkey may be NULL, in which case any contained private key
- * is ignored. */
+ * on error. */
 static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey,
                         gnutls_x509_crt *x5, char **friendly_name,
                         const char *password)
@@ -857,8 +850,6 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey,
             switch (type) {
             case GNUTLS_BAG_PKCS8_KEY:
             case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
-                if (!pkey) continue;
-
                 gnutls_x509_privkey_init(pkey);
 
                 ret = gnutls_pkcs12_bag_get_data(bag, j, &data);
@@ -900,7 +891,7 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey,
     return ret;
 }
 
-static ne_ssl_client_cert *read_client_cert(const char *filename, int key_required)
+ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename)
 {
     int ret;
     gnutls_datum data;
@@ -925,15 +916,7 @@ static ne_ssl_client_cert *read_client_cert(const char *filename, int key_requir
     }
 
     if (gnutls_pkcs12_verify_mac(p12, "") == 0) {
-        if (pkcs12_parse(p12, key_required ? &pkey : NULL, &cert, 
-                         &friendly_name, "") != 0) {
-            gnutls_pkcs12_deinit(p12);
-            return NULL;
-        }
-
-        if (!cert || (!pkey && key_required)) {
-            if (cert) gnutls_x509_crt_deinit(cert);
-            if (pkey) gnutls_x509_privkey_deinit(pkey);
+        if (pkcs12_parse(p12, &pkey, &cert, &friendly_name, "") != 0) {
             gnutls_pkcs12_deinit(p12);
             return NULL;
         }
@@ -941,7 +924,6 @@ static ne_ssl_client_cert *read_client_cert(const char *filename, int key_requir
         cc = ne_calloc(sizeof *cc);
         cc->pkey = pkey;
         cc->decrypted = 1;
-        cc->keyless = !key_required;
         cc->friendly_name = friendly_name;
         populate_cert(&cc->cert, cert);
         gnutls_pkcs12_deinit(p12);
@@ -952,21 +934,10 @@ static ne_ssl_client_cert *read_client_cert(const char *filename, int key_requir
          * seems to break horribly.  */
         cc = ne_calloc(sizeof *cc);
         cc->p12 = p12;
-        cc->keyless = !key_required;
         return cc;
     }
 }
 
-ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename)
-{
-    return read_client_cert(filename, 1);
-}
-
-ne_ssl_client_cert *ne_ssl_clicert_exkey_read(const char *filename)
-{
-    return read_client_cert(filename, 0);
-}
-
 int ne_ssl_clicert_encrypted(const ne_ssl_client_cert *cc)
 {
     return !cc->decrypted;
@@ -985,12 +956,6 @@ int ne_ssl_clicert_decrypt(ne_ssl_client_cert *cc, const char *password)
     ret = pkcs12_parse(cc->p12, &pkey, &cert, NULL, password);
     if (ret < 0)
         return ret;
-    
-    if (!cert || (!pkey && !cc->keyless)) {
-        if (cert) gnutls_x509_crt_deinit(cert);
-        if (pkey) gnutls_x509_privkey_deinit(pkey);
-        return -1;
-    }
 
     gnutls_pkcs12_deinit(cc->p12);
     populate_cert(&cc->cert, cert);
author	Joe Orton <notroj@users.noreply.github.com>	2008-02-06 11:12:09 +0000
committer	Joe Orton <notroj@users.noreply.github.com>	2008-02-06 11:12:09 +0000
commit	394cbc135fcfc7b4dc7edf117b1756eebce6f89b (patch)
tree	66940d63e45c406ddc48c05d74c25cc02b807912 /src/ne_gnutls.c
parent	31d2d1a35bbe9d795140bc01f547d73144a18639 (diff)
download	neon-git-394cbc135fcfc7b4dc7edf117b1756eebce6f89b.tar.gz