diff options
author | Joe Orton <notroj@users.noreply.github.com> | 2008-02-06 11:12:09 +0000 |
---|---|---|
committer | Joe Orton <notroj@users.noreply.github.com> | 2008-02-06 11:12:09 +0000 |
commit | 394cbc135fcfc7b4dc7edf117b1756eebce6f89b (patch) | |
tree | 66940d63e45c406ddc48c05d74c25cc02b807912 /src/ne_gnutls.c | |
parent | 31d2d1a35bbe9d795140bc01f547d73144a18639 (diff) | |
download | neon-git-394cbc135fcfc7b4dc7edf117b1756eebce6f89b.tar.gz |
Revert diff r1320:r1314.
Diffstat (limited to 'src/ne_gnutls.c')
-rw-r--r-- | src/ne_gnutls.c | 55 |
1 files changed, 10 insertions, 45 deletions
diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c index 924f635..c807ff7 100644 --- a/src/ne_gnutls.c +++ b/src/ne_gnutls.c @@ -1,6 +1,6 @@ /* neon SSL/TLS support using GNU TLS - Copyright (C) 2002-2008, Joe Orton <joe@manyfish.co.uk> + Copyright (C) 2002-2007, Joe Orton <joe@manyfish.co.uk> Copyright (C) 2004, Aleix Conchillo Flaque <aleix@member.fsf.org> This library is free software; you can redistribute it and/or @@ -69,7 +69,6 @@ struct ne_ssl_certificate_s { struct ne_ssl_client_cert_s { gnutls_pkcs12 p12; int decrypted; /* non-zero if successfully decrypted. */ - int keyless; ne_ssl_certificate cert; gnutls_x509_privkey pkey; char *friendly_name; @@ -503,18 +502,13 @@ static ne_ssl_client_cert *dup_client_cert(const ne_ssl_client_cert *cc) ne_ssl_client_cert *newcc = ne_calloc(sizeof *newcc); newcc->decrypted = 1; - - if (cc->keyless) { - newcc->keyless = 1; - } - else { - ret = gnutls_x509_privkey_init(&newcc->pkey); - if (ret != 0) goto dup_error; - - ret = gnutls_x509_privkey_cpy(newcc->pkey, cc->pkey); - if (ret != 0) goto dup_error; - } + ret = gnutls_x509_privkey_init(&newcc->pkey); + if (ret != 0) goto dup_error; + + ret = gnutls_x509_privkey_cpy(newcc->pkey, cc->pkey); + if (ret != 0) goto dup_error; + newcc->cert.subject = x509_crt_copy(cc->cert.subject); if (!newcc->cert.subject) goto dup_error; @@ -820,8 +814,7 @@ static int read_to_datum(const char *filename, gnutls_datum *datum) /* Parses a PKCS#12 structure and loads the certificate, private key * and friendly name if possible. Returns zero on success, non-zero - * on error. pkey may be NULL, in which case any contained private key - * is ignored. */ + * on error. */ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, gnutls_x509_crt *x5, char **friendly_name, const char *password) @@ -857,8 +850,6 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, switch (type) { case GNUTLS_BAG_PKCS8_KEY: case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: - if (!pkey) continue; - gnutls_x509_privkey_init(pkey); ret = gnutls_pkcs12_bag_get_data(bag, j, &data); @@ -900,7 +891,7 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey, return ret; } -static ne_ssl_client_cert *read_client_cert(const char *filename, int key_required) +ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) { int ret; gnutls_datum data; @@ -925,15 +916,7 @@ static ne_ssl_client_cert *read_client_cert(const char *filename, int key_requir } if (gnutls_pkcs12_verify_mac(p12, "") == 0) { - if (pkcs12_parse(p12, key_required ? &pkey : NULL, &cert, - &friendly_name, "") != 0) { - gnutls_pkcs12_deinit(p12); - return NULL; - } - - if (!cert || (!pkey && key_required)) { - if (cert) gnutls_x509_crt_deinit(cert); - if (pkey) gnutls_x509_privkey_deinit(pkey); + if (pkcs12_parse(p12, &pkey, &cert, &friendly_name, "") != 0) { gnutls_pkcs12_deinit(p12); return NULL; } @@ -941,7 +924,6 @@ static ne_ssl_client_cert *read_client_cert(const char *filename, int key_requir cc = ne_calloc(sizeof *cc); cc->pkey = pkey; cc->decrypted = 1; - cc->keyless = !key_required; cc->friendly_name = friendly_name; populate_cert(&cc->cert, cert); gnutls_pkcs12_deinit(p12); @@ -952,21 +934,10 @@ static ne_ssl_client_cert *read_client_cert(const char *filename, int key_requir * seems to break horribly. */ cc = ne_calloc(sizeof *cc); cc->p12 = p12; - cc->keyless = !key_required; return cc; } } -ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename) -{ - return read_client_cert(filename, 1); -} - -ne_ssl_client_cert *ne_ssl_clicert_exkey_read(const char *filename) -{ - return read_client_cert(filename, 0); -} - int ne_ssl_clicert_encrypted(const ne_ssl_client_cert *cc) { return !cc->decrypted; @@ -985,12 +956,6 @@ int ne_ssl_clicert_decrypt(ne_ssl_client_cert *cc, const char *password) ret = pkcs12_parse(cc->p12, &pkey, &cert, NULL, password); if (ret < 0) return ret; - - if (!cert || (!pkey && !cc->keyless)) { - if (cert) gnutls_x509_crt_deinit(cert); - if (pkey) gnutls_x509_privkey_deinit(pkey); - return -1; - } gnutls_pkcs12_deinit(cc->p12); populate_cert(&cc->cert, cert); |