From c34742e433401f293957f52a854c071797f51bf8 Mon Sep 17 00:00:00 2001
From: joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845>
Date: Thu, 23 Jun 2011 12:40:30 +0000
Subject: * src/ne_ssl.h (ne_ssl_clicert_import): New function.

* src/ne_openssl.c (parse_client_cert): Factor out from
  ne_ssl_clicert_read.
  (ne_ssl_clicert_read): Reimplement using above.
  (ne_ssl_clicert_import): New function.

* src/ne_gnutls.c (ne_ssl_clicert_import): Factor out from
  ne_ssl_clicert_read.
  (ne_ssl_clicert_import): Reimplement using above.

* test/utils.c (file_to_buffer): Move to here...

* test/compress.c (file2buf): ... from here.
  (do_fetch): Use it.

* test/ssl.c (clicert_import): New test.


git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@1847 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
---
 src/ne_gnutls.c  | 20 +++++++++++++++++---
 src/ne_openssl.c | 40 +++++++++++++++++++++++++++++-----------
 src/ne_ssl.h     |  7 +++++++
 src/neon.vers    |  4 ++++
 4 files changed, 57 insertions(+), 14 deletions(-)

(limited to 'src')

diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c
index eec5655..6fae2fd 100644
--- a/src/ne_gnutls.c
+++ b/src/ne_gnutls.c
@@ -1118,6 +1118,21 @@ static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey,
 }
 
 ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename)
+{
+    gnutls_datum datum;
+    ne_ssl_client_cert *cc;
+
+    if (read_to_datum(filename, &datum))
+        return NULL;
+
+    cc = ne_ssl_clicert_import(datum.data, datum.size);
+
+    ne_free(datum.data);
+
+    return cc;
+}
+
+ne_ssl_client_cert *ne_ssl_clicert_import(const unsigned char *buffer, size_t buflen)
 {
     int ret;
     gnutls_datum data;
@@ -1127,15 +1142,14 @@ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename)
     gnutls_x509_crt cert = NULL;
     gnutls_x509_privkey pkey = NULL;
 
-    if (read_to_datum(filename, &data))
-        return NULL;
+    data.data = buffer;
+    data.size = buflen;
 
     if (gnutls_pkcs12_init(&p12) != 0) {
         return NULL;
     }
 
     ret = gnutls_pkcs12_import(p12, &data, GNUTLS_X509_FMT_DER, 0);
-    ne_free(data.data);
     if (ret < 0) {
         gnutls_pkcs12_deinit(p12);
         return NULL;
diff --git a/src/ne_openssl.c b/src/ne_openssl.c
index 2b20ca0..1abef3e 100644
--- a/src/ne_openssl.c
+++ b/src/ne_openssl.c
@@ -814,22 +814,12 @@ static char *find_friendly_name(PKCS12 *p12)
     return name;
 }
 
-ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename)
+static ne_ssl_client_cert *parse_client_cert(PKCS12 *p12)
 {
-    PKCS12 *p12;
-    FILE *fp;
     X509 *cert;
     EVP_PKEY *pkey;
     ne_ssl_client_cert *cc;
 
-    fp = fopen(filename, "rb");
-    if (fp == NULL)
-        return NULL;
-
-    p12 = d2i_PKCS12_fp(fp, NULL);
-
-    fclose(fp);
-    
     if (p12 == NULL) {
         ERR_clear_error();
         return NULL;
@@ -875,6 +865,34 @@ ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename)
     }
 }
 
+ne_ssl_client_cert *ne_ssl_clicert_import(const unsigned char *buffer, 
+                                          size_t buflen)
+{
+    ne_d2i_uchar *p;
+    PKCS12 *p12;
+
+    p = buffer;
+    p12 = d2i_PKCS12(NULL, &p, buflen);
+    
+    return parse_client_cert(p12);
+}
+    
+ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename)
+{
+    PKCS12 *p12;
+    FILE *fp;
+
+    fp = fopen(filename, "rb");
+    if (fp == NULL)
+        return NULL;
+
+    p12 = d2i_PKCS12_fp(fp, NULL);
+
+    fclose(fp);
+
+    return parse_client_cert(p12);
+}
+
 #ifdef HAVE_PAKCHOIS
 ne_ssl_client_cert *ne__ssl_clicert_exkey_import(const unsigned char *der,
                                                  size_t der_len,
diff --git a/src/ne_ssl.h b/src/ne_ssl.h
index cf9bbf5..f29751f 100644
--- a/src/ne_ssl.h
+++ b/src/ne_ssl.h
@@ -127,6 +127,13 @@ typedef struct ne_ssl_client_cert_s ne_ssl_client_cert;
  * in either the encrypted or decrypted state. */
 ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename);
 
+/* Read a client certificate and private key from 'buffer', of length
+ * 'buflen', returning NULL if the certificate could not be parsed, or
+ * otherwise returning a client certificate object.  The returned
+ * object may be in either the encrypted or decrypted state. */
+ne_ssl_client_cert *ne_ssl_clicert_import(const unsigned char *buffer, 
+                                          size_t buflen);
+
 /* Returns non-zero if client cert is in the encrypted state. */
 int ne_ssl_clicert_encrypted(const ne_ssl_client_cert *ccert);
 
diff --git a/src/neon.vers b/src/neon.vers
index 391cb24..96fe13f 100644
--- a/src/neon.vers
+++ b/src/neon.vers
@@ -13,3 +13,7 @@ NEON_0_29 {
     ne_buffer_qappend;
     ne_strnqdup;
 };
+
+NEON_0_30 {
+    ne_ssl_clicert_import;
+};
-- 
cgit v1.2.1