cert_stuff: remove code duplication in the pkcs12 logic

author: Daniel Stenberg <daniel@haxx.se> 2013-06-10 16:10:44 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2013-06-10 23:04:01 +0200
commit: ce362e8eb9c6fe8600058c7b88f40a83b0af1794 (patch)
tree: 3ef52917348b0d586e6c6cf3403d7b5d7b0c4910
parent: a4decb49a6942dd5c958c08aabb107ad47785574 (diff)
1 files changed, 12 insertions, 24 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c
index 36c38042a..e9ae45ae0 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -435,7 +435,7 @@ int cert_stuff(struct connectdata *conn,
       PKCS12_PBE_add();
 
       if(!PKCS12_parse(p12, data->set.str[STRING_KEY_PASSWD], &pri, &x509,
-                        &ca)) {
+                       &ca)) {
         failf(data,
               "could not parse PKCS12 file, check password, OpenSSL error %s",
               ERR_error_string(ERR_get_error(), NULL) );
@@ -447,54 +447,42 @@ int cert_stuff(struct connectdata *conn,
 
       if(SSL_CTX_use_certificate(ctx, x509) != 1) {
         failf(data, SSL_CLIENT_CERT_ERR);
-        EVP_PKEY_free(pri);
-        X509_free(x509);
-        sk_X509_pop_free(ca, X509_free);
-        return 0;
+        goto fail;
       }
 
       if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) {
         failf(data, "unable to use private key from PKCS12 file '%s'",
               cert_file);
-        EVP_PKEY_free(pri);
-        X509_free(x509);
-        sk_X509_pop_free(ca, X509_free);
-        return 0;
+        goto fail;
       }
 
       if(!SSL_CTX_check_private_key (ctx)) {
         failf(data, "private key from PKCS12 file '%s' "
               "does not match certificate in same file", cert_file);
-        EVP_PKEY_free(pri);
-        X509_free(x509);
-        sk_X509_pop_free(ca, X509_free);
-        return 0;
+        goto fail;
       }
       /* Set Certificate Verification chain */
       if(ca && sk_X509_num(ca)) {
         for(i = 0; i < sk_X509_num(ca); i++) {
-          if(!SSL_CTX_add_extra_chain_cert(ctx,sk_X509_value(ca, i))) {
+          if(!SSL_CTX_add_extra_chain_cert(ctx, sk_X509_value(ca, i))) {
             failf(data, "cannot add certificate to certificate chain");
-            EVP_PKEY_free(pri);
-            X509_free(x509);
-            sk_X509_pop_free(ca, X509_free);
-            return 0;
+            goto fail;
           }
           if(!SSL_CTX_add_client_CA(ctx, sk_X509_value(ca, i))) {
             failf(data, "cannot add certificate to client CA list");
-            EVP_PKEY_free(pri);
-            X509_free(x509);
-            sk_X509_pop_free(ca, X509_free);
-            return 0;
+            goto fail;
           }
         }
       }
 
+      cert_done = 1;
+  fail:
       EVP_PKEY_free(pri);
       X509_free(x509);
       sk_X509_pop_free(ca, X509_free);
-      cert_done = 1;
-      break;
+
+      if(!cert_done)
+        return 0; /* failure! */
 #else
       failf(data, "file type P12 for certificate not supported");
       return 0;
author	Daniel Stenberg <daniel@haxx.se>	2013-06-10 16:10:44 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2013-06-10 23:04:01 +0200
commit	ce362e8eb9c6fe8600058c7b88f40a83b0af1794 (patch)
tree	3ef52917348b0d586e6c6cf3403d7b5d7b0c4910
parent	a4decb49a6942dd5c958c08aabb107ad47785574 (diff)