diff options
| author | Gaƫl PORTAY <gael.portay@gmail.com> | 2014-03-18 19:18:23 +0100 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2014-03-18 21:01:11 +0100 |
| commit | 31265376bcc0cf39c5f6e59b89e1a86775afe0f7 (patch) | |
| tree | 25bb65b730bebb1991350f54f2be11140d8b2c0b /lib/vtls/polarssl.c | |
| parent | 7a1fb8e816881d0091fe3d8c8d192a533bb5ec82 (diff) | |
polarssl: drop use of 1.2 compatibility header.
API has changed since version 1.3. A compatibility header has been created
to ensure forward compatibility for code using old API:
* x509 certificate structure has been renamed to from x509_cert to
x509_crt
* new dedicated setter for RSA certificates ssl_set_own_cert_rsa,
ssl_set_own_cert is for generic keys
* ssl_default_ciphersuites has been replaced by function
ssl_list_ciphersuites()
This patch drops the use of the compatibly header.
Diffstat (limited to 'lib/vtls/polarssl.c')
| -rw-r--r-- | lib/vtls/polarssl.c | 49 |
1 files changed, 22 insertions, 27 deletions
diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c index 3e1216365..aeef65def 100644 --- a/lib/vtls/polarssl.c +++ b/lib/vtls/polarssl.c @@ -31,7 +31,6 @@ #ifdef USE_POLARSSL -#include <polarssl/compat-1.2.h> #include <polarssl/net.h> #include <polarssl/ssl.h> #include <polarssl/certs.h> @@ -184,8 +183,8 @@ polarssl_connect_step1(struct connectdata *conn, memset(&connssl->cacert, 0, sizeof(x509_crt)); if(data->set.str[STRING_SSL_CAFILE]) { - ret = x509parse_crtfile(&connssl->cacert, - data->set.str[STRING_SSL_CAFILE]); + ret = x509_crt_parse_file(&connssl->cacert, + data->set.str[STRING_SSL_CAFILE]); if(ret<0) { #ifdef POLARSSL_ERROR_C @@ -203,8 +202,8 @@ polarssl_connect_step1(struct connectdata *conn, memset(&connssl->clicert, 0, sizeof(x509_crt)); if(data->set.str[STRING_CERT]) { - ret = x509parse_crtfile(&connssl->clicert, - data->set.str[STRING_CERT]); + ret = x509_crt_parse_file(&connssl->clicert, + data->set.str[STRING_CERT]); if(ret) { #ifdef POLARSSL_ERROR_C @@ -219,9 +218,17 @@ polarssl_connect_step1(struct connectdata *conn, /* Load the client private key */ if(data->set.str[STRING_KEY]) { - ret = x509parse_keyfile(&connssl->rsa, - data->set.str[STRING_KEY], - data->set.str[STRING_KEY_PASSWD]); + pk_context pk; + pk_init(&pk); + ret = pk_parse_keyfile(&pk, data->set.str[STRING_KEY], + data->set.str[STRING_KEY_PASSWD]); + if(ret == 0 && !pk_can_do(&pk, POLARSSL_PK_RSA)) + ret = POLARSSL_ERR_PK_TYPE_MISMATCH; + if(ret == 0) + rsa_copy(&connssl->rsa, pk_rsa(pk)); + else + rsa_free(&connssl->rsa); + pk_free(&pk); if(ret) { #ifdef POLARSSL_ERROR_C @@ -238,8 +245,8 @@ polarssl_connect_step1(struct connectdata *conn, memset(&connssl->crl, 0, sizeof(x509_crl)); if(data->set.str[STRING_SSL_CRLFILE]) { - ret = x509parse_crlfile(&connssl->crl, - data->set.str[STRING_SSL_CRLFILE]); + ret = x509_crl_parse_file(&connssl->crl, + data->set.str[STRING_SSL_CRLFILE]); if(ret) { #ifdef POLARSSL_ERROR_C @@ -274,12 +281,7 @@ polarssl_connect_step1(struct connectdata *conn, net_recv, &conn->sock[sockindex], net_send, &conn->sock[sockindex]); - -#if POLARSSL_VERSION_NUMBER<0x01000000 - ssl_set_ciphers(&connssl->ssl, ssl_default_ciphers); -#else - ssl_set_ciphersuites(&connssl->ssl, ssl_default_ciphersuites); -#endif + ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites()); if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) { memcpy(&connssl->ssn, old_session, old_session_size); infof(data, "PolarSSL re-using session\n"); @@ -404,15 +406,8 @@ polarssl_connect_step2(struct connectdata *conn, /* If the session was resumed, there will be no peer certs */ memset(buffer, 0, sizeof(buffer)); -/* PolarSSL SVN revision r1316 to r1317, matching <1.2.0 is to cover Ubuntu's - 1.1.4 version and the like */ -#if POLARSSL_VERSION_NUMBER<0x01020000 - if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ", - conn->ssl[sockindex].ssl.peer_cert) != -1) -#else - if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ", - ssl_get_peer_cert(&(connssl->ssl))) != -1) -#endif + if(x509_crt_info(buffer, sizeof(buffer), (char *)"* ", + ssl_get_peer_cert(&(connssl->ssl))) != -1) infof(data, "Dumping cert info:\n%s\n", buffer); } @@ -497,8 +492,8 @@ void Curl_polarssl_close_all(struct SessionHandle *data) void Curl_polarssl_close(struct connectdata *conn, int sockindex) { rsa_free(&conn->ssl[sockindex].rsa); - x509_free(&conn->ssl[sockindex].clicert); - x509_free(&conn->ssl[sockindex].cacert); + x509_crt_free(&conn->ssl[sockindex].clicert); + x509_crt_free(&conn->ssl[sockindex].cacert); x509_crl_free(&conn->ssl[sockindex].crl); ssl_free(&conn->ssl[sockindex].ssl); } |