diff options
author | Johannes Schindelin <johannes.schindelin@gmx.de> | 2017-06-23 01:04:56 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2017-08-28 14:56:56 +0200 |
commit | 0a083a66bcae51a485d45ba416eac1d1fbe4ca15 (patch) | |
tree | 4c8eca6382c89812045f2475a35b5c26ec97df54 /lib/vtls/vtls.c | |
parent | e35205a0c4f8d80dc9e878049a0fb0eb18f61dbf (diff) |
vtls: move sha256sum into the Curl_ssl struct
The SHA-256 checksumming is also an SSL backend-specific function.
Let's include it in the struct declaring the functionality of SSL
backends.
In contrast to MD5, there is no fall-back code. To indicate this, the
respective entries are NULL for those backends that offer no support for
SHA-256 checksumming.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 'lib/vtls/vtls.c')
-rw-r--r-- | lib/vtls/vtls.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 88ee1a759..86bb46c2a 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -791,12 +791,10 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, size_t size, pem_len; CURLcode pem_read; CURLcode result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; -#ifdef curlssl_sha256sum CURLcode encode; size_t encodedlen, pinkeylen; char *encoded, *pinkeycopy, *begin_pos, *end_pos; unsigned char *sha256sumdigest = NULL; -#endif /* if a path wasn't specified, don't pin */ if(!pinnedpubkey) @@ -806,13 +804,17 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, /* only do this if pinnedpubkey starts with "sha256//", length 8 */ if(strncmp(pinnedpubkey, "sha256//", 8) == 0) { -#ifdef curlssl_sha256sum + if(!Curl_ssl->sha256sum) { + /* without sha256 support, this cannot match */ + return result; + } + /* compute sha256sum of public key */ sha256sumdigest = malloc(SHA256_DIGEST_LENGTH); if(!sha256sumdigest) return CURLE_OUT_OF_MEMORY; - curlssl_sha256sum(pubkey, pubkeylen, - sha256sumdigest, SHA256_DIGEST_LENGTH); + Curl_ssl->sha256sum(pubkey, pubkeylen, + sha256sumdigest, SHA256_DIGEST_LENGTH); encode = Curl_base64_encode(data, (char *)sha256sumdigest, SHA256_DIGEST_LENGTH, &encoded, &encodedlen); Curl_safefree(sha256sumdigest); @@ -859,10 +861,6 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, } while(end_pos && begin_pos); Curl_safefree(encoded); Curl_safefree(pinkeycopy); -#else - /* without sha256 support, this cannot match */ - (void)data; -#endif return result; } |