diff options
author | Daniel Stenberg <daniel@haxx.se> | 2013-06-10 16:10:44 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2013-06-10 23:04:01 +0200 |
commit | ce362e8eb9c6fe8600058c7b88f40a83b0af1794 (patch) | |
tree | 3ef52917348b0d586e6c6cf3403d7b5d7b0c4910 /lib | |
parent | a4decb49a6942dd5c958c08aabb107ad47785574 (diff) |
cert_stuff: remove code duplication in the pkcs12 logic
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ssluse.c | 36 |
1 files changed, 12 insertions, 24 deletions
diff --git a/lib/ssluse.c b/lib/ssluse.c index 36c38042a..e9ae45ae0 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -435,7 +435,7 @@ int cert_stuff(struct connectdata *conn, PKCS12_PBE_add(); if(!PKCS12_parse(p12, data->set.str[STRING_KEY_PASSWD], &pri, &x509, - &ca)) { + &ca)) { failf(data, "could not parse PKCS12 file, check password, OpenSSL error %s", ERR_error_string(ERR_get_error(), NULL) ); @@ -447,54 +447,42 @@ int cert_stuff(struct connectdata *conn, if(SSL_CTX_use_certificate(ctx, x509) != 1) { failf(data, SSL_CLIENT_CERT_ERR); - EVP_PKEY_free(pri); - X509_free(x509); - sk_X509_pop_free(ca, X509_free); - return 0; + goto fail; } if(SSL_CTX_use_PrivateKey(ctx, pri) != 1) { failf(data, "unable to use private key from PKCS12 file '%s'", cert_file); - EVP_PKEY_free(pri); - X509_free(x509); - sk_X509_pop_free(ca, X509_free); - return 0; + goto fail; } if(!SSL_CTX_check_private_key (ctx)) { failf(data, "private key from PKCS12 file '%s' " "does not match certificate in same file", cert_file); - EVP_PKEY_free(pri); - X509_free(x509); - sk_X509_pop_free(ca, X509_free); - return 0; + goto fail; } /* Set Certificate Verification chain */ if(ca && sk_X509_num(ca)) { for(i = 0; i < sk_X509_num(ca); i++) { - if(!SSL_CTX_add_extra_chain_cert(ctx,sk_X509_value(ca, i))) { + if(!SSL_CTX_add_extra_chain_cert(ctx, sk_X509_value(ca, i))) { failf(data, "cannot add certificate to certificate chain"); - EVP_PKEY_free(pri); - X509_free(x509); - sk_X509_pop_free(ca, X509_free); - return 0; + goto fail; } if(!SSL_CTX_add_client_CA(ctx, sk_X509_value(ca, i))) { failf(data, "cannot add certificate to client CA list"); - EVP_PKEY_free(pri); - X509_free(x509); - sk_X509_pop_free(ca, X509_free); - return 0; + goto fail; } } } + cert_done = 1; + fail: EVP_PKEY_free(pri); X509_free(x509); sk_X509_pop_free(ca, X509_free); - cert_done = 1; - break; + + if(!cert_done) + return 0; /* failure! */ #else failf(data, "file type P12 for certificate not supported"); return 0; |