1 files changed, 110 insertions, 108 deletions

diff --git a/lib/ssluse.c b/lib/ssluse.c
index 9def3e805..789175735 100644
--- a/lib/ssluse.c
+++ b/lib/ssluse.c
@@ -64,6 +64,7 @@ static int passwd_callback(char *buf, int num, int verify
 
 static
 int cert_stuff(struct UrlData *data, 
+               struct connectdata *conn,
                char *cert_file,
                char *key_file)
 {
@@ -78,10 +79,10 @@ int cert_stuff(struct UrlData *data,
        */
       strcpy(global_passwd, data->cert_passwd);
       /* Set passwd callback: */
-      SSL_CTX_set_default_passwd_cb(data->ssl.ctx, passwd_callback);
+      SSL_CTX_set_default_passwd_cb(conn->ssl.ctx, passwd_callback);
     }
 
-    if (SSL_CTX_use_certificate_file(data->ssl.ctx,
+    if (SSL_CTX_use_certificate_file(conn->ssl.ctx,
 				     cert_file,
 				     SSL_FILETYPE_PEM) <= 0) {
       failf(data, "unable to set certificate file (wrong password?)\n");
@@ -90,14 +91,14 @@ int cert_stuff(struct UrlData *data,
     if (key_file == NULL)
       key_file=cert_file;
 
-    if (SSL_CTX_use_PrivateKey_file(data->ssl.ctx,
+    if (SSL_CTX_use_PrivateKey_file(conn->ssl.ctx,
 				    key_file,
 				    SSL_FILETYPE_PEM) <= 0) {
       failf(data, "unable to set public key file\n");
       return(0);
     }
     
-    ssl=SSL_new(data->ssl.ctx);
+    ssl=SSL_new(conn->ssl.ctx);
     x509=SSL_get_certificate(ssl);
     
     if (x509 != NULL)
@@ -111,7 +112,7 @@ int cert_stuff(struct UrlData *data,
     
     /* Now we know that a key and cert have been set against
      * the SSL context */
-    if (!SSL_CTX_check_private_key(data->ssl.ctx)) {
+    if (!SSL_CTX_check_private_key(conn->ssl.ctx)) {
       failf(data, "Private key does not match the certificate public key\n");
       return(0);
     }
@@ -141,22 +142,23 @@ int cert_verify_callback(int ok, X509_STORE_CTX *ctx)
 
 /* ====================================================== */
 int
-Curl_SSLConnect (struct UrlData *data)
+Curl_SSLConnect(struct connectdata *conn)
 {
 #ifdef USE_SSLEAY
-    int err;
-    char * str;
-    SSL_METHOD *req_method;
+  struct UrlData *data = conn->data;
+  int err;
+  char * str;
+  SSL_METHOD *req_method;
 
-    /* mark this is being ssl enabled from here on out. */
-    data->ssl.use = TRUE;
+  /* mark this is being ssl enabled from here on out. */
+  conn->ssl.use = TRUE;
 
-    /* Lets get nice error messages */
-    SSL_load_error_strings();
+  /* Lets get nice error messages */
+  SSL_load_error_strings();
 
 #ifdef HAVE_RAND_STATUS
-    /* RAND_status() was introduced in OpenSSL 0.9.5 */
-    if(0 == RAND_status())
+  /* RAND_status() was introduced in OpenSSL 0.9.5 */
+  if(0 == RAND_status())
 #endif
     {
       /* We need to seed the PRNG properly! */
@@ -177,116 +179,116 @@ Curl_SSLConnect (struct UrlData *data)
 #endif
     }
     
-    /* Setup all the global SSL stuff */
-    SSLeay_add_ssl_algorithms();
-
-    switch(data->ssl.version) {
-    default:
-      req_method = SSLv23_client_method();
-      break;
-    case 2:
-      req_method = SSLv2_client_method();
-      break;
-    case 3:
-      req_method = SSLv3_client_method();
-      break;
-    }
+  /* Setup all the global SSL stuff */
+  SSLeay_add_ssl_algorithms();
+
+  switch(data->ssl.version) {
+  default:
+    req_method = SSLv23_client_method();
+    break;
+  case 2:
+    req_method = SSLv2_client_method();
+    break;
+  case 3:
+    req_method = SSLv3_client_method();
+    break;
+  }
     
-    data->ssl.ctx = SSL_CTX_new(req_method);
+  conn->ssl.ctx = SSL_CTX_new(req_method);
 
-    if(!data->ssl.ctx) {
-      failf(data, "SSL: couldn't create a context!");
-      return 1;
-    }
+  if(!conn->ssl.ctx) {
+    failf(data, "SSL: couldn't create a context!");
+    return 1;
+  }
     
-    if(data->cert) {
-      if (!cert_stuff(data, data->cert, data->cert)) {
-	failf(data, "couldn't use certificate!\n");
-	return 2;
-      }
+  if(data->cert) {
+    if (!cert_stuff(data, conn, data->cert, data->cert)) {
+      failf(data, "couldn't use certificate!\n");
+      return 2;
     }
+  }
 
-    if(data->ssl.verifypeer){
-      SSL_CTX_set_verify(data->ssl.ctx,
-                         SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
-                         SSL_VERIFY_CLIENT_ONCE,
-                         cert_verify_callback);
-      if (!SSL_CTX_load_verify_locations(data->ssl.ctx,
-                                         data->ssl.CAfile,
-                                         data->ssl.CApath)) {
-        failf(data,"error setting cerficate verify locations\n");
-        return 2;
-      }
+  if(data->ssl.verifypeer){
+    SSL_CTX_set_verify(conn->ssl.ctx,
+                       SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
+                       SSL_VERIFY_CLIENT_ONCE,
+                       cert_verify_callback);
+    if (!SSL_CTX_load_verify_locations(conn->ssl.ctx,
+                                       data->ssl.CAfile,
+                                       data->ssl.CApath)) {
+      failf(data,"error setting cerficate verify locations\n");
+      return 2;
     }
-    else
-      SSL_CTX_set_verify(data->ssl.ctx, SSL_VERIFY_NONE, cert_verify_callback);
+  }
+  else
+    SSL_CTX_set_verify(conn->ssl.ctx, SSL_VERIFY_NONE, cert_verify_callback);
 
 
-    /* Lets make an SSL structure */
-    data->ssl.handle = SSL_new (data->ssl.ctx);
-    SSL_set_connect_state (data->ssl.handle);
+  /* Lets make an SSL structure */
+  conn->ssl.handle = SSL_new (conn->ssl.ctx);
+  SSL_set_connect_state (conn->ssl.handle);
 
-    data->ssl.server_cert = 0x0;
+  conn->ssl.server_cert = 0x0;
 
-    /* pass the raw socket into the SSL layers */
-    SSL_set_fd (data->ssl.handle, data->firstsocket);
-    err = SSL_connect (data->ssl.handle);
+  /* pass the raw socket into the SSL layers */
+  SSL_set_fd (conn->ssl.handle, conn->firstsocket);
+  err = SSL_connect (conn->ssl.handle);
 
-    if (-1 == err) {
-      err = ERR_get_error(); 
-      failf(data, "SSL: %s", ERR_error_string(err, NULL));
-      return 10;
-    }
+  if (-1 == err) {
+    err = ERR_get_error(); 
+    failf(data, "SSL: %s", ERR_error_string(err, NULL));
+    return 10;
+  }
 
-    /* Informational message */
-    infof (data, "SSL connection using %s\n",
-           SSL_get_cipher(data->ssl.handle));
+  /* Informational message */
+  infof (data, "SSL connection using %s\n",
+         SSL_get_cipher(conn->ssl.handle));
   
-    /* Get server's certificate (note: beware of dynamic allocation) - opt */
-    /* major serious hack alert -- we should check certificates
-     * to authenticate the server; otherwise we risk man-in-the-middle
-     * attack
-     */
-
-    data->ssl.server_cert = SSL_get_peer_certificate (data->ssl.handle);
-    if(!data->ssl.server_cert) {
-      failf(data, "SSL: couldn't get peer certificate!");
-      return 3;
-    }
-    infof (data, "Server certificate:\n");
+  /* Get server's certificate (note: beware of dynamic allocation) - opt */
+  /* major serious hack alert -- we should check certificates
+   * to authenticate the server; otherwise we risk man-in-the-middle
+   * attack
+   */
+
+  conn->ssl.server_cert = SSL_get_peer_certificate (conn->ssl.handle);
+  if(!conn->ssl.server_cert) {
+    failf(data, "SSL: couldn't get peer certificate!");
+    return 3;
+  }
+  infof (data, "Server certificate:\n");
   
-    str = X509_NAME_oneline (X509_get_subject_name (data->ssl.server_cert),
-                             NULL, 0);
-    if(!str) {
-      failf(data, "SSL: couldn't get X509-subject!");
-      return 4;
-    }
-    infof(data, "\t subject: %s\n", str);
-    CRYPTO_free(str);
-
-    str = X509_NAME_oneline (X509_get_issuer_name  (data->ssl.server_cert),
-                             NULL, 0);
-    if(!str) {
-      failf(data, "SSL: couldn't get X509-issuer name!");
-      return 5;
-    }
-    infof(data, "\t issuer: %s\n", str);
-    CRYPTO_free(str);
+  str = X509_NAME_oneline (X509_get_subject_name (conn->ssl.server_cert),
+                           NULL, 0);
+  if(!str) {
+    failf(data, "SSL: couldn't get X509-subject!");
+    return 4;
+  }
+  infof(data, "\t subject: %s\n", str);
+  CRYPTO_free(str);
+
+  str = X509_NAME_oneline (X509_get_issuer_name  (conn->ssl.server_cert),
+                           NULL, 0);
+  if(!str) {
+    failf(data, "SSL: couldn't get X509-issuer name!");
+    return 5;
+  }
+  infof(data, "\t issuer: %s\n", str);
+  CRYPTO_free(str);
 
-    /* We could do all sorts of certificate verification stuff here before
-       deallocating the certificate. */
+  /* We could do all sorts of certificate verification stuff here before
+     deallocating the certificate. */
 
-    if(data->ssl.verifypeer) {
-      data->ssl.certverifyresult=SSL_get_verify_result(data->ssl.handle);
-      infof(data, "Verify result: %d\n", data->ssl.certverifyresult);
-    }
-    else
-      data->ssl.certverifyresult=0;
+  if(data->ssl.verifypeer) {
+    data->ssl.certverifyresult=SSL_get_verify_result(conn->ssl.handle);
+    infof(data, "Verify result: %d\n", data->ssl.certverifyresult);
+  }
+  else
+    data->ssl.certverifyresult=0;
 
-    X509_free(data->ssl.server_cert);
+  X509_free(conn->ssl.server_cert);
 #else /* USE_SSLEAY */
-    /* this is for "-ansi -Wall -pedantic" to stop complaining!   (rabe) */
-    (void) data;
+  /* this is for "-ansi -Wall -pedantic" to stop complaining!   (rabe) */
+  (void) data;
 #endif
-    return 0;
+  return 0;
 }