From 31265376bcc0cf39c5f6e59b89e1a86775afe0f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ga=C3=ABl=20PORTAY?= <gael.portay@gmail.com>
Date: Tue, 18 Mar 2014 19:18:23 +0100
Subject: polarssl: drop use of 1.2 compatibility header.

API has changed since version 1.3. A compatibility header has been created
to ensure forward compatibility for code using old API:
 * x509 certificate structure has been renamed to from x509_cert to
   x509_crt
 * new dedicated setter for RSA certificates ssl_set_own_cert_rsa,
   ssl_set_own_cert is for generic keys
 * ssl_default_ciphersuites has been replaced by function
   ssl_list_ciphersuites()

This patch drops the use of the compatibly header.
---
 lib/vtls/polarssl.c | 49 ++++++++++++++++++++++---------------------------
 1 file changed, 22 insertions(+), 27 deletions(-)

(limited to 'lib/vtls/polarssl.c')

diff --git a/lib/vtls/polarssl.c b/lib/vtls/polarssl.c
index 3e1216365..aeef65def 100644
--- a/lib/vtls/polarssl.c
+++ b/lib/vtls/polarssl.c
@@ -31,7 +31,6 @@
 
 #ifdef USE_POLARSSL
 
-#include <polarssl/compat-1.2.h>
 #include <polarssl/net.h>
 #include <polarssl/ssl.h>
 #include <polarssl/certs.h>
@@ -184,8 +183,8 @@ polarssl_connect_step1(struct connectdata *conn,
   memset(&connssl->cacert, 0, sizeof(x509_crt));
 
   if(data->set.str[STRING_SSL_CAFILE]) {
-    ret = x509parse_crtfile(&connssl->cacert,
-                            data->set.str[STRING_SSL_CAFILE]);
+    ret = x509_crt_parse_file(&connssl->cacert,
+                              data->set.str[STRING_SSL_CAFILE]);
 
     if(ret<0) {
 #ifdef POLARSSL_ERROR_C
@@ -203,8 +202,8 @@ polarssl_connect_step1(struct connectdata *conn,
   memset(&connssl->clicert, 0, sizeof(x509_crt));
 
   if(data->set.str[STRING_CERT]) {
-    ret = x509parse_crtfile(&connssl->clicert,
-                            data->set.str[STRING_CERT]);
+    ret = x509_crt_parse_file(&connssl->clicert,
+                              data->set.str[STRING_CERT]);
 
     if(ret) {
 #ifdef POLARSSL_ERROR_C
@@ -219,9 +218,17 @@ polarssl_connect_step1(struct connectdata *conn,
 
   /* Load the client private key */
   if(data->set.str[STRING_KEY]) {
-    ret = x509parse_keyfile(&connssl->rsa,
-                            data->set.str[STRING_KEY],
-                            data->set.str[STRING_KEY_PASSWD]);
+    pk_context pk;
+    pk_init(&pk);
+    ret = pk_parse_keyfile(&pk, data->set.str[STRING_KEY],
+                           data->set.str[STRING_KEY_PASSWD]);
+    if(ret == 0 && !pk_can_do(&pk, POLARSSL_PK_RSA))
+      ret = POLARSSL_ERR_PK_TYPE_MISMATCH;
+    if(ret == 0)
+      rsa_copy(&connssl->rsa, pk_rsa(pk));
+    else
+      rsa_free(&connssl->rsa);
+    pk_free(&pk);
 
     if(ret) {
 #ifdef POLARSSL_ERROR_C
@@ -238,8 +245,8 @@ polarssl_connect_step1(struct connectdata *conn,
   memset(&connssl->crl, 0, sizeof(x509_crl));
 
   if(data->set.str[STRING_SSL_CRLFILE]) {
-    ret = x509parse_crlfile(&connssl->crl,
-                            data->set.str[STRING_SSL_CRLFILE]);
+    ret = x509_crl_parse_file(&connssl->crl,
+                              data->set.str[STRING_SSL_CRLFILE]);
 
     if(ret) {
 #ifdef POLARSSL_ERROR_C
@@ -274,12 +281,7 @@ polarssl_connect_step1(struct connectdata *conn,
               net_recv, &conn->sock[sockindex],
               net_send, &conn->sock[sockindex]);
 
-
-#if POLARSSL_VERSION_NUMBER<0x01000000
-  ssl_set_ciphers(&connssl->ssl, ssl_default_ciphers);
-#else
-  ssl_set_ciphersuites(&connssl->ssl, ssl_default_ciphersuites);
-#endif
+  ssl_set_ciphersuites(&connssl->ssl, ssl_list_ciphersuites());
   if(!Curl_ssl_getsessionid(conn, &old_session, &old_session_size)) {
     memcpy(&connssl->ssn, old_session, old_session_size);
     infof(data, "PolarSSL re-using session\n");
@@ -404,15 +406,8 @@ polarssl_connect_step2(struct connectdata *conn,
     /* If the session was resumed, there will be no peer certs */
     memset(buffer, 0, sizeof(buffer));
 
-/* PolarSSL SVN revision r1316 to r1317, matching <1.2.0 is to cover Ubuntu's
-   1.1.4 version and the like */
-#if POLARSSL_VERSION_NUMBER<0x01020000
-    if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ",
-                           conn->ssl[sockindex].ssl.peer_cert) != -1)
-#else
-    if(x509parse_cert_info(buffer, sizeof(buffer), (char *)"* ",
-                           ssl_get_peer_cert(&(connssl->ssl))) != -1)
-#endif
+    if(x509_crt_info(buffer, sizeof(buffer), (char *)"* ",
+                     ssl_get_peer_cert(&(connssl->ssl))) != -1)
       infof(data, "Dumping cert info:\n%s\n", buffer);
   }
 
@@ -497,8 +492,8 @@ void Curl_polarssl_close_all(struct SessionHandle *data)
 void Curl_polarssl_close(struct connectdata *conn, int sockindex)
 {
   rsa_free(&conn->ssl[sockindex].rsa);
-  x509_free(&conn->ssl[sockindex].clicert);
-  x509_free(&conn->ssl[sockindex].cacert);
+  x509_crt_free(&conn->ssl[sockindex].clicert);
+  x509_crt_free(&conn->ssl[sockindex].cacert);
   x509_crl_free(&conn->ssl[sockindex].crl);
   ssl_free(&conn->ssl[sockindex].ssl);
 }
-- 
cgit v1.2.3