Check-in [89536252d5]
Overview
Comment:Backed out changes to provide error status when setting -cadir, -cafile, and -castore options. Breaks IO test cases.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | tls-1.8
Files: files | file ages | folders
SHA3-256: 89536252d5e0cbb560b8a7146aa03b75f5480a4b4d9960ee78390fb949f190d6
User & Date: bohagan on 2024-06-29 19:21:30
Other Links: branch diff | manifest | tags
Context
2024-07-01
01:08
Changed to send SSL_shutdown as part of BIO close channel handler rather than Tls_Clean. check-in: 1505883e4a user: bohagan tags: tls-1.8
2024-06-29
19:21
Backed out changes to provide error status when setting -cadir, -cafile, and -castore options. Breaks IO test cases. check-in: 89536252d5 user: bohagan tags: tls-1.8
02:46
Added comments and function preamble comments to BIO and IO files. check-in: 9e79f40ed5 user: bohagan tags: tls-1.8
Changes
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
    {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
	if (CApath != NULL || CAfile != NULL) {
	    Tcl_DString ds1;
	    Tcl_DStringInit(&ds1);

	    if (!SSL_CTX_load_verify_locations(ctx, F2N(CAfile, &ds), F2N(CApath, &ds1))) {
		Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL);
		SSL_CTX_free(ctx);
		Tcl_DStringFree(&ds);
		Tcl_DStringFree(&ds1);
		return NULL;
	    }
	    Tcl_DStringFree(&ds);
	    Tcl_DStringFree(&ds1);

	    /* Set list of CAs to send to client when requesting a client certificate */
	    /* https://sourceforge.net/p/tls/bugs/57/ */
	    /* XXX:TODO: Let the user supply values here instead of something that exists on the filesystem */
	    STACK_OF(X509_NAME) *certNames = SSL_load_client_CA_file(F2N(CAfile, &ds));
	    if (certNames != NULL) {
		SSL_CTX_set_client_CA_list(ctx, certNames);
	    }
	    Tcl_DStringFree(&ds);
	}

#else
	/* Set directory containing CA certificates in PEM format. */
	if (CApath != NULL) {
	    if (!SSL_CTX_load_verify_dir(ctx, F2N(CApath, &ds))) {
		Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL);
		SSL_CTX_free(ctx);
		Tcl_DStringFree(&ds);
		return NULL;
	    }
	    Tcl_DStringFree(&ds);
	}
	
	/* Set URI for to a store, which may be a single container or a catalog of containers. */
	if (CAstore != NULL) {
	    if (!SSL_CTX_load_verify_store(ctx, F2N(CAstore, &ds))) {
		Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL);
		SSL_CTX_free(ctx);
		Tcl_DStringFree(&ds);
		return NULL;
	    }
	    Tcl_DStringFree(&ds);
	}
	
	/* Set file of CA certificates in PEM format.  */
	if (CAfile != NULL) {
	    if (!SSL_CTX_load_verify_file(ctx, F2N(CAfile, &ds))) {
		Tcl_AppendResult(interp, GET_ERR_REASON(), (char *) NULL);
		SSL_CTX_free(ctx);
		Tcl_DStringFree(&ds);
		return NULL;
	    }
	    Tcl_DStringFree(&ds);

	    /* Set list of CAs to send to client when requesting a client certificate */
	    STACK_OF(X509_NAME) *certNames = SSL_load_client_CA_file(F2N(CAfile, &ds));
	    if (certNames != NULL) {
		SSL_CTX_set_client_CA_list(ctx, certNames);







|
<
<
<



















<
<
<
|







<
<
<
|







<
<
<
|







2075
2076
2077
2078
2079
2080
2081
2082



2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101



2102
2103
2104
2105
2106
2107
2108
2109



2110
2111
2112
2113
2114
2115
2116
2117



2118
2119
2120
2121
2122
2123
2124
2125
    {
#if OPENSSL_VERSION_NUMBER < 0x30000000L
	if (CApath != NULL || CAfile != NULL) {
	    Tcl_DString ds1;
	    Tcl_DStringInit(&ds1);

	    if (!SSL_CTX_load_verify_locations(ctx, F2N(CAfile, &ds), F2N(CApath, &ds1))) {
		abort++;



		return NULL;
	    }
	    Tcl_DStringFree(&ds);
	    Tcl_DStringFree(&ds1);

	    /* Set list of CAs to send to client when requesting a client certificate */
	    /* https://sourceforge.net/p/tls/bugs/57/ */
	    /* XXX:TODO: Let the user supply values here instead of something that exists on the filesystem */
	    STACK_OF(X509_NAME) *certNames = SSL_load_client_CA_file(F2N(CAfile, &ds));
	    if (certNames != NULL) {
		SSL_CTX_set_client_CA_list(ctx, certNames);
	    }
	    Tcl_DStringFree(&ds);
	}

#else
	/* Set directory containing CA certificates in PEM format. */
	if (CApath != NULL) {
	    if (!SSL_CTX_load_verify_dir(ctx, F2N(CApath, &ds))) {



		abort++;
	    }
	    Tcl_DStringFree(&ds);
	}
	
	/* Set URI for to a store, which may be a single container or a catalog of containers. */
	if (CAstore != NULL) {
	    if (!SSL_CTX_load_verify_store(ctx, F2N(CAstore, &ds))) {



		abort++;
	    }
	    Tcl_DStringFree(&ds);
	}
	
	/* Set file of CA certificates in PEM format.  */
	if (CAfile != NULL) {
	    if (!SSL_CTX_load_verify_file(ctx, F2N(CAfile, &ds))) {



		abort++;
	    }
	    Tcl_DStringFree(&ds);

	    /* Set list of CAs to send to client when requesting a client certificate */
	    STACK_OF(X509_NAME) *certNames = SSL_load_client_CA_file(F2N(CAfile, &ds));
	    if (certNames != NULL) {
		SSL_CTX_set_client_CA_list(ctx, certNames);