Overview
| Comment: | Do not expose implementation details in user interface |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | mjanssen-asn1-certs |
| Files: | files | file ages | folders |
| SHA3-256: |
ef0be0d731e19a6183250f24b550c455 |
| User & Date: | mjanssen on 2019-06-17 14:27:39 |
| Other Links: | branch diff | manifest | tags |
Context
|
2019-06-17
| ||
| 18:08 | Align code with option names check-in: 4945b7588e user: mjanssen tags: mjanssen-asn1-certs | |
| 14:27 | Do not expose implementation details in user interface check-in: ef0be0d731 user: mjanssen tags: mjanssen-asn1-certs | |
| 12:05 | Add support for ASN1 blobs for certificates and keys check-in: 49278969f2 user: mjanssen tags: mjanssen-asn1-certs | |
Changes
Modified tls.c from [8332b7761d] to [d8dd86370e].
| ︙ | ︙ | |||
816 817 818 819 820 821 822 | OPTBOOL( "-ssl2", ssl2); OPTBOOL( "-ssl3", ssl3); OPTBOOL( "-tls1", tls1); OPTBOOL( "-tls1.1", tls1_1); OPTBOOL( "-tls1.2", tls1_2); OPTBOOL( "-tls1.3", tls1_3); | < | | | | 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 |
OPTBOOL( "-ssl2", ssl2);
OPTBOOL( "-ssl3", ssl3);
OPTBOOL( "-tls1", tls1);
OPTBOOL( "-tls1.1", tls1_1);
OPTBOOL( "-tls1.2", tls1_2);
OPTBOOL( "-tls1.3", tls1_3);
OPTBYTE("-cert", cert_asn1, cert_asn1_len);
OPTBYTE("-key", key_asn1, key_asn1_len);
OPTBAD( "option", "-cadir, -cafile, -cert, -certfile, -cipher, -command, -dhparams, -key, -keyfile, -model, -password, -require, -request, -server, -servername, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, or tls1.3");
return TCL_ERROR;
}
if (request) verify |= SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_PEER;
if (request && require) verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
if (verify == 0) verify = SSL_VERIFY_NONE;
|
| ︙ | ︙ | |||
1304 1305 1306 1307 1308 1309 1310 |
SSL_CTX_free(ctx);
return (SSL_CTX *)0;
}
} else if (cert_asn1 != NULL) {
if (SSL_CTX_use_certificate_ASN1(ctx, cert_asn1_len, cert_asn1) <= 0) {
Tcl_DStringFree(&ds);
Tcl_AppendResult(interp,
| | | | 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 |
SSL_CTX_free(ctx);
return (SSL_CTX *)0;
}
} else if (cert_asn1 != NULL) {
if (SSL_CTX_use_certificate_ASN1(ctx, cert_asn1_len, cert_asn1) <= 0) {
Tcl_DStringFree(&ds);
Tcl_AppendResult(interp,
"unable to set certificate: ",
REASON(), (char *) NULL);
SSL_CTX_free(ctx);
return (SSL_CTX *)0;
}
if (key_asn1 == NULL) {
key_asn1=cert_asn1;
key_asn1_len = cert_asn1_len;
}
if (SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, ctx, key_asn1,key_asn1_len) <= 0) {
Tcl_DStringFree(&ds);
/* flush the passphrase which might be left in the result */
Tcl_SetResult(interp, NULL, TCL_STATIC);
Tcl_AppendResult(interp,
"unable to set public key: ",
REASON(), (char *) NULL);
SSL_CTX_free(ctx);
return (SSL_CTX *)0;
}
} else {
cert = (char*)X509_get_default_cert_file();
|
| ︙ | ︙ |