Overview
Comment: | Do not expose implementation details in user interface |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | mjanssen-asn1-certs |
Files: | files | file ages | folders |
SHA3-256: |
ef0be0d731e19a6183250f24b550c455 |
User & Date: | mjanssen on 2019-06-17 14:27:39 |
Other Links: | branch diff | manifest | tags |
Context
2019-06-17
| ||
18:08 | Align code with option names check-in: 4945b7588e user: mjanssen tags: mjanssen-asn1-certs | |
14:27 | Do not expose implementation details in user interface check-in: ef0be0d731 user: mjanssen tags: mjanssen-asn1-certs | |
12:05 | Add support for ASN1 blobs for certificates and keys check-in: 49278969f2 user: mjanssen tags: mjanssen-asn1-certs | |
Changes
Modified tls.c from [8332b7761d] to [d8dd86370e].
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
....
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
|
OPTBOOL( "-ssl2", ssl2); OPTBOOL( "-ssl3", ssl3); OPTBOOL( "-tls1", tls1); OPTBOOL( "-tls1.1", tls1_1); OPTBOOL( "-tls1.2", tls1_2); OPTBOOL( "-tls1.3", tls1_3); OPTBYTE("-certasn1", cert_asn1, cert_asn1_len); OPTBYTE("-keyasn1", key_asn1, key_asn1_len); OPTBAD( "option", "-cadir, -cafile, -certasn1, -certfile, -cipher, -command, -dhparams, -keyasn1, -keyfile, -model, -password, -require, -request, -server, -servername, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, or tls1.3"); return TCL_ERROR; } if (request) verify |= SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_PEER; if (request && require) verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; if (verify == 0) verify = SSL_VERIFY_NONE; ................................................................................ SSL_CTX_free(ctx); return (SSL_CTX *)0; } } else if (cert_asn1 != NULL) { if (SSL_CTX_use_certificate_ASN1(ctx, cert_asn1_len, cert_asn1) <= 0) { Tcl_DStringFree(&ds); Tcl_AppendResult(interp, "unable to set certificate from ASN1: ", REASON(), (char *) NULL); SSL_CTX_free(ctx); return (SSL_CTX *)0; } if (key_asn1 == NULL) { key_asn1=cert_asn1; key_asn1_len = cert_asn1_len; } if (SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, ctx, key_asn1,key_asn1_len) <= 0) { Tcl_DStringFree(&ds); /* flush the passphrase which might be left in the result */ Tcl_SetResult(interp, NULL, TCL_STATIC); Tcl_AppendResult(interp, "unable to set public key from ASN1: ", REASON(), (char *) NULL); SSL_CTX_free(ctx); return (SSL_CTX *)0; } } else { cert = (char*)X509_get_default_cert_file(); |
<
|
|
|
|
|
|
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
....
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
|
OPTBOOL( "-ssl2", ssl2);
OPTBOOL( "-ssl3", ssl3);
OPTBOOL( "-tls1", tls1);
OPTBOOL( "-tls1.1", tls1_1);
OPTBOOL( "-tls1.2", tls1_2);
OPTBOOL( "-tls1.3", tls1_3);
OPTBYTE("-cert", cert_asn1, cert_asn1_len);
OPTBYTE("-key", key_asn1, key_asn1_len);
OPTBAD( "option", "-cadir, -cafile, -cert, -certfile, -cipher, -command, -dhparams, -key, -keyfile, -model, -password, -require, -request, -server, -servername, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, or tls1.3");
return TCL_ERROR;
}
if (request) verify |= SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_PEER;
if (request && require) verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
if (verify == 0) verify = SSL_VERIFY_NONE;
................................................................................
SSL_CTX_free(ctx);
return (SSL_CTX *)0;
}
} else if (cert_asn1 != NULL) {
if (SSL_CTX_use_certificate_ASN1(ctx, cert_asn1_len, cert_asn1) <= 0) {
Tcl_DStringFree(&ds);
Tcl_AppendResult(interp,
"unable to set certificate: ",
REASON(), (char *) NULL);
SSL_CTX_free(ctx);
return (SSL_CTX *)0;
}
if (key_asn1 == NULL) {
key_asn1=cert_asn1;
key_asn1_len = cert_asn1_len;
}
if (SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, ctx, key_asn1,key_asn1_len) <= 0) {
Tcl_DStringFree(&ds);
/* flush the passphrase which might be left in the result */
Tcl_SetResult(interp, NULL, TCL_STATIC);
Tcl_AppendResult(interp,
"unable to set public key: ",
REASON(), (char *) NULL);
SSL_CTX_free(ctx);
return (SSL_CTX *)0;
}
} else {
cert = (char*)X509_get_default_cert_file();
|