dovecot-2.2: login, lib-ssl-iostream: Deduplicate code with shar...
dovecot at dovecot.org
dovecot at dovecot.org
Thu Dec 3 10:03:27 UTC 2015
details: http://hg.dovecot.org/dovecot-2.2/rev/dbbfa124b27d
changeset: 19447:dbbfa124b27d
user: Timo Sirainen <tss at iki.fi>
date: Thu Dec 03 12:02:56 2015 +0200
description:
login, lib-ssl-iostream: Deduplicate code with shared openssl_iostream_use_certificate_error()
diffstat:
src/lib-ssl-iostream/iostream-openssl-context.c | 10 ++++++--
src/lib-ssl-iostream/iostream-openssl.c | 2 +-
src/lib-ssl-iostream/iostream-openssl.h | 3 +-
src/login-common/ssl-proxy-openssl.c | 29 ++----------------------
4 files changed, 13 insertions(+), 31 deletions(-)
diffs (127 lines):
diff -r 77990d0b1a42 -r dbbfa124b27d src/lib-ssl-iostream/iostream-openssl-context.c
--- a/src/lib-ssl-iostream/iostream-openssl-context.c Thu Dec 03 11:58:11 2015 +0200
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c Thu Dec 03 12:02:56 2015 +0200
@@ -174,7 +174,8 @@
return strstr(cert, "PRIVATE KEY---") != NULL;
}
-const char *ssl_iostream_get_use_certificate_error(const char *cert)
+const char *
+openssl_iostream_use_certificate_error(const char *cert, const char *set_name)
{
unsigned long err;
@@ -185,8 +186,11 @@
else if (is_pem_key(cert)) {
return "The file contains a private key "
"(you've mixed ssl_cert and ssl_key settings)";
+ } else if (set_name != NULL && strchr(cert, '\n') == NULL) {
+ return t_strdup_printf("There is no valid PEM certificate. "
+ "(You probably forgot '<' from %s=<%s)", set_name, cert);
} else {
- return "There is no certificate.";
+ return "There is no valid PEM certificate.";
}
}
@@ -398,7 +402,7 @@
if (set->cert != NULL &&
ssl_ctx_use_certificate_chain(ctx->ssl_ctx, set->cert) == 0) {
*error_r = t_strdup_printf("Can't load SSL certificate: %s",
- ssl_iostream_get_use_certificate_error(set->cert));
+ openssl_iostream_use_certificate_error(set->cert, NULL));
return -1;
}
if (set->key != NULL) {
diff -r 77990d0b1a42 -r dbbfa124b27d src/lib-ssl-iostream/iostream-openssl.c
--- a/src/lib-ssl-iostream/iostream-openssl.c Thu Dec 03 11:58:11 2015 +0200
+++ b/src/lib-ssl-iostream/iostream-openssl.c Thu Dec 03 12:02:56 2015 +0200
@@ -71,7 +71,7 @@
if (ret == 0) {
*error_r = t_strdup_printf("Can't load ssl_cert: %s",
- ssl_iostream_get_use_certificate_error(cert));
+ openssl_iostream_use_certificate_error(cert, NULL));
return -1;
}
return 0;
diff -r 77990d0b1a42 -r dbbfa124b27d src/lib-ssl-iostream/iostream-openssl.h
--- a/src/lib-ssl-iostream/iostream-openssl.h Thu Dec 03 11:58:11 2015 +0200
+++ b/src/lib-ssl-iostream/iostream-openssl.h Thu Dec 03 12:02:56 2015 +0200
@@ -68,7 +68,6 @@
int openssl_iostream_load_key(const struct ssl_iostream_settings *set,
EVP_PKEY **pkey_r, const char **error_r);
-const char *ssl_iostream_get_use_certificate_error(const char *cert);
int openssl_cert_match_name(SSL *ssl, const char *verify_name);
int openssl_get_protocol_options(const char *protocols);
#define OPENSSL_ALL_PROTOCOL_OPTIONS \
@@ -92,6 +91,8 @@
const char *openssl_iostream_error(void);
const char *openssl_iostream_key_load_error(void);
+const char *
+openssl_iostream_use_certificate_error(const char *cert, const char *set_name);
int openssl_iostream_generate_params(buffer_t *output, unsigned int dh_length,
const char **error_r);
diff -r 77990d0b1a42 -r dbbfa124b27d src/login-common/ssl-proxy-openssl.c
--- a/src/login-common/ssl-proxy-openssl.c Thu Dec 03 11:58:11 2015 +0200
+++ b/src/login-common/ssl-proxy-openssl.c Thu Dec 03 12:02:56 2015 +0200
@@ -935,11 +935,6 @@
return ssl_proxy_count;
}
-static bool is_pem_key(const char *cert)
-{
- return strstr(cert, "PRIVATE KEY---") != NULL;
-}
-
static void load_ca(X509_STORE *store, const char *ca,
STACK_OF(X509_NAME) **xnames_r)
{
@@ -1080,25 +1075,6 @@
SSL_CTX_set_client_CA_list(ssl_ctx, ca_names);
}
-static const char *ssl_proxy_get_use_certificate_error(const char *cert)
-{
- unsigned long err;
-
- err = ERR_peek_error();
- if (ERR_GET_LIB(err) != ERR_LIB_PEM ||
- ERR_GET_REASON(err) != PEM_R_NO_START_LINE)
- return openssl_iostream_error();
- else if (is_pem_key(cert)) {
- return "The file contains a private key "
- "(you've mixed ssl_cert and ssl_key settings)";
- } else if (strchr(cert, '\n') == NULL) {
- return t_strdup_printf("There is no valid PEM certificate. "
- "(You probably forgot '<' from ssl_cert=<%s)", cert);
- } else {
- return "There is no valid PEM certificate.";
- }
-}
-
static EVP_PKEY * ATTR_NULL(2)
ssl_proxy_load_key(const char *key, const char *password)
{
@@ -1277,7 +1253,7 @@
if (ssl_proxy_ctx_use_certificate_chain(ctx->ctx, ctx->cert) != 1) {
i_fatal("Can't load ssl_cert: %s",
- ssl_proxy_get_use_certificate_error(ctx->cert));
+ openssl_iostream_use_certificate_error(ctx->cert, "ssl_cert"));
}
#ifdef HAVE_SSL_GET_SERVERNAME
@@ -1317,7 +1293,8 @@
if (ssl_proxy_ctx_use_certificate_chain(ctx, set->ssl_client_cert) != 1) {
i_fatal("Can't load ssl_client_cert: %s",
- ssl_proxy_get_use_certificate_error(set->ssl_client_cert));
+ openssl_iostream_use_certificate_error(
+ set->ssl_client_cert, "ssl_client_cert"));
}
pkey = ssl_proxy_load_key(set->ssl_client_key, NULL);
More information about the dovecot-cvs
mailing list