mirror of
https://github.com/matrix-construct/construct
synced 2024-11-29 10:12:39 +01:00
[TLS backends] Miscellaneous fixes
* Certificate fingerprint length functions return an "int", so use an int when calculating the length * Clean up the OpenSSL certificate fingerprint if() and indentation mess
This commit is contained in:
parent
d6acb43769
commit
e3760ba710
3 changed files with 23 additions and 21 deletions
|
@ -602,14 +602,14 @@ rb_get_ssl_strerror(rb_fde_t *F)
|
|||
return gnutls_strerror(F->ssl_errno);
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
static int
|
||||
make_certfp(gnutls_x509_crt_t cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
|
||||
{
|
||||
gnutls_digest_algorithm_t algo;
|
||||
uint8_t digest[RB_SSL_CERTFP_LEN * 2];
|
||||
size_t digest_size;
|
||||
bool spki = false;
|
||||
unsigned int len;
|
||||
int len;
|
||||
|
||||
switch(method)
|
||||
{
|
||||
|
|
|
@ -544,7 +544,7 @@ make_certfp(const mbedtls_x509_crt *peer_cert, uint8_t certfp[RB_SSL_CERTFP_LEN]
|
|||
mbedtls_md_type_t md_type;
|
||||
bool spki = false;
|
||||
int ret;
|
||||
size_t len;
|
||||
int len;
|
||||
|
||||
switch (method)
|
||||
{
|
||||
|
|
|
@ -710,13 +710,13 @@ rb_get_ssl_strerror(rb_fde_t *F)
|
|||
return get_ssl_error(F->ssl_errno);
|
||||
}
|
||||
|
||||
static unsigned int
|
||||
static int
|
||||
make_certfp(X509 *cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
|
||||
{
|
||||
const ASN1_ITEM *it;
|
||||
const EVP_MD *evp;
|
||||
void *data;
|
||||
unsigned int len;
|
||||
int len;
|
||||
|
||||
switch(method)
|
||||
{
|
||||
|
@ -762,6 +762,7 @@ make_certfp(X509 *cert, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
|
|||
int
|
||||
rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
|
||||
{
|
||||
int len = 0;
|
||||
X509 *cert;
|
||||
int res;
|
||||
|
||||
|
@ -769,25 +770,26 @@ rb_get_ssl_certfp(rb_fde_t *F, uint8_t certfp[RB_SSL_CERTFP_LEN], int method)
|
|||
return 0;
|
||||
|
||||
cert = SSL_get_peer_certificate((SSL *) F->ssl);
|
||||
if(cert != NULL)
|
||||
if(cert == NULL)
|
||||
return 0;
|
||||
|
||||
res = SSL_get_verify_result((SSL *) F->ssl);
|
||||
switch(res)
|
||||
{
|
||||
res = SSL_get_verify_result((SSL *) F->ssl);
|
||||
if(
|
||||
res == X509_V_OK ||
|
||||
res == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
|
||||
res == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE ||
|
||||
res == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT ||
|
||||
res == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ||
|
||||
res == X509_V_ERR_CERT_UNTRUSTED)
|
||||
{
|
||||
unsigned int len = make_certfp(cert, certfp, method);
|
||||
X509_free(cert);
|
||||
return len;
|
||||
}
|
||||
X509_free(cert);
|
||||
case X509_V_OK:
|
||||
case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
|
||||
case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
|
||||
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
|
||||
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
|
||||
case X509_V_ERR_CERT_UNTRUSTED:
|
||||
len = make_certfp(cert, certfp, method);
|
||||
|
||||
default: /* to silence code inspectors */
|
||||
break;
|
||||
}
|
||||
|
||||
return 0;
|
||||
X509_free(cert);
|
||||
return len;
|
||||
}
|
||||
|
||||
int
|
||||
|
|
Loading…
Reference in a new issue