* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
PRInt32 version; /* protocol version valid for this cipher */
} cipher_s;
-#define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
- (x)->pValue=(v); (x)->ulValueLen = (l)
+#define PK11_SETATTRS(x,id,v,l) (x)->type = (id); \
+ (x)->pValue=(v); (x)->ulValueLen = (l)
#define CERT_NewTempCertificate __CERT_NewTempCertificate
static char *fmt_nickname(char *str, bool *nickname_alloc)
{
- char *nickname = NULL;
- *nickname_alloc = FALSE;
-
- if(is_file(str)) {
- char *n = strrchr(str, '/');
- if(n) {
- *nickname_alloc = TRUE;
- n++; /* skip last slash */
- nickname = aprintf("PEM Token #%d:%s", 1, n);
- }
- return nickname;
+ char *nickname = NULL;
+ *nickname_alloc = FALSE;
+
+ if(is_file(str)) {
+ char *n = strrchr(str, '/');
+ if(n) {
+ *nickname_alloc = TRUE;
+ n++; /* skip last slash */
+ nickname = aprintf("PEM Token #%d:%s", 1, n);
}
+ return nickname;
+ }
- return str;
+ return str;
}
static int nss_load_cert(struct ssl_connect_data *ssl,
* slot.
*/
ssl->cacert[slotID] = PK11_CreateGenericObject(slot, theTemplate, 4,
- PR_FALSE /* isPerm */);
+ PR_FALSE /* isPerm */);
PK11_FreeSlot(slot);
return 0;
#endif
-done:
+ done:
/* Double-check that the certificate or nickname requested exists in
* either the token or the NSS certificate database.
*/
return 1;
}
-static int nss_load_key(struct connectdata *conn, int sockindex, char *key_file)
+static int nss_load_key(struct connectdata *conn, int sockindex,
+ char *key_file)
{
#ifdef HAVE_PK11_CREATEGENERICOBJECT
PK11SlotInfo * slot = NULL;
return SECSuccess;
}
-static void display_cert_info(struct SessionHandle *data, CERTCertificate *cert) {
- char *subject, *issuer, *common_name;
- PRExplodedTime printableTime;
- char timeString[256];
- PRTime notBefore, notAfter;
-
- subject = CERT_NameToAscii(&cert->subject);
- issuer = CERT_NameToAscii(&cert->issuer);
- common_name = CERT_GetCommonName(&cert->subject);
- infof(data, "\tsubject: %s\n", subject);
-
- CERT_GetCertTimes(cert, ¬Before, ¬After);
- PR_ExplodeTime(notBefore, PR_GMTParameters, &printableTime);
- PR_FormatTime(timeString, 256, "%b %d %H:%M:%S %Y GMT", &printableTime);
- infof(data, "\tstart date: %s\n", timeString);
- PR_ExplodeTime(notAfter, PR_GMTParameters, &printableTime);
- PR_FormatTime(timeString, 256, "%b %d %H:%M:%S %Y GMT", &printableTime);
- infof(data, "\texpire date: %s\n", timeString);
- infof(data, "\tcommon name: %s\n", common_name);
- infof(data, "\tissuer: %s\n", issuer);
-
- PR_Free(subject);
- PR_Free(issuer);
- PR_Free(common_name);
+static void display_cert_info(struct SessionHandle *data,
+ CERTCertificate *cert)
+{
+ char *subject, *issuer, *common_name;
+ PRExplodedTime printableTime;
+ char timeString[256];
+ PRTime notBefore, notAfter;
+
+ subject = CERT_NameToAscii(&cert->subject);
+ issuer = CERT_NameToAscii(&cert->issuer);
+ common_name = CERT_GetCommonName(&cert->subject);
+ infof(data, "\tsubject: %s\n", subject);
+
+ CERT_GetCertTimes(cert, ¬Before, ¬After);
+ PR_ExplodeTime(notBefore, PR_GMTParameters, &printableTime);
+ PR_FormatTime(timeString, 256, "%b %d %H:%M:%S %Y GMT", &printableTime);
+ infof(data, "\tstart date: %s\n", timeString);
+ PR_ExplodeTime(notAfter, PR_GMTParameters, &printableTime);
+ PR_FormatTime(timeString, 256, "%b %d %H:%M:%S %Y GMT", &printableTime);
+ infof(data, "\texpire date: %s\n", timeString);
+ infof(data, "\tcommon name: %s\n", common_name);
+ infof(data, "\tissuer: %s\n", issuer);
+
+ PR_Free(subject);
+ PR_Free(issuer);
+ PR_Free(common_name);
}
static void display_conn_info(struct connectdata *conn, PRFileDesc *sock)
void *proto_win = NULL;
/*
- PRArenaPool *tmpArena = NULL;
- CERTAuthKeyID *authorityKeyID = NULL;
- SECITEM *caname = NULL;
+ PRArenaPool *tmpArena = NULL;
+ CERTAuthKeyID *authorityKeyID = NULL;
+ SECITEM *caname = NULL;
*/
cert = SSL_PeerCertificate(sock);
|| NULL == *pRetCert) {
if (NULL == nickname)
- failf(data, "NSS: client certificate not found (nickname not specified)");
+ failf(data, "NSS: client certificate not found (nickname not "
+ "specified)");
else
failf(data, "NSS: client certificate not found: %s", nickname);
certDir = getenv("SSL_DIR");
if(certDir) {
if((stat(certDir, &st) != 0) ||
- (!S_ISDIR(st.st_mode))) {
+ (!S_ISDIR(st.st_mode))) {
certDir = NULL;
}
}
/* Now we check if the default location is a valid dir */
if(!certDir) {
if((stat(SSL_DIR, &st) == 0) &&
- (S_ISDIR(st.st_mode))) {
+ (S_ISDIR(st.st_mode))) {
certDir = (char *)SSL_DIR;
}
}
}
else {
char *certpath = PR_smprintf("%s%s",
- NSS_VersionCheck("3.12.0") ? "sql:" : "",
- certDir);
+ NSS_VersionCheck("3.12.0") ? "sql:" : "",
+ certDir);
rv = NSS_Initialize(certpath, "", "", "", NSS_INIT_READONLY);
PR_smprintf_free(certpath);
}
SECMOD_DestroyModule(mod);
mod = NULL;
}
- infof(data, "WARNING: failed to load NSS PEM library %s. Using OpenSSL "
- "PEM certificates will not work.\n", pem_library);
+ infof(data, "WARNING: failed to load NSS PEM library %s. Using "
+ "OpenSSL PEM certificates will not work.\n", pem_library);
}
}
#endif
return CURLE_OUT_OF_MEMORY;
if(!cert_stuff(conn, sockindex, data->set.str[STRING_CERT],
- data->set.str[STRING_KEY])) {
+ data->set.str[STRING_KEY])) {
/* failf() is already done in cert_stuff() */
if(nickname_alloc)
free(nickname);
/* This is the password associated with the cert that we're using */
if (data->set.str[STRING_KEY_PASSWD]) {
- SSL_SetPKCS11PinArg(connssl->handle, data->set.str[STRING_KEY_PASSWD]);
+ SSL_SetPKCS11PinArg(connssl->handle, data->set.str[STRING_KEY_PASSWD]);
}
/* Force handshake on next I/O */
return CURLE_OK;
-error:
+ error:
/* reset the flag to avoid an infinite loop */
data->state.ssl_connect_retry = FALSE;
projects / thirdparty / curl.git / commitdiff
