return strstr(cert, "PRIVATE KEY---") != NULL;
}
-const char *ssl_iostream_get_use_certificate_error(const char *cert)
+const char *
+openssl_iostream_use_certificate_error(const char *cert, const char *set_name)
{
unsigned long err;
else if (is_pem_key(cert)) {
return "The file contains a private key "
"(you've mixed ssl_cert and ssl_key settings)";
+ } else if (set_name != NULL && strchr(cert, '\n') == NULL) {
+ return t_strdup_printf("There is no valid PEM certificate. "
+ "(You probably forgot '<' from %s=<%s)", set_name, cert);
} else {
- return "There is no certificate.";
+ return "There is no valid PEM certificate.";
}
}
if (set->cert != NULL &&
ssl_ctx_use_certificate_chain(ctx->ssl_ctx, set->cert) == 0) {
*error_r = t_strdup_printf("Can't load SSL certificate: %s",
- ssl_iostream_get_use_certificate_error(set->cert));
+ openssl_iostream_use_certificate_error(set->cert, NULL));
return -1;
}
if (set->key != NULL) {
int openssl_iostream_load_key(const struct ssl_iostream_settings *set,
EVP_PKEY **pkey_r, const char **error_r);
-const char *ssl_iostream_get_use_certificate_error(const char *cert);
int openssl_cert_match_name(SSL *ssl, const char *verify_name);
int openssl_get_protocol_options(const char *protocols);
#define OPENSSL_ALL_PROTOCOL_OPTIONS \
const char *openssl_iostream_error(void);
const char *openssl_iostream_key_load_error(void);
+const char *
+openssl_iostream_use_certificate_error(const char *cert, const char *set_name);
int openssl_iostream_generate_params(buffer_t *output, unsigned int dh_length,
const char **error_r);
return ssl_proxy_count;
}
-static bool is_pem_key(const char *cert)
-{
- return strstr(cert, "PRIVATE KEY---") != NULL;
-}
-
static void load_ca(X509_STORE *store, const char *ca,
STACK_OF(X509_NAME) **xnames_r)
{
SSL_CTX_set_client_CA_list(ssl_ctx, ca_names);
}
-static const char *ssl_proxy_get_use_certificate_error(const char *cert)
-{
- unsigned long err;
-
- err = ERR_peek_error();
- if (ERR_GET_LIB(err) != ERR_LIB_PEM ||
- ERR_GET_REASON(err) != PEM_R_NO_START_LINE)
- return openssl_iostream_error();
- else if (is_pem_key(cert)) {
- return "The file contains a private key "
- "(you've mixed ssl_cert and ssl_key settings)";
- } else if (strchr(cert, '\n') == NULL) {
- return t_strdup_printf("There is no valid PEM certificate. "
- "(You probably forgot '<' from ssl_cert=<%s)", cert);
- } else {
- return "There is no valid PEM certificate.";
- }
-}
-
static EVP_PKEY * ATTR_NULL(2)
ssl_proxy_load_key(const char *key, const char *password)
{
if (ssl_proxy_ctx_use_certificate_chain(ctx->ctx, ctx->cert) != 1) {
i_fatal("Can't load ssl_cert: %s",
- ssl_proxy_get_use_certificate_error(ctx->cert));
+ openssl_iostream_use_certificate_error(ctx->cert, "ssl_cert"));
}
#ifdef HAVE_SSL_GET_SERVERNAME
if (ssl_proxy_ctx_use_certificate_chain(ctx, set->ssl_client_cert) != 1) {
i_fatal("Can't load ssl_client_cert: %s",
- ssl_proxy_get_use_certificate_error(set->ssl_client_cert));
+ openssl_iostream_use_certificate_error(
+ set->ssl_client_cert, "ssl_client_cert"));
}
pkey = ssl_proxy_load_key(set->ssl_client_key, NULL);
projects / thirdparty / dovecot / core.git / commitdiff
