polarssl: also allocate PKCS#11 certificate object on demand

Commit 444a93ea changed certificate allocation to be postponed until
actual usage to fix --client-cert-not-required / --verify-client-cert
for PolarSSL builds.  However, I forgot to allocate when using pkcs11
(because that code does not use the tls_ctx_load_cert_file() function).

And while we're at it, use ALLOC_OBJ_CLEAR() instead of malloc + manual
check.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1448101324-20310-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10543
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/pkcs11_polarssl.c b/src/openvpn/pkcs11_polarssl.c
index be4e9737eecd08b76c66509d18d09d6bb6336361..4018b22a559b3467096978c9b4946584c4b4924c 100644 (file)
--- a/src/openvpn/pkcs11_polarssl.c
+++ b/src/openvpn/pkcs11_polarssl.c
@@ -50,18 +50,13 @@ pkcs11_init_tls_session(pkcs11h_certificate_t certificate,
 
   ASSERT (NULL != ssl_ctx);
 
+  ALLOC_OBJ_CLEAR (ssl_ctx->crt_chain, x509_crt);
   if (pkcs11_x509_cert_init(ssl_ctx->crt_chain, certificate)) {
       msg (M_FATAL, "PKCS#11: Cannot retrieve PolarSSL certificate object");
       goto cleanup;
   }
 
-  ssl_ctx->priv_key_pkcs11 = malloc(sizeof(pkcs11_context));
-
-  if (ssl_ctx->priv_key_pkcs11 == NULL) {
-      msg (M_FATAL, "PKCS#11: Cannot allocate PolarSSL private key object");
-      goto cleanup;
-  }
-
+  ALLOC_OBJ_CLEAR (ssl_ctx->priv_key_pkcs11, pkcs11_context);
   if (pkcs11_priv_key_init(ssl_ctx->priv_key_pkcs11, certificate)) {
       msg (M_FATAL, "PKCS#11: Cannot initialize PolarSSL private key object");
       goto cleanup;