git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Joachim Schipper <joachim.schipper@fox-it.com>
	Thu, 19 Sep 2013 10:47:27 +0000 (12:47 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Sat, 23 Nov 2013 11:39:41 +0000 (12:39 +0100)
commit	c3b2d487bc5089c8c0cf65df8e6cc2232d84b05b
tree	b196b4df5bdd202be7830eef1e2f146ffaab1f83	tree \| snapshot
parent	076fd3e46bbbe6261317d58cc2442f8eccc927ce	commit \| diff

Refactor tls_ctx_use_external_private_key()

OpenSSL's tls_ctx_load_cert_file() had a parameter in which a copy of the
context's certificate chain was stored on return, used by
tls_ctx_use_external_private_key() only and free()d immediately thereafter.

PolarSSL also supported this output parameter, but returned a pointer to
the
context's certificate chain (rather than to a copy of the certificate, as
OpenSSL does) - which meant that we would have to #ifdef the free().

PolarSSL cannot make a copy of a certificate chain, and OpenSSL cannot
store a
pointer to (instead of a copy of) the cert.

So remove the output parameter from tls_ctx_load_cert_file() and
incorporate
the needed functionality directly into tls_ctx_use_external_private_key()
(which is straightforward for both OpenSSL and PolarSSL, as long as you
don't
try to support both at once.)

Signed-off-by: Joachim Schipper <joachim.schipper@fox-it.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <1379587649-25506-2-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7888
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/ssl.c		diff \| blob \| blame \| history
src/openvpn/ssl_backend.h		diff \| blob \| blame \| history
src/openvpn/ssl_openssl.c		diff \| blob \| blame \| history
src/openvpn/ssl_polarssl.c		diff \| blob \| blame \| history