projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 59b1696c | 1 | /* |
| b0edda11 | 2 | * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. |
| 59b1696c | 3 | * |
| 2c18d164 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
| 846e33c7 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
| 6 | * in the file LICENSE in the source distribution or at | |
| 7 | * https://www.openssl.org/source/license.html | |
| 59b1696c DSH |
8 | */ |
| 9 | ||
| 10 | #include <stdio.h> | |
| 11 | #include <openssl/conf.h> | |
| 12 | #include <openssl/ssl.h> | |
| 13 | #include "ssl_locl.h" | |
| d8f031e8 | 14 | #include "internal/sslconf.h" |
| 59b1696c DSH |
15 | |
| 16 | /* SSL library configuration module. */ | |
| 17 | ||
| 59b1696c DSH |
18 | void SSL_add_ssl_module(void) |
| 19 | { | |
| d8f031e8 | 20 | /* Do nothing. This will be added automatically by libcrypto */ |
| 59b1696c DSH |
21 | } |
| 22 | ||
| 8a5ed9dc | 23 | static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system) |
| 59b1696c DSH |
24 | { |
| 25 | SSL_CONF_CTX *cctx = NULL; | |
| d8f031e8 | 26 | size_t i, idx, cmd_count; |
| 59b1696c DSH |
27 | int rv = 0; |
| 28 | unsigned int flags; | |
| 29 | const SSL_METHOD *meth; | |
| d8f031e8 | 30 | const SSL_CONF_CMD *cmds; |
| 8a5ed9dc | 31 | |
| 59b1696c DSH |
32 | if (s == NULL && ctx == NULL) { |
| 33 | SSLerr(SSL_F_SSL_DO_CONFIG, ERR_R_PASSED_NULL_PARAMETER); | |
| 34 | goto err; | |
| 35 | } | |
| 8a5ed9dc TM |
36 | |
| 37 | if (name == NULL && system) | |
| 38 | name = "system_default"; | |
| d8f031e8 | 39 | if (!conf_ssl_name_find(name, &idx)) { |
| 8a5ed9dc TM |
40 | if (!system) { |
| 41 | SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME); | |
| 42 | ERR_add_error_data(2, "name=", name); | |
| 43 | } | |
| 59b1696c DSH |
44 | goto err; |
| 45 | } | |
| d8f031e8 | 46 | cmds = conf_ssl_get(idx, &name, &cmd_count); |
| 59b1696c DSH |
47 | cctx = SSL_CONF_CTX_new(); |
| 48 | if (cctx == NULL) | |
| 49 | goto err; | |
| 50 | flags = SSL_CONF_FLAG_FILE; | |
| 8a5ed9dc TM |
51 | if (!system) |
| 52 | flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE; | |
| 59b1696c DSH |
53 | if (s != NULL) { |
| 54 | meth = s->method; | |
| 55 | SSL_CONF_CTX_set_ssl(cctx, s); | |
| 56 | } else { | |
| 57 | meth = ctx->method; | |
| 58 | SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); | |
| 59 | } | |
| 60 | if (meth->ssl_accept != ssl_undefined_function) | |
| a230b26e | 61 | flags |= SSL_CONF_FLAG_SERVER; |
| 59b1696c | 62 | if (meth->ssl_connect != ssl_undefined_function) |
| a230b26e | 63 | flags |= SSL_CONF_FLAG_CLIENT; |
| 59b1696c | 64 | SSL_CONF_CTX_set_flags(cctx, flags); |
| d8f031e8 MC |
65 | for (i = 0; i < cmd_count; i++) { |
| 66 | char *cmdstr, *arg; | |
| 67 | ||
| 68 | conf_ssl_get_cmd(cmds, i, &cmdstr, &arg); | |
| 69 | rv = SSL_CONF_cmd(cctx, cmdstr, arg); | |
| 59b1696c DSH |
70 | if (rv <= 0) { |
| 71 | if (rv == -2) | |
| 72 | SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_UNKNOWN_COMMAND); | |
| 0485d540 | 73 | else |
| 59b1696c | 74 | SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_BAD_VALUE); |
| d8f031e8 MC |
75 | ERR_add_error_data(6, "section=", name, ", cmd=", cmdstr, |
| 76 | ", arg=", arg); | |
| 59b1696c DSH |
77 | goto err; |
| 78 | } | |
| 79 | } | |
| 80 | rv = SSL_CONF_CTX_finish(cctx); | |
| a230b26e | 81 | err: |
| 59b1696c DSH |
82 | SSL_CONF_CTX_free(cctx); |
| 83 | return rv <= 0 ? 0 : 1; | |
| 84 | } | |
| 85 | ||
| 86 | int SSL_config(SSL *s, const char *name) | |
| 87 | { | |
| 8a5ed9dc | 88 | return ssl_do_config(s, NULL, name, 0); |
| 59b1696c DSH |
89 | } |
| 90 | ||
| 91 | int SSL_CTX_config(SSL_CTX *ctx, const char *name) | |
| 92 | { | |
| 8a5ed9dc TM |
93 | return ssl_do_config(NULL, ctx, name, 0); |
| 94 | } | |
| 95 | ||
| 96 | void ssl_ctx_system_config(SSL_CTX *ctx) | |
| 97 | { | |
| 98 | ssl_do_config(NULL, ctx, NULL, 1); | |
| 59b1696c | 99 | } |