-- Clifford Stoll */
#include "mod_ssl.h"
+/*
+ * Return true if the named file exists and is readable
+ */
+
+static apr_status_t exists_and_readable(char *fname, apr_pool_t *pool)
+{
+ apr_finfo_t sbuf;
+
+ if ( apr_stat(&sbuf, fname, APR_FINFO_NORM, pool) != APR_SUCCESS )
+ return APR_ENOSTAT;
+
+ return ( ((sbuf.filetype == APR_REG) && (sbuf.protection & APR_UREAD)) ?
+ APR_SUCCESS : APR_EGENERAL);
+}
+
/* _________________________________________________________________
**
** Pass Phrase and Private Key Handling
ssl_asn1_t *asn1;
unsigned char *ucp;
X509 *pX509Cert;
- FILE *fp;
BOOL bReadable;
ssl_ds_array *aPassPhrase;
int nPassPhrase;
for (i = 0, j = 0; i < SSL_AIDX_MAX && sc->szPublicCertFile[i] != NULL; i++) {
apr_cpystrn(szPath, sc->szPublicCertFile[i], sizeof(szPath));
-#if 0 /* XXX */
- if ((fp = ap_pfopen(p, szPath, "r")) == NULL) {
-#else
- if ((fp = fopen(szPath, "r")) == NULL) {
-#endif
+ if ( exists_and_readable(szPath, p) != APR_SUCCESS ) {
ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
"Init: Can't open server certificate file %s", szPath);
ssl_die();
}
- if ((pX509Cert = SSL_read_X509(fp, NULL, NULL)) == NULL) {
+ if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
"Init: Unable to read server certificate from file %s", szPath);
ssl_die();
}
-#if 0 /* XXX */
- ap_pfclose(p, fp);
-#else
- fclose(fp);
-#endif
/*
* check algorithm type of certificate and make
* the callback function which serves the pass
* phrases to OpenSSL
*/
-#if 0 /* XXX */
- if ((fp = ap_pfopen(p, szPath, "r")) == NULL) {
-#else
- if ((fp = fopen(szPath, "r")) == NULL) {
-#endif
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Init: Can't open server private key file %s", szPath);
- ssl_die();
+ if ( exists_and_readable(szPath, p) != APR_SUCCESS ) {
+ ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
+ "Init: Can't open server private key file %s",szPath);
+ ssl_die();
}
cpPassPhraseCur = NULL;
- bReadable = ((pPrivateKey = SSL_read_PrivateKey(fp, NULL,
- ssl_pphrase_Handle_CB, s)) != NULL ? TRUE : FALSE);
-#if 0 /* XXX */
- ap_pfclose(p, fp);
-#else
- fclose(fp);
-#endif
-
+ bReadable = ((pPrivateKey = SSL_read_PrivateKey(szPath, NULL,
+ ssl_pphrase_Handle_CB, s)) != NULL ? TRUE : FALSE);
+
/*
* when the private key file now was readable,
* it's fine and we go out of the loop
** _________________________________________________________________
*/
-X509 *SSL_read_X509(FILE *fp, X509 **x509, int (*cb)(char*,int,int,void*))
+X509 *SSL_read_X509(char* filename, X509 **x509, int (*cb)(char*,int,int,void*))
{
X509 *rc;
BIO *bioS;
BIO *bioF;
/* 1. try PEM (= DER+Base64+headers) */
-#if SSL_LIBRARY_VERSION < 0x00904000
- rc = PEM_read_X509(fp, x509, cb);
-#else
- rc = PEM_read_X509(fp, x509, cb, NULL);
-#endif
+ if ((bioS=BIO_new_file(filename, "r")) == NULL)
+ return NULL;
+ rc=PEM_read_bio_X509 (bioS, x509, cb, NULL);
+ BIO_free(bioS);
+
if (rc == NULL) {
/* 2. try DER+Base64 */
- fseek(fp, 0L, SEEK_SET);
- if ((bioS = BIO_new(BIO_s_fd())) == NULL)
- return NULL;
- BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
- if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
+ if ((bioS=BIO_new_file(filename, "r")) == NULL)
+ return NULL;
+
+ if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
BIO_free(bioS);
return NULL;
}
BIO_free_all(bioS);
if (rc == NULL) {
/* 3. try plain DER */
- fseek(fp, 0L, SEEK_SET);
- if ((bioS = BIO_new(BIO_s_fd())) == NULL)
- return NULL;
- BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
+ if ((bioS=BIO_new_file(filename, "r")) == NULL)
+ return NULL;
rc = d2i_X509_bio(bioS, NULL);
BIO_free(bioS);
}
}
#endif
-EVP_PKEY *SSL_read_PrivateKey(FILE *fp, EVP_PKEY **key, int (*cb)(char*,int,int,void*), void *s)
+EVP_PKEY *SSL_read_PrivateKey(char* filename, EVP_PKEY **key, int (*cb)(char*,int,int,void*), void *s)
{
EVP_PKEY *rc;
BIO *bioS;
BIO *bioF;
/* 1. try PEM (= DER+Base64+headers) */
-#if SSL_LIBRARY_VERSION < 0x00904000
- rc = PEM_read_PrivateKey(fp, key, cb);
-#else
- rc = PEM_read_PrivateKey(fp, key, cb, s);
-#endif
+ if ((bioS=BIO_new_file(filename, "r")) == NULL)
+ return NULL;
+ rc = PEM_read_bio_PrivateKey(bioS, key, cb, s);
+ BIO_free(bioS);
+
if (rc == NULL) {
/* 2. try DER+Base64 */
- fseek(fp, 0L, SEEK_SET);
- if ((bioS = BIO_new(BIO_s_fd())) == NULL)
- return NULL;
- BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
- if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
+ if ( (bioS = BIO_new_file(filename, "r")) == NULL )
+ return NULL;
+
+ if ((bioF = BIO_new(BIO_f_base64())) == NULL) {
BIO_free(bioS);
return NULL;
}
BIO_free_all(bioS);
if (rc == NULL) {
/* 3. try plain DER */
- fseek(fp, 0L, SEEK_SET);
- if ((bioS = BIO_new(BIO_s_fd())) == NULL)
- return NULL;
- BIO_set_fd(bioS, fileno(fp), BIO_NOCLOSE);
+ if ( (bioS = BIO_new_file(filename, "r")) == NULL )
+ return NULL;
rc = d2i_PrivateKey_bio(bioS, NULL);
BIO_free(bioS);
}
int SSL_get_app_data2_idx(void);
void *SSL_get_app_data2(SSL *);
void SSL_set_app_data2(SSL *, void *);
-X509 *SSL_read_X509(FILE *, X509 **, int (*)(char*,int,int,void*));
-EVP_PKEY *SSL_read_PrivateKey(FILE *, EVP_PKEY **, int (*)(char*,int,int,void*), void *);
+X509 *SSL_read_X509(char *, X509 **, int (*)(char*,int,int,void*));
+EVP_PKEY *SSL_read_PrivateKey(char *, EVP_PKEY **, int (*)(char*,int,int,void*), void *);
int SSL_smart_shutdown(SSL *ssl);
X509_STORE *SSL_X509_STORE_create(char *, char *);
int SSL_X509_STORE_lookup(X509_STORE *, int, X509_NAME *, X509_OBJECT *);
projects / thirdparty / apache / httpd.git / commitdiff
