}
#endif
}
+#ifdef USE_POLARSSL
else if (streq (p[0], "pkcs12") && p[1])
{
VERIFY_PERMISSION (OPT_P_GENERAL);
}
#endif
}
+#endif /* USE_POLARSSL */
else if (streq (p[0], "askpass"))
{
VERIFY_PERMISSION (OPT_P_GENERAL);
warn_multiple_script (options->tls_verify, "tls-verify");
options->tls_verify = string_substitute (p[1], ',', ' ', &options->gc);
}
+#ifndef USE_POLARSSL
else if (streq (p[0], "tls-export-cert") && p[1])
{
VERIFY_PERMISSION (OPT_P_GENERAL);
options->tls_export_cert = p[1];
}
+#endif
else if (streq (p[0], "tls-remote") && p[1])
{
VERIFY_PERMISSION (OPT_P_GENERAL);
return 0;
}
+static const char *
+verify_cert_export_cert(x509_cert_t *peercert, const char *tmp_dir, struct gc_arena *gc)
+{
+ FILE *peercert_file;
+ const char *peercert_filename="";
+
+ if(!tmp_dir)
+ return NULL;
+
+ /* create tmp file to store peer cert */
+ peercert_filename = create_temp_file (tmp_dir, "pcf", gc);
+
+ /* write peer-cert in tmp-file */
+ peercert_file = fopen(peercert_filename, "w+");
+ if(!peercert_file)
+ {
+ msg (M_ERR, "Failed to open temporary file : %s", peercert_filename);
+ return NULL;
+ }
+
+ if (x509_write_pem(peercert_file, peercert))
+ msg (M_ERR, "Error writing PEM file containing certificate");
+
+ fclose(peercert_file);
+ return peercert_filename;
+}
+
+
/*
* run --tls-verify script
*/
if (verify_export_cert)
{
gc = gc_new();
- if ((tmp_file=x509_write_cert(cert, verify_export_cert,&gc)))
+ if ((tmp_file=verify_cert_export_cert(cert, verify_export_cert, &gc)))
{
setenv_str(es, "peer_cert", tmp_file);
}
*
* @return a string containing the SHA1 hash of the certificate
*/
-
unsigned char *x509_get_sha1_hash (x509_cert_t *cert);
/*
* @param tmp_dir Temporary directory to store the directory
* @param gc gc_arena to store temporary objects in
*/
-const char *x509_write_cert(x509_cert_t *cert, const char *tmp_dir,
- struct gc_arena *gc);
+bool x509_write_pem(FILE *peercert_file, x509_cert_t *peercert);
/*
* Check the certificate against a CRL file.
return fFound;
}
-const char *
-x509_write_cert(X509 *peercert, const char *tmp_dir, struct gc_arena *gc)
+bool
+x509_write_pem(FILE *peercert_file, X509 *peercert)
{
- FILE *peercert_file;
- const char *peercert_filename="";
-
- if(!tmp_dir)
- return NULL;
-
- /* create tmp file to store peer cert */
- peercert_filename = create_temp_file (tmp_dir, "pcf", gc);
-
- /* write peer-cert in tmp-file */
- peercert_file = fopen(peercert_filename, "w+");
- if(!peercert_file)
- {
- msg (M_ERR, "Failed to open temporary file : %s", peercert_filename);
- return NULL;
- }
- if(PEM_write_X509(peercert_file,peercert)<0)
+ if (PEM_write_X509(peercert_file, peercert) < 0)
{
msg (M_ERR, "Failed to write peer certificate in PEM format");
- fclose(peercert_file);
- return NULL;
+ return true;
}
-
- fclose(peercert_file);
- return peercert_filename;
+ return false;
}
#endif /* OPENSSL_VERSION_NUMBER */
return fFound;
}
-const char *
-x509_write_cert(x509_cert *peercert, const char *tmp_dir, struct gc_arena *gc)
+bool
+x509_write_pem(FILE *peercert_file, x509_cert *peercert)
{
- FILE *peercert_file;
- const char *peercert_filename="";
-
- if(!tmp_dir)
- return NULL;
-
- /* create tmp file to store peer cert */
- peercert_filename = create_temp_file (tmp_dir, "pcf", gc);
-
- /* write peer-cert in tmp-file */
- peercert_file = fopen(peercert_filename, "w+");
- if(!peercert_file)
- {
- msg (M_ERR, "Failed to open temporary file : %s", peercert_filename);
- return NULL;
- }
-
-// if(PEM_write_X509(peercert_file,peercert)<0)
-// {
- msg (M_ERR, "PolarSSL does not support writing peer certificate in PEM format");
- fclose(peercert_file);
- return NULL;
-// }
-
- fclose(peercert_file);
- return peercert_filename;
+ msg (M_WARN, "PolarSSL does not support writing peer certificate in PEM format");
+ return true;
}
/*
projects / thirdparty / openvpn.git / commitdiff
