From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 16 Oct 2019 16:27:58 +0000 (+0200)
Subject: MINOR: ssl: load issuer from file or from buffer
X-Git-Tag: v2.1-dev3~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f9568fcd79309911d33860c67a622768b877c93b;p=thirdparty%2Fhaproxy.git

MINOR: ssl: load issuer from file or from buffer

ssl_sock_load_issuer_file_into_ckch() is a new function which is able to
load an issuer from a buffer or from a file to a CKCH.

Use this function directly in ssl_sock_load_crt_file_into_ckch()
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index a10a357b2c..af0f7f3265 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2942,6 +2942,51 @@ static int ssl_sock_is_ckch_valid(struct cert_key_and_chain *ckch)
 }
 #endif
 
+/*
+ * return 0 on success or != 0 on failure
+ */
+static int ssl_sock_load_issuer_file_into_ckch(const char *path, char *buf, struct cert_key_and_chain *ckch, char **err)
+{
+	int ret = 1;
+	BIO *in = NULL;
+	X509 *issuer;
+
+	if (buf) {
+		/* reading from a buffer */
+		in = BIO_new_mem_buf(buf, -1);
+		if (in == NULL) {
+			memprintf(err, "%sCan't allocate memory\n", err && *err ? *err : "");
+			goto end;
+		}
+
+	} else {
+		/* reading from a file */
+		in = BIO_new(BIO_s_file());
+		if (in == NULL)
+			goto end;
+
+		if (BIO_read_filename(in, path) <= 0)
+			goto end;
+	}
+
+	issuer = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
+	if (!issuer) {
+		memprintf(err, "%s'%s' cannot be read or parsed'.\n",
+		          *err ? *err : "", path);
+		goto end;
+	}
+	ret = 0;
+	ckch->ocsp_issuer = issuer;
+
+end:
+
+	ERR_clear_error();
+	if (in)
+		BIO_free(in);
+
+	return ret;
+}
+
 /* Loads the contents of a crt file (path) or BIO into a cert_key_and_chain
  * This allows us to carry the contents of the file without having to read the
  * file multiple times.  The caller must call
@@ -3093,17 +3138,7 @@ static int ssl_sock_load_crt_file_into_ckch(const char *path, BIO *buf, struct c
 
 			snprintf(fp, MAXPATHLEN+1, "%s.issuer", path);
 			if (stat(fp, &st) == 0) {
-				if (BIO_read_filename(in, fp) <= 0) {
-					memprintf(err, "%s '%s' is present but cannot be read or parsed'.\n",
-						  *err ? *err : "", fp);
-					ret = 1;
-					goto end;
-				}
-
-				issuer = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
-				if (!issuer) {
-					memprintf(err, "%s '%s' is present but cannot be read or parsed'.\n",
-						  *err ? *err : "", fp);
+				if (ssl_sock_load_issuer_file_into_ckch(fp, NULL, ckch, err)) {
 					ret = 1;
 					goto end;
 				}