struct connectdata *conn = data->conn;
struct Curl_cfilter *cf = conn->cfilter[sockindex];
struct ossl_ctx *octx = NULL;
+ CURLcode result = CURLE_OK;
do {
const struct Curl_cftype *cft = cf->cft;
}
cert = SSL_get1_peer_certificate(octx->ssl);
- if(!cert) {
+ if(!cert)
/* No server certificate, don't do channel binding */
return CURLE_OK;
- }
if(!OBJ_find_sigid_algs(X509_get_signature_nid(cert), &algo_nid, NULL)) {
failf(data,
"Unable to find digest NID for certificate signature algorithm");
- return CURLE_SSL_INVALIDCERTSTATUS;
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto error;
}
/* https://datatracker.ietf.org/doc/html/rfc5929#section-4.1 */
algo_name = OBJ_nid2sn(algo_nid);
failf(data, "Could not find digest algorithm %s (NID %d)",
algo_name ? algo_name : "(null)", algo_nid);
- return CURLE_SSL_INVALIDCERTSTATUS;
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto error;
}
}
if(!X509_digest(cert, algo_type, buf, &length)) {
failf(data, "X509_digest() failed");
- return CURLE_SSL_INVALIDCERTSTATUS;
+ result = CURLE_SSL_INVALIDCERTSTATUS;
+ goto error;
}
/* Append "tls-server-end-point:" */
- if(curlx_dyn_addn(binding, prefix, sizeof(prefix) - 1) != CURLE_OK)
- return CURLE_OUT_OF_MEMORY;
+ result = curlx_dyn_addn(binding, prefix, sizeof(prefix) - 1);
+ if(result)
+ goto error;
+
/* Append digest */
- if(curlx_dyn_addn(binding, buf, length))
- return CURLE_OUT_OF_MEMORY;
+ result = curlx_dyn_addn(binding, buf, length);
- return CURLE_OK;
+error:
+ X509_free(cert);
+ return result;
#else
/* No X509_get_signature_nid support */
(void)data;
projects / thirdparty / curl.git / commitdiff
