From 3fba8ddfa720f5238a1e77e58b2715118f6312c2 Mon Sep 17 00:00:00 2001 From: Art Cancro Date: Wed, 21 Apr 2004 02:25:13 +0000 Subject: [PATCH] * Replaced ctdl_install_certificate() with convenience functions found in the OpenSSL library. --- webcit/ChangeLog | 5 +++++ webcit/crypto.c | 46 ++++------------------------------------------ 2 files changed, 9 insertions(+), 42 deletions(-) diff --git a/webcit/ChangeLog b/webcit/ChangeLog index 3f4ee179c..77baa8633 100644 --- a/webcit/ChangeLog +++ b/webcit/ChangeLog @@ -1,4 +1,8 @@ $Log$ +Revision 506.9 2004/04/21 02:25:13 ajc +* Replaced ctdl_install_certificate() with convenience functions found + in the OpenSSL library. + Revision 506.8 2004/04/21 02:19:41 ajc * Got HTTPS to work with Mozilla (by twiddling stuff that I still don't understand, but read at http://www.informit.com/articles/article.asp?p=22078 @@ -1786,3 +1790,4 @@ Sun Dec 6 19:50:55 EST 1998 Art Cancro 1998-12-03 Nathan Bryant * webserver.c: warning fix + diff --git a/webcit/crypto.c b/webcit/crypto.c index 66b21cf20..85bcb3b10 100644 --- a/webcit/crypto.c +++ b/webcit/crypto.c @@ -36,43 +36,6 @@ static unsigned long id_callback(void) return (unsigned long) pthread_self(); } - /* - * Set up the cert things on the server side. We do need both the - * private key (in key_file) and the cert (in cert_file). - * Both files may be identical. - * - * This function is taken from OpenSSL apps/s_cb.c - */ - -static int ctdl_install_certificate(SSL_CTX * ctx, - const char *cert_file, const char *key_file) -{ - if (cert_file != NULL) { - if (SSL_CTX_use_certificate_file(ctx, cert_file, - SSL_FILETYPE_PEM) <= 0) { - lprintf(3, "unable to get certificate from '%s'", - cert_file); - return (0); - } - if (key_file == NULL) - key_file = cert_file; - if (SSL_CTX_use_PrivateKey_file(ctx, key_file, - SSL_FILETYPE_PEM) <= 0) { - lprintf(3, "unable to get private key from '%s'", - key_file); - return (0); - } - /* Now we know that a key and cert have been set against - * the SSL context */ - if (!SSL_CTX_check_private_key(ctx)) { - lprintf(3, - "Private key does not match the certificate public key"); - return (0); - } - } - return (1); -} - void init_ssl(void) { @@ -347,14 +310,13 @@ void init_ssl(void) /* * Now try to bind to the key and certificate. */ - if (ctdl_install_certificate(ssl_ctx, - CTDL_CER_PATH, - CTDL_KEY_PATH) != 1) - { + SSL_CTX_use_certificate_file(ssl_ctx, CTDL_CER_PATH, SSL_FILETYPE_PEM); + SSL_CTX_use_PrivateKey_file(ssl_ctx, CTDL_KEY_PATH, SSL_FILETYPE_PEM); + if ( !SSL_CTX_check_private_key(ssl_ctx) ) { lprintf(3, "Cannot install certificate: %s\n", ERR_reason_error_string(ERR_get_error())); } - + } -- 2.30.2