From e1c4a4bfa3e9a929c42e40238878c1bce83db76a Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Fri, 23 Sep 2016 18:47:09 +0800 Subject: [PATCH] components/openssl: add cert and pkey extra object point the point is pointed to its father's object and should not free just set NULL if not use --- components/openssl/library/ssl_lib.c | 26 +++++++++++++++++--------- components/openssl/platform/ssl_pm.c | 23 +++++++++++++++++++++-- 2 files changed, 38 insertions(+), 11 deletions(-) diff --git a/components/openssl/library/ssl_lib.c b/components/openssl/library/ssl_lib.c index ded30a33ac..06bbe270c5 100644 --- a/components/openssl/library/ssl_lib.c +++ b/components/openssl/library/ssl_lib.c @@ -246,24 +246,34 @@ SSL *SSL_new(SSL_CTX *ctx) if (!ssl->session) SSL_RET(failed2, "ssl_zalloc\n"); + ssl->cert = ssl_cert_new(); + if (!ssl->cert) + SSL_RET(failed3, "ssl_cert_new\n"); + + ssl->client_CA = X509_new(); + if (!ssl->client_CA) + SSL_RET(failed4, "ssl_cert_new\n"); + ssl->ctx = ctx; ssl->method = ctx->method; ssl->version = ctx->version; ssl->options = ctx->options; - ssl->cert = ctx->cert; - ssl->client_CA = ctx->client_CA; ssl->verify_mode = ctx->verify_mode; ret = SSL_METHOD_CALL(new, ssl); if (ret) - SSL_RET(failed3, "ssl_new\n"); + SSL_RET(failed5, "ssl_new\n"); ssl->rwstate = SSL_NOTHING; return ssl; +failed5: + X509_free(ssl->client_CA); +failed4: + ssl_cert_free(ssl->cert); failed3: SSL_SESSION_free(ssl->session); failed2: @@ -281,14 +291,12 @@ void SSL_free(SSL *ssl) SSL_METHOD_CALL(free, ssl); + X509_free(ssl->client_CA); + + ssl_cert_free(ssl->cert); + SSL_SESSION_free(ssl->session); - if (ssl->ca_reload) - X509_free(ssl->client_CA); - - if (ssl->crt_reload) - ssl_cert_free(ssl->cert); - ssl_free(ssl); } diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c index 0cf8f6c0a9..311c3a4b6f 100644 --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -78,6 +78,14 @@ int ssl_pm_new(SSL *ssl) const SSL_METHOD *method = ssl->method; + struct x509_pm *ctx_ca = (struct x509_pm *)ssl->ctx->client_CA->x509_pm; + struct x509_pm *ctx_crt = (struct x509_pm *)ssl->ctx->cert->x509->x509_pm; + struct pkey_pm *ctx_pkey = (struct pkey_pm *)ssl->ctx->cert->pkey->pkey_pm; + + struct x509_pm *ssl_ca = (struct x509_pm *)ssl->client_CA->x509_pm; + struct x509_pm *ssl_crt = (struct x509_pm *)ssl->cert->x509->x509_pm; + struct pkey_pm *ssl_pkey = (struct pkey_pm *)ssl->cert->pkey->pkey_pm; + ssl_pm = ssl_zalloc(sizeof(struct ssl_pm)); if (!ssl_pm) SSL_ERR(ret, failed1, "ssl_zalloc\n"); @@ -126,6 +134,10 @@ int ssl_pm_new(SSL *ssl) ssl->ssl_pm = ssl_pm; + ssl_ca->ex_crt = ctx_ca->x509_crt; + ssl_crt->ex_crt = ctx_crt->x509_crt; + ssl_pkey->ex_pkey = ctx_pkey->pkey; + return 0; failed3: @@ -179,14 +191,21 @@ static int ssl_pm_reload_crt(SSL *ssl) if (ca_pm->x509_crt) { mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL); + } else if (ca_pm->ex_crt) { + mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL); } if (crt_pm->x509_crt && pkey_pm->pkey) { ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->x509_crt, pkey_pm->pkey); - if (ret) - return -1; + } else if (crt_pm->ex_crt && pkey_pm->ex_pkey) { + ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->ex_crt, pkey_pm->ex_pkey); + } else { + ret = 0; } + if (ret) + return -1; + return 0; }