alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

components/openssl: add cert and pkey extra object point

Browse Source 
the point is pointed to its father's object and should not free
just set NULL if not use
This commit is contained in:
Dong Heng 2016-09-23 18:47:09 +08:00
parent d2bc170b86
commit e1c4a4bfa3
2 changed files with 38 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
components/openssl/library/ssl_lib.c
View File

@ -246,24 +246,34 @@ SSL *SSL_new(SSL_CTX *ctx)
if (!ssl->session) if (!ssl->session)
SSL_RET(failed2, "ssl_zalloc\n"); SSL_RET(failed2, "ssl_zalloc\n");
ssl->cert = ssl_cert_new();
if (!ssl->cert)
SSL_RET(failed3, "ssl_cert_new\n");
ssl->client_CA = X509_new();
if (!ssl->client_CA)
SSL_RET(failed4, "ssl_cert_new\n");
ssl->ctx = ctx; ssl->ctx = ctx;
ssl->method = ctx->method; ssl->method = ctx->method;
ssl->version = ctx->version; ssl->version = ctx->version;
ssl->options = ctx->options; ssl->options = ctx->options;
ssl->cert = ctx->cert;
ssl->client_CA = ctx->client_CA;
ssl->verify_mode = ctx->verify_mode; ssl->verify_mode = ctx->verify_mode;
ret = SSL_METHOD_CALL(new, ssl); ret = SSL_METHOD_CALL(new, ssl);
if (ret) if (ret)
SSL_RET(failed3, "ssl_new\n"); SSL_RET(failed5, "ssl_new\n");
ssl->rwstate = SSL_NOTHING; ssl->rwstate = SSL_NOTHING;
return ssl; return ssl;
failed5:
X509_free(ssl->client_CA);
failed4:
ssl_cert_free(ssl->cert);
failed3: failed3:
SSL_SESSION_free(ssl->session); SSL_SESSION_free(ssl->session);
failed2: failed2:
@ -281,14 +291,12 @@ void SSL_free(SSL *ssl)
SSL_METHOD_CALL(free, ssl); SSL_METHOD_CALL(free, ssl);
SSL_SESSION_free(ssl->session);
if (ssl->ca_reload)
X509_free(ssl->client_CA); X509_free(ssl->client_CA);
if (ssl->crt_reload)
ssl_cert_free(ssl->cert); ssl_cert_free(ssl->cert);
SSL_SESSION_free(ssl->session);
ssl_free(ssl); ssl_free(ssl);
} }

21
components/openssl/platform/ssl_pm.c
View File

@ -78,6 +78,14 @@ int ssl_pm_new(SSL *ssl)
const SSL_METHOD *method = ssl->method; const SSL_METHOD *method = ssl->method;
struct x509_pm *ctx_ca = (struct x509_pm *)ssl->ctx->client_CA->x509_pm;
struct x509_pm *ctx_crt = (struct x509_pm *)ssl->ctx->cert->x509->x509_pm;
struct pkey_pm *ctx_pkey = (struct pkey_pm *)ssl->ctx->cert->pkey->pkey_pm;
struct x509_pm *ssl_ca = (struct x509_pm *)ssl->client_CA->x509_pm;
struct x509_pm *ssl_crt = (struct x509_pm *)ssl->cert->x509->x509_pm;
struct pkey_pm *ssl_pkey = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
ssl_pm = ssl_zalloc(sizeof(struct ssl_pm)); ssl_pm = ssl_zalloc(sizeof(struct ssl_pm));
if (!ssl_pm) if (!ssl_pm)
SSL_ERR(ret, failed1, "ssl_zalloc\n"); SSL_ERR(ret, failed1, "ssl_zalloc\n");
@ -126,6 +134,10 @@ int ssl_pm_new(SSL *ssl)
ssl->ssl_pm = ssl_pm; ssl->ssl_pm = ssl_pm;
ssl_ca->ex_crt = ctx_ca->x509_crt;
ssl_crt->ex_crt = ctx_crt->x509_crt;
ssl_pkey->ex_pkey = ctx_pkey->pkey;
return 0; return 0;
failed3: failed3:
@ -179,13 +191,20 @@ static int ssl_pm_reload_crt(SSL *ssl)
if (ca_pm->x509_crt) { if (ca_pm->x509_crt) {
mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL); mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL);
} else if (ca_pm->ex_crt) {
mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL);
} }
if (crt_pm->x509_crt && pkey_pm->pkey) { if (crt_pm->x509_crt && pkey_pm->pkey) {
ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->x509_crt, pkey_pm->pkey); ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->x509_crt, pkey_pm->pkey);
} else if (crt_pm->ex_crt && pkey_pm->ex_pkey) {
ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->ex_crt, pkey_pm->ex_pkey);
} else {
ret = 0;
}
if (ret) if (ret)
return -1; return -1;
}
return 0; return 0;
} }