components/openssl: add cert and pkey extra object point

the point is pointed to its father's object and should not free just set NULL if not use
2024-10-05 20:47:46 -04:00 · 2016-09-23 18:47:09 +08:00 · 2016-09-23 18:47:09 +08:00 · e1c4a4bfa3
commit e1c4a4bfa3
parent d2bc170b86
2 changed files with 38 additions and 11 deletions
--- a/components/openssl/library/ssl_lib.c
+++ b/components/openssl/library/ssl_lib.c
@ -246,24 +246,34 @@ SSL *SSL_new(SSL_CTX *ctx)
    if (!ssl->session)
        SSL_RET(failed2, "ssl_zalloc\n");

+    ssl->cert = ssl_cert_new();
+    if (!ssl->cert)
+        SSL_RET(failed3, "ssl_cert_new\n");
+
+    ssl->client_CA = X509_new();
+    if (!ssl->client_CA)
+        SSL_RET(failed4, "ssl_cert_new\n");
+
    ssl->ctx = ctx;
    ssl->method = ctx->method;

    ssl->version = ctx->version;
    ssl->options = ctx->options;

-    ssl->cert = ctx->cert;
-    ssl->client_CA = ctx->client_CA;
    ssl->verify_mode = ctx->verify_mode;

    ret = SSL_METHOD_CALL(new, ssl);
    if (ret)
-        SSL_RET(failed3, "ssl_new\n");
+        SSL_RET(failed5, "ssl_new\n");

    ssl->rwstate = SSL_NOTHING;

    return ssl;

+failed5:
+    X509_free(ssl->client_CA);
+failed4:
+    ssl_cert_free(ssl->cert);
 failed3:
    SSL_SESSION_free(ssl->session);
 failed2:
@ -281,14 +291,12 @@ void SSL_free(SSL *ssl)

    SSL_METHOD_CALL(free, ssl);

+    X509_free(ssl->client_CA);
+
+    ssl_cert_free(ssl->cert);
+
    SSL_SESSION_free(ssl->session);

-    if (ssl->ca_reload)
-        X509_free(ssl->client_CA);
-
-    if (ssl->crt_reload)
-        ssl_cert_free(ssl->cert);
-
    ssl_free(ssl);
 }

--- a/components/openssl/platform/ssl_pm.c
+++ b/components/openssl/platform/ssl_pm.c
@ -78,6 +78,14 @@ int ssl_pm_new(SSL *ssl)

    const SSL_METHOD *method = ssl->method;

+    struct x509_pm *ctx_ca = (struct x509_pm *)ssl->ctx->client_CA->x509_pm;
+    struct x509_pm *ctx_crt = (struct x509_pm *)ssl->ctx->cert->x509->x509_pm;
+    struct pkey_pm *ctx_pkey = (struct pkey_pm *)ssl->ctx->cert->pkey->pkey_pm;
+
+    struct x509_pm *ssl_ca = (struct x509_pm *)ssl->client_CA->x509_pm;
+    struct x509_pm *ssl_crt = (struct x509_pm *)ssl->cert->x509->x509_pm;
+    struct pkey_pm *ssl_pkey = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
+
    ssl_pm = ssl_zalloc(sizeof(struct ssl_pm));
    if (!ssl_pm)
        SSL_ERR(ret, failed1, "ssl_zalloc\n");
@ -126,6 +134,10 @@ int ssl_pm_new(SSL *ssl)

    ssl->ssl_pm = ssl_pm;

+    ssl_ca->ex_crt = ctx_ca->x509_crt;
+    ssl_crt->ex_crt = ctx_crt->x509_crt;
+    ssl_pkey->ex_pkey = ctx_pkey->pkey;
+
    return 0;

 failed3:
@ -179,14 +191,21 @@ static int ssl_pm_reload_crt(SSL *ssl)

    if (ca_pm->x509_crt) {
        mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL);
+    } else if (ca_pm->ex_crt) {
+        mbedtls_ssl_conf_ca_chain(&ssl_pm->conf, ca_pm->x509_crt, NULL);
    }

    if (crt_pm->x509_crt && pkey_pm->pkey) {
        ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->x509_crt, pkey_pm->pkey);
-        if (ret)
-            return -1;
+    } else if (crt_pm->ex_crt && pkey_pm->ex_pkey) {
+        ret = mbedtls_ssl_conf_own_cert(&ssl_pm->conf, crt_pm->ex_crt, pkey_pm->ex_pkey);
+    } else {
+        ret = 0;
    }

+    if (ret)
+        return -1;
+
    return 0;
 }