Check-in [ef0be0d731]
Overview
Comment:Do not expose implementation details in user interface
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | mjanssen-asn1-certs
Files: files | file ages | folders
SHA3-256: ef0be0d731e19a6183250f24b550c4552cd2f0002db14de63190544aeee3778c
User & Date: mjanssen on 2019-06-17 14:27:39
Other Links: branch diff | manifest | tags
Context
2019-06-17
18:08
Align code with option names check-in: 4945b7588e user: mjanssen tags: mjanssen-asn1-certs
14:27
Do not expose implementation details in user interface check-in: ef0be0d731 user: mjanssen tags: mjanssen-asn1-certs
12:05
Add support for ASN1 blobs for certificates and keys check-in: 49278969f2 user: mjanssen tags: mjanssen-asn1-certs
Changes
Modified tls.c from [8332b7761d] to [d8dd86370e].
816
817
818
819
820
821
822
823
824
825


826
827

828
829
830
831
832
833
834
816
817
818
819
820
821
822



823
824
825

826
827
828
829
830
831
832
833







-
-
-
+
+

-
+








	OPTBOOL( "-ssl2", ssl2);
	OPTBOOL( "-ssl3", ssl3);
	OPTBOOL( "-tls1", tls1);
	OPTBOOL( "-tls1.1", tls1_1);
	OPTBOOL( "-tls1.2", tls1_2);
	OPTBOOL( "-tls1.3", tls1_3);

  OPTBYTE("-certasn1", cert_asn1, cert_asn1_len);
  OPTBYTE("-keyasn1", key_asn1, key_asn1_len);
  OPTBYTE("-cert", cert_asn1, cert_asn1_len);
  OPTBYTE("-key", key_asn1, key_asn1_len);

	OPTBAD( "option", "-cadir, -cafile, -certasn1, -certfile, -cipher, -command, -dhparams, -keyasn1, -keyfile, -model, -password, -require, -request, -server, -servername, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, or tls1.3");
	OPTBAD( "option", "-cadir, -cafile, -cert, -certfile, -cipher, -command, -dhparams, -key, -keyfile, -model, -password, -require, -request, -server, -servername, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, or tls1.3");

	return TCL_ERROR;
    }
    if (request)	    verify |= SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_PEER;
    if (request && require) verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
    if (verify == 0)	verify = SSL_VERIFY_NONE;

1304
1305
1306
1307
1308
1309
1310
1311

1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325

1326
1327
1328
1329
1330
1331
1332
1303
1304
1305
1306
1307
1308
1309

1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323

1324
1325
1326
1327
1328
1329
1330
1331







-
+













-
+







	    SSL_CTX_free(ctx);
	    return (SSL_CTX *)0;
	}
    } else if (cert_asn1 != NULL) {
	if (SSL_CTX_use_certificate_ASN1(ctx, cert_asn1_len, cert_asn1) <= 0) {
	    Tcl_DStringFree(&ds);
	    Tcl_AppendResult(interp,
			     "unable to set certificate from ASN1: ",
			     "unable to set certificate: ",
			     REASON(), (char *) NULL);
	    SSL_CTX_free(ctx);
	    return (SSL_CTX *)0;
	}
	if (key_asn1 == NULL) {
    key_asn1=cert_asn1;
    key_asn1_len = cert_asn1_len;
  }
	if (SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, ctx, key_asn1,key_asn1_len) <= 0) {
	    Tcl_DStringFree(&ds);
	    /* flush the passphrase which might be left in the result */
	    Tcl_SetResult(interp, NULL, TCL_STATIC);
	    Tcl_AppendResult(interp,
			     "unable to set public key from ASN1: ",
			     "unable to set public key: ",
			     REASON(), (char *) NULL);
	    SSL_CTX_free(ctx);
	    return (SSL_CTX *)0;
	}
    } else {
	cert = (char*)X509_get_default_cert_file();