Fossil SCM
Minor code formatting changes in http_ssl.c.
Commit
662c83513fcc846d82309b3a9ad176e41eed049f
Parent
2ac7b3e14068391…
1 file changed
+14
-14
+14
-14
| --- src/http_ssl.c | ||
| +++ src/http_ssl.c | ||
| @@ -129,19 +129,19 @@ | ||
| 129 | 129 | ** Return the number of errors. |
| 130 | 130 | */ |
| 131 | 131 | int ssl_open(void){ |
| 132 | 132 | X509 *cert; |
| 133 | 133 | int hasSavedCertificate = 0; |
| 134 | -char *connStr ; | |
| 134 | + char *connStr; | |
| 135 | 135 | ssl_global_init(); |
| 136 | 136 | |
| 137 | 137 | /* If client certificate/key has been set, load them into the SSL context. */ |
| 138 | 138 | ssl_load_client_authfiles(); |
| 139 | 139 | |
| 140 | 140 | /* Get certificate for current server from global config and |
| 141 | - * (if we have it in config) add it to certificate store. | |
| 142 | - */ | |
| 141 | + ** (if we have it in config) add it to certificate store. | |
| 142 | + */ | |
| 143 | 143 | cert = ssl_get_certificate(); |
| 144 | 144 | if ( cert!=NULL ){ |
| 145 | 145 | X509_STORE_add_cert(SSL_CTX_get_cert_store(sslCtx), cert); |
| 146 | 146 | X509_free(cert); |
| 147 | 147 | hasSavedCertificate = 1; |
| @@ -148,14 +148,14 @@ | ||
| 148 | 148 | } |
| 149 | 149 | |
| 150 | 150 | iBio = BIO_new_ssl_connect(sslCtx); |
| 151 | 151 | BIO_get_ssl(iBio, &ssl); |
| 152 | 152 | SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); |
| 153 | - if( iBio==NULL ) { | |
| 153 | + if( iBio==NULL ){ | |
| 154 | 154 | ssl_set_errmsg("SSL: cannot open SSL (%s)", |
| 155 | 155 | ERR_reason_error_string(ERR_get_error())); |
| 156 | - return 1; | |
| 156 | + return 1; | |
| 157 | 157 | } |
| 158 | 158 | |
| 159 | 159 | connStr = mprintf("%s:%d", g.urlName, g.urlPort); |
| 160 | 160 | BIO_set_conn_hostname(iBio, connStr); |
| 161 | 161 | free(connStr); |
| @@ -298,27 +298,26 @@ | ||
| 298 | 298 | ** We only support PEM and don't support password protected keys. |
| 299 | 299 | ** |
| 300 | 300 | ** Always try the environment variables first, and if they aren't set, then |
| 301 | 301 | ** use the global config. |
| 302 | 302 | */ |
| 303 | -void ssl_load_client_authfiles(void) | |
| 304 | -{ | |
| 303 | +void ssl_load_client_authfiles(void){ | |
| 305 | 304 | char *cafile; |
| 306 | 305 | char *capath; |
| 307 | 306 | char *certfile; |
| 308 | 307 | char *keyfile; |
| 309 | 308 | |
| 310 | 309 | cafile = ssl_get_and_set_file_ref("FOSSIL_CAFILE", "cafile"); |
| 311 | 310 | capath = ssl_get_and_set_file_ref("FOSSIL_CAPATH", "capath"); |
| 312 | 311 | |
| 313 | 312 | if( cafile || capath ){ |
| 314 | - /* The OpenSSL documentation warns that if several CA certificates match | |
| 315 | - * the same name, key identifier and serial number conditions, only the | |
| 316 | - * first will be examined. The caveat situation is when one stores an | |
| 317 | - * expired CA certificate among the valid ones. | |
| 318 | - * Simply put: Do not mix expired and valid certificates. | |
| 319 | - */ | |
| 313 | + /* The OpenSSL documentation warns that if several CA certificates match | |
| 314 | + ** the same name, key identifier and serial number conditions, only the | |
| 315 | + ** first will be examined. The caveat situation is when one stores an | |
| 316 | + ** expired CA certificate among the valid ones. | |
| 317 | + ** Simply put: Do not mix expired and valid certificates. | |
| 318 | + */ | |
| 320 | 319 | if( SSL_CTX_load_verify_locations(sslCtx, cafile, capath) == 0){ |
| 321 | 320 | fossil_fatal("SSL: Unable to load CA verification file/path"); |
| 322 | 321 | } |
| 323 | 322 | }else{ |
| 324 | 323 | fossil_warning("SSL: CA file/path missing for certificate verification."); |
| @@ -332,12 +331,13 @@ | ||
| 332 | 331 | } |
| 333 | 332 | |
| 334 | 333 | keyfile = ssl_get_and_set_file_ref("FOSSIL_CKEY", "ckey"); |
| 335 | 334 | |
| 336 | 335 | /* Assume the key is in the certificate file if key file was not specified */ |
| 337 | - if( certfile && !keyfile ) | |
| 336 | + if( certfile && !keyfile ){ | |
| 338 | 337 | keyfile = certfile; |
| 338 | + } | |
| 339 | 339 | |
| 340 | 340 | if( SSL_CTX_use_certificate_file(sslCtx, certfile, SSL_FILETYPE_PEM) <= 0 ){ |
| 341 | 341 | fossil_fatal("SSL: Unable to open client certificate in %s.", certfile); |
| 342 | 342 | } |
| 343 | 343 | if( SSL_CTX_use_PrivateKey_file(sslCtx, keyfile, SSL_FILETYPE_PEM) <= 0 ){ |
| 344 | 344 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -129,19 +129,19 @@ | |
| 129 | ** Return the number of errors. |
| 130 | */ |
| 131 | int ssl_open(void){ |
| 132 | X509 *cert; |
| 133 | int hasSavedCertificate = 0; |
| 134 | char *connStr ; |
| 135 | ssl_global_init(); |
| 136 | |
| 137 | /* If client certificate/key has been set, load them into the SSL context. */ |
| 138 | ssl_load_client_authfiles(); |
| 139 | |
| 140 | /* Get certificate for current server from global config and |
| 141 | * (if we have it in config) add it to certificate store. |
| 142 | */ |
| 143 | cert = ssl_get_certificate(); |
| 144 | if ( cert!=NULL ){ |
| 145 | X509_STORE_add_cert(SSL_CTX_get_cert_store(sslCtx), cert); |
| 146 | X509_free(cert); |
| 147 | hasSavedCertificate = 1; |
| @@ -148,14 +148,14 @@ | |
| 148 | } |
| 149 | |
| 150 | iBio = BIO_new_ssl_connect(sslCtx); |
| 151 | BIO_get_ssl(iBio, &ssl); |
| 152 | SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); |
| 153 | if( iBio==NULL ) { |
| 154 | ssl_set_errmsg("SSL: cannot open SSL (%s)", |
| 155 | ERR_reason_error_string(ERR_get_error())); |
| 156 | return 1; |
| 157 | } |
| 158 | |
| 159 | connStr = mprintf("%s:%d", g.urlName, g.urlPort); |
| 160 | BIO_set_conn_hostname(iBio, connStr); |
| 161 | free(connStr); |
| @@ -298,27 +298,26 @@ | |
| 298 | ** We only support PEM and don't support password protected keys. |
| 299 | ** |
| 300 | ** Always try the environment variables first, and if they aren't set, then |
| 301 | ** use the global config. |
| 302 | */ |
| 303 | void ssl_load_client_authfiles(void) |
| 304 | { |
| 305 | char *cafile; |
| 306 | char *capath; |
| 307 | char *certfile; |
| 308 | char *keyfile; |
| 309 | |
| 310 | cafile = ssl_get_and_set_file_ref("FOSSIL_CAFILE", "cafile"); |
| 311 | capath = ssl_get_and_set_file_ref("FOSSIL_CAPATH", "capath"); |
| 312 | |
| 313 | if( cafile || capath ){ |
| 314 | /* The OpenSSL documentation warns that if several CA certificates match |
| 315 | * the same name, key identifier and serial number conditions, only the |
| 316 | * first will be examined. The caveat situation is when one stores an |
| 317 | * expired CA certificate among the valid ones. |
| 318 | * Simply put: Do not mix expired and valid certificates. |
| 319 | */ |
| 320 | if( SSL_CTX_load_verify_locations(sslCtx, cafile, capath) == 0){ |
| 321 | fossil_fatal("SSL: Unable to load CA verification file/path"); |
| 322 | } |
| 323 | }else{ |
| 324 | fossil_warning("SSL: CA file/path missing for certificate verification."); |
| @@ -332,12 +331,13 @@ | |
| 332 | } |
| 333 | |
| 334 | keyfile = ssl_get_and_set_file_ref("FOSSIL_CKEY", "ckey"); |
| 335 | |
| 336 | /* Assume the key is in the certificate file if key file was not specified */ |
| 337 | if( certfile && !keyfile ) |
| 338 | keyfile = certfile; |
| 339 | |
| 340 | if( SSL_CTX_use_certificate_file(sslCtx, certfile, SSL_FILETYPE_PEM) <= 0 ){ |
| 341 | fossil_fatal("SSL: Unable to open client certificate in %s.", certfile); |
| 342 | } |
| 343 | if( SSL_CTX_use_PrivateKey_file(sslCtx, keyfile, SSL_FILETYPE_PEM) <= 0 ){ |
| 344 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -129,19 +129,19 @@ | |
| 129 | ** Return the number of errors. |
| 130 | */ |
| 131 | int ssl_open(void){ |
| 132 | X509 *cert; |
| 133 | int hasSavedCertificate = 0; |
| 134 | char *connStr; |
| 135 | ssl_global_init(); |
| 136 | |
| 137 | /* If client certificate/key has been set, load them into the SSL context. */ |
| 138 | ssl_load_client_authfiles(); |
| 139 | |
| 140 | /* Get certificate for current server from global config and |
| 141 | ** (if we have it in config) add it to certificate store. |
| 142 | */ |
| 143 | cert = ssl_get_certificate(); |
| 144 | if ( cert!=NULL ){ |
| 145 | X509_STORE_add_cert(SSL_CTX_get_cert_store(sslCtx), cert); |
| 146 | X509_free(cert); |
| 147 | hasSavedCertificate = 1; |
| @@ -148,14 +148,14 @@ | |
| 148 | } |
| 149 | |
| 150 | iBio = BIO_new_ssl_connect(sslCtx); |
| 151 | BIO_get_ssl(iBio, &ssl); |
| 152 | SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); |
| 153 | if( iBio==NULL ){ |
| 154 | ssl_set_errmsg("SSL: cannot open SSL (%s)", |
| 155 | ERR_reason_error_string(ERR_get_error())); |
| 156 | return 1; |
| 157 | } |
| 158 | |
| 159 | connStr = mprintf("%s:%d", g.urlName, g.urlPort); |
| 160 | BIO_set_conn_hostname(iBio, connStr); |
| 161 | free(connStr); |
| @@ -298,27 +298,26 @@ | |
| 298 | ** We only support PEM and don't support password protected keys. |
| 299 | ** |
| 300 | ** Always try the environment variables first, and if they aren't set, then |
| 301 | ** use the global config. |
| 302 | */ |
| 303 | void ssl_load_client_authfiles(void){ |
| 304 | char *cafile; |
| 305 | char *capath; |
| 306 | char *certfile; |
| 307 | char *keyfile; |
| 308 | |
| 309 | cafile = ssl_get_and_set_file_ref("FOSSIL_CAFILE", "cafile"); |
| 310 | capath = ssl_get_and_set_file_ref("FOSSIL_CAPATH", "capath"); |
| 311 | |
| 312 | if( cafile || capath ){ |
| 313 | /* The OpenSSL documentation warns that if several CA certificates match |
| 314 | ** the same name, key identifier and serial number conditions, only the |
| 315 | ** first will be examined. The caveat situation is when one stores an |
| 316 | ** expired CA certificate among the valid ones. |
| 317 | ** Simply put: Do not mix expired and valid certificates. |
| 318 | */ |
| 319 | if( SSL_CTX_load_verify_locations(sslCtx, cafile, capath) == 0){ |
| 320 | fossil_fatal("SSL: Unable to load CA verification file/path"); |
| 321 | } |
| 322 | }else{ |
| 323 | fossil_warning("SSL: CA file/path missing for certificate verification."); |
| @@ -332,12 +331,13 @@ | |
| 331 | } |
| 332 | |
| 333 | keyfile = ssl_get_and_set_file_ref("FOSSIL_CKEY", "ckey"); |
| 334 | |
| 335 | /* Assume the key is in the certificate file if key file was not specified */ |
| 336 | if( certfile && !keyfile ){ |
| 337 | keyfile = certfile; |
| 338 | } |
| 339 | |
| 340 | if( SSL_CTX_use_certificate_file(sslCtx, certfile, SSL_FILETYPE_PEM) <= 0 ){ |
| 341 | fossil_fatal("SSL: Unable to open client certificate in %s.", certfile); |
| 342 | } |
| 343 | if( SSL_CTX_use_PrivateKey_file(sslCtx, keyfile, SSL_FILETYPE_PEM) <= 0 ){ |
| 344 |