Fossil SCM
Undid the changes from src/http_ssl.c [b591622016] being moved to a branch. Not noticed for far too long.
Commit
9b8bbd048db04a8208235ae73b30831c0a8c757f988cbacb43068e5a606a8747
Parent
623c74d3a52acae…
1 file changed
+2
-40
+2
-40
| --- src/http_ssl.c | ||
| +++ src/http_ssl.c | ||
| @@ -247,11 +247,11 @@ | ||
| 247 | 247 | |
| 248 | 248 | /* |
| 249 | 249 | ** Call this routine once before any other use of the SSL interface. |
| 250 | 250 | ** This routine does initial configuration of the SSL module. |
| 251 | 251 | */ |
| 252 | -static void ssl_global_init_client(int bDebug){ | |
| 252 | +static void ssl_global_init_client(void){ | |
| 253 | 253 | const char *identityFile; |
| 254 | 254 | |
| 255 | 255 | if( sslIsInit==0 ){ |
| 256 | 256 | const char *zFile; |
| 257 | 257 | const char *zCaFile = 0; |
| @@ -301,30 +301,10 @@ | ||
| 301 | 301 | zCaFile = zFile; |
| 302 | 302 | zCaDirectory = 0; |
| 303 | 303 | break; |
| 304 | 304 | } |
| 305 | 305 | } |
| 306 | - if( zFile ) break; | |
| 307 | - } | |
| 308 | - if( bDebug ){ | |
| 309 | - fossil_print("case-0: X509_get_default_cert_file_env = %s\n", | |
| 310 | - X509_get_default_cert_file_env()); | |
| 311 | - fossil_print("case-1: X509_get_default_cert_dir_env = %s\n", | |
| 312 | - X509_get_default_cert_dir_env()); | |
| 313 | - fossil_print("case-2: ssl-ca-location = %s\n", | |
| 314 | - g.repositoryOpen ? db_get("ssl-ca-location","(none)") : "(none)"); | |
| 315 | - fossil_print("case-3: X509_get_default_cert_file = %s\n", | |
| 316 | - X509_get_default_cert_file()); | |
| 317 | - fossil_print("case-4: X509_get_default_cert_dir = %s\n", | |
| 318 | - X509_get_default_cert_dir()); | |
| 319 | - if( i>=5 ){ | |
| 320 | - fossil_print("No trust store found.\n"); | |
| 321 | - }else{ | |
| 322 | - fossil_print("case-used = %d\n" | |
| 323 | - "zCaFile = %s\n" | |
| 324 | - "zCaDirectory = %s\n", i, zCaFile, zCaDirectory); | |
| 325 | - } | |
| 326 | 306 | } |
| 327 | 307 | if( zFile==0 ){ |
| 328 | 308 | /* fossil_fatal("Cannot find a trust store"); */ |
| 329 | 309 | }else if( SSL_CTX_load_verify_locations(sslCtx, zCaFile, zCaDirectory)==0 ){ |
| 330 | 310 | fossil_fatal("Cannot load CA root certificates from %s", zFile); |
| @@ -353,22 +333,15 @@ | ||
| 353 | 333 | identityFile = g.zSSLIdentity; |
| 354 | 334 | }else{ |
| 355 | 335 | identityFile = db_get("ssl-identity", 0); |
| 356 | 336 | } |
| 357 | 337 | if( identityFile!=0 && identityFile[0]!='\0' ){ |
| 358 | - if( bDebug ){ | |
| 359 | - fossil_print("identifyFile = %s\n", identityFile); | |
| 360 | - } | |
| 361 | 338 | if( SSL_CTX_use_certificate_chain_file(sslCtx,identityFile)!=1 |
| 362 | 339 | || SSL_CTX_use_PrivateKey_file(sslCtx,identityFile,SSL_FILETYPE_PEM)!=1 |
| 363 | 340 | ){ |
| 364 | 341 | fossil_fatal("Could not load SSL identity from %s", identityFile); |
| 365 | 342 | } |
| 366 | - }else{ | |
| 367 | - if( bDebug ){ | |
| 368 | - fossil_print("No identify file found.\n"); | |
| 369 | - } | |
| 370 | 343 | } |
| 371 | 344 | /* Register a callback to tell the user what to do when the server asks |
| 372 | 345 | ** for a cert */ |
| 373 | 346 | SSL_CTX_set_client_cert_cb(sslCtx, ssl_client_cert_callback); |
| 374 | 347 | |
| @@ -386,21 +359,10 @@ | ||
| 386 | 359 | SSL_CTX_free(sslCtx); |
| 387 | 360 | ssl_clear_errmsg(); |
| 388 | 361 | sslIsInit = 0; |
| 389 | 362 | } |
| 390 | 363 | } |
| 391 | - | |
| 392 | -/* | |
| 393 | -** COMMAND: test-trust-store | |
| 394 | -** | |
| 395 | -** Show the trust store that is used by OpenSSL. | |
| 396 | -*/ | |
| 397 | -void test_openssl_trust_store(void){ | |
| 398 | - ssl_global_init_client(1); | |
| 399 | - ssl_global_shutdown(); | |
| 400 | -} | |
| 401 | - | |
| 402 | 364 | |
| 403 | 365 | /* |
| 404 | 366 | ** Close the currently open client SSL connection. If no connection is open, |
| 405 | 367 | ** this routine is a no-op. |
| 406 | 368 | */ |
| @@ -484,11 +446,11 @@ | ||
| 484 | 446 | */ |
| 485 | 447 | int ssl_open_client(UrlData *pUrlData){ |
| 486 | 448 | X509 *cert; |
| 487 | 449 | const char *zRemoteHost; |
| 488 | 450 | |
| 489 | - ssl_global_init_client(0); | |
| 451 | + ssl_global_init_client(); | |
| 490 | 452 | if( pUrlData->useProxy ){ |
| 491 | 453 | int rc; |
| 492 | 454 | char *connStr = mprintf("%s:%d", g.url.name, pUrlData->port); |
| 493 | 455 | BIO *sBio = BIO_new_connect(connStr); |
| 494 | 456 | free(connStr); |
| 495 | 457 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -247,11 +247,11 @@ | |
| 247 | |
| 248 | /* |
| 249 | ** Call this routine once before any other use of the SSL interface. |
| 250 | ** This routine does initial configuration of the SSL module. |
| 251 | */ |
| 252 | static void ssl_global_init_client(int bDebug){ |
| 253 | const char *identityFile; |
| 254 | |
| 255 | if( sslIsInit==0 ){ |
| 256 | const char *zFile; |
| 257 | const char *zCaFile = 0; |
| @@ -301,30 +301,10 @@ | |
| 301 | zCaFile = zFile; |
| 302 | zCaDirectory = 0; |
| 303 | break; |
| 304 | } |
| 305 | } |
| 306 | if( zFile ) break; |
| 307 | } |
| 308 | if( bDebug ){ |
| 309 | fossil_print("case-0: X509_get_default_cert_file_env = %s\n", |
| 310 | X509_get_default_cert_file_env()); |
| 311 | fossil_print("case-1: X509_get_default_cert_dir_env = %s\n", |
| 312 | X509_get_default_cert_dir_env()); |
| 313 | fossil_print("case-2: ssl-ca-location = %s\n", |
| 314 | g.repositoryOpen ? db_get("ssl-ca-location","(none)") : "(none)"); |
| 315 | fossil_print("case-3: X509_get_default_cert_file = %s\n", |
| 316 | X509_get_default_cert_file()); |
| 317 | fossil_print("case-4: X509_get_default_cert_dir = %s\n", |
| 318 | X509_get_default_cert_dir()); |
| 319 | if( i>=5 ){ |
| 320 | fossil_print("No trust store found.\n"); |
| 321 | }else{ |
| 322 | fossil_print("case-used = %d\n" |
| 323 | "zCaFile = %s\n" |
| 324 | "zCaDirectory = %s\n", i, zCaFile, zCaDirectory); |
| 325 | } |
| 326 | } |
| 327 | if( zFile==0 ){ |
| 328 | /* fossil_fatal("Cannot find a trust store"); */ |
| 329 | }else if( SSL_CTX_load_verify_locations(sslCtx, zCaFile, zCaDirectory)==0 ){ |
| 330 | fossil_fatal("Cannot load CA root certificates from %s", zFile); |
| @@ -353,22 +333,15 @@ | |
| 353 | identityFile = g.zSSLIdentity; |
| 354 | }else{ |
| 355 | identityFile = db_get("ssl-identity", 0); |
| 356 | } |
| 357 | if( identityFile!=0 && identityFile[0]!='\0' ){ |
| 358 | if( bDebug ){ |
| 359 | fossil_print("identifyFile = %s\n", identityFile); |
| 360 | } |
| 361 | if( SSL_CTX_use_certificate_chain_file(sslCtx,identityFile)!=1 |
| 362 | || SSL_CTX_use_PrivateKey_file(sslCtx,identityFile,SSL_FILETYPE_PEM)!=1 |
| 363 | ){ |
| 364 | fossil_fatal("Could not load SSL identity from %s", identityFile); |
| 365 | } |
| 366 | }else{ |
| 367 | if( bDebug ){ |
| 368 | fossil_print("No identify file found.\n"); |
| 369 | } |
| 370 | } |
| 371 | /* Register a callback to tell the user what to do when the server asks |
| 372 | ** for a cert */ |
| 373 | SSL_CTX_set_client_cert_cb(sslCtx, ssl_client_cert_callback); |
| 374 | |
| @@ -386,21 +359,10 @@ | |
| 386 | SSL_CTX_free(sslCtx); |
| 387 | ssl_clear_errmsg(); |
| 388 | sslIsInit = 0; |
| 389 | } |
| 390 | } |
| 391 | |
| 392 | /* |
| 393 | ** COMMAND: test-trust-store |
| 394 | ** |
| 395 | ** Show the trust store that is used by OpenSSL. |
| 396 | */ |
| 397 | void test_openssl_trust_store(void){ |
| 398 | ssl_global_init_client(1); |
| 399 | ssl_global_shutdown(); |
| 400 | } |
| 401 | |
| 402 | |
| 403 | /* |
| 404 | ** Close the currently open client SSL connection. If no connection is open, |
| 405 | ** this routine is a no-op. |
| 406 | */ |
| @@ -484,11 +446,11 @@ | |
| 484 | */ |
| 485 | int ssl_open_client(UrlData *pUrlData){ |
| 486 | X509 *cert; |
| 487 | const char *zRemoteHost; |
| 488 | |
| 489 | ssl_global_init_client(0); |
| 490 | if( pUrlData->useProxy ){ |
| 491 | int rc; |
| 492 | char *connStr = mprintf("%s:%d", g.url.name, pUrlData->port); |
| 493 | BIO *sBio = BIO_new_connect(connStr); |
| 494 | free(connStr); |
| 495 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -247,11 +247,11 @@ | |
| 247 | |
| 248 | /* |
| 249 | ** Call this routine once before any other use of the SSL interface. |
| 250 | ** This routine does initial configuration of the SSL module. |
| 251 | */ |
| 252 | static void ssl_global_init_client(void){ |
| 253 | const char *identityFile; |
| 254 | |
| 255 | if( sslIsInit==0 ){ |
| 256 | const char *zFile; |
| 257 | const char *zCaFile = 0; |
| @@ -301,30 +301,10 @@ | |
| 301 | zCaFile = zFile; |
| 302 | zCaDirectory = 0; |
| 303 | break; |
| 304 | } |
| 305 | } |
| 306 | } |
| 307 | if( zFile==0 ){ |
| 308 | /* fossil_fatal("Cannot find a trust store"); */ |
| 309 | }else if( SSL_CTX_load_verify_locations(sslCtx, zCaFile, zCaDirectory)==0 ){ |
| 310 | fossil_fatal("Cannot load CA root certificates from %s", zFile); |
| @@ -353,22 +333,15 @@ | |
| 333 | identityFile = g.zSSLIdentity; |
| 334 | }else{ |
| 335 | identityFile = db_get("ssl-identity", 0); |
| 336 | } |
| 337 | if( identityFile!=0 && identityFile[0]!='\0' ){ |
| 338 | if( SSL_CTX_use_certificate_chain_file(sslCtx,identityFile)!=1 |
| 339 | || SSL_CTX_use_PrivateKey_file(sslCtx,identityFile,SSL_FILETYPE_PEM)!=1 |
| 340 | ){ |
| 341 | fossil_fatal("Could not load SSL identity from %s", identityFile); |
| 342 | } |
| 343 | } |
| 344 | /* Register a callback to tell the user what to do when the server asks |
| 345 | ** for a cert */ |
| 346 | SSL_CTX_set_client_cert_cb(sslCtx, ssl_client_cert_callback); |
| 347 | |
| @@ -386,21 +359,10 @@ | |
| 359 | SSL_CTX_free(sslCtx); |
| 360 | ssl_clear_errmsg(); |
| 361 | sslIsInit = 0; |
| 362 | } |
| 363 | } |
| 364 | |
| 365 | /* |
| 366 | ** Close the currently open client SSL connection. If no connection is open, |
| 367 | ** this routine is a no-op. |
| 368 | */ |
| @@ -484,11 +446,11 @@ | |
| 446 | */ |
| 447 | int ssl_open_client(UrlData *pUrlData){ |
| 448 | X509 *cert; |
| 449 | const char *zRemoteHost; |
| 450 | |
| 451 | ssl_global_init_client(); |
| 452 | if( pUrlData->useProxy ){ |
| 453 | int rc; |
| 454 | char *connStr = mprintf("%s:%d", g.url.name, pUrlData->port); |
| 455 | BIO *sBio = BIO_new_connect(connStr); |
| 456 | free(connStr); |
| 457 |