diff options
| author | Vladislav Grishenko <themiron@mail.ru> | 2017-12-05 16:20:58 +0500 |
|---|---|---|
| committer | Vladislav Grishenko <themiron@mail.ru> | 2017-12-30 22:49:43 +0500 |
| commit | 384c2453e399226bf09f3846d5f9940868edaed9 (patch) | |
| tree | 24b2386c30a6ee3b98ac8127558d8c0526e21170 | |
| parent | 5846bfc1b2f0154aed398661b30a42441954a841 (diff) | |
| download | accel-ppp-384c2453e399226bf09f3846d5f9940868edaed9.tar.gz accel-ppp-384c2453e399226bf09f3846d5f9940868edaed9.zip | |
sstp: rework certificate load, fix build issue with some openssl version
| -rw-r--r-- | accel-pppd/ctrl/sstp/sstp.c | 65 |
1 files changed, 25 insertions, 40 deletions
diff --git a/accel-pppd/ctrl/sstp/sstp.c b/accel-pppd/ctrl/sstp/sstp.c index fa96a91e..b6aa70e0 100644 --- a/accel-pppd/ctrl/sstp/sstp.c +++ b/accel-pppd/ctrl/sstp/sstp.c @@ -2029,55 +2029,40 @@ static void load_config(void) conf_ssl_ca_file = conf_get_opt("sstp", "ssl-ca-file"); - in = BIO_new(BIO_s_file_internal()); + in = BIO_new(BIO_s_file()); if (in) { opt = conf_get_opt("sstp", "ssl-pemfile"); - if (opt) do { - if (BIO_read_filename(in, opt) <= 0) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); - log_error("sstp: SSL certificate error: %s\n", ERR_error_string(ERR_get_error(), NULL)); - break; - } - - conf_ssl_cert = PEM_read_bio_X509(in, NULL, NULL, NULL); - if (!conf_ssl_cert) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB); + if (opt) { + /* conf_ssl_cert set to NULL already */ + if (BIO_read_filename(in, opt) > 0) + conf_ssl_cert = PEM_read_bio_X509(in, NULL, NULL, NULL); + + if (conf_ssl_cert) { + if (conf_hash_protocol & CERT_HASH_PROTOCOL_SHA1) { + X509_digest(conf_ssl_cert, EVP_sha1(), + conf_hash_sha1.hash, &conf_hash_sha1.len); + } + if (conf_hash_protocol & CERT_HASH_PROTOCOL_SHA256) { + X509_digest(conf_ssl_cert, EVP_sha256(), + conf_hash_sha256.hash, &conf_hash_sha256.len); + } + } else log_error("sstp: SSL certificate error: %s\n", ERR_error_string(ERR_get_error(), NULL)); - break; - } - - if (conf_hash_protocol & CERT_HASH_PROTOCOL_SHA1) { - X509_digest(conf_ssl_cert, EVP_sha1(), - conf_hash_sha1.hash, &conf_hash_sha1.len); - } - - if (conf_hash_protocol & CERT_HASH_PROTOCOL_SHA256) { - X509_digest(conf_ssl_cert, EVP_sha256(), - conf_hash_sha256.hash, &conf_hash_sha256.len); - } - } while (0); + } opt = conf_get_opt("sstp", "ssl-keyfile") ? : opt; - if (opt && conf_ssl) do { - if (BIO_read_filename(in, opt) <= 0) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB); - log_error("sstp: SSL private key error: %s\n", ERR_error_string(ERR_get_error(), NULL)); - break; - } + if (opt && conf_ssl) { + /* conf_ssl_pkey set to NULL already */ + if (BIO_read_filename(in, opt) > 0) + conf_ssl_pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL); - conf_ssl_pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL); - if (!conf_ssl_pkey) { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_PEM_LIB); + if (!conf_ssl_pkey) log_error("sstp: SSL private key error: %s\n", ERR_error_string(ERR_get_error(), NULL)); - break; - } - } while (0); + } - BIO_free(in); - } else { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); + BIO_free_all(in); + } else log_error("sstp: SSL error: %s\n", ERR_error_string(ERR_get_error(), NULL)); - } #endif opt = conf_get_opt("sstp", "cert-hash-sha1"); |