diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2016-11-05 14:50:06 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2016-11-05 14:50:06 +0000 |
| commit | 99262928981816c37649095d90839f70c0f37857 (patch) | |
| tree | b7b6a40a544d2a28f70da5afd026a4e122fcdc81 | |
| parent | a53cf54d1b27510c547115d7c67c01a5ea0c8622 (diff) | |
rename ocsp_ctx to ocsp
ok jsing@
| -rw-r--r-- | lib/libtls/tls.c | 12 | ||||
| -rw-r--r-- | lib/libtls/tls_internal.h | 10 | ||||
| -rw-r--r-- | lib/libtls/tls_ocsp.c | 114 |
3 files changed, 68 insertions, 68 deletions
diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c index 6893e95b083..51717a79cb9 100644 --- a/lib/libtls/tls.c +++ b/lib/libtls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.51 2016/11/03 10:05:32 jsing Exp $ */ +/* $OpenBSD: tls.c,v 1.52 2016/11/05 14:50:05 beck Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -446,9 +446,9 @@ tls_reset(struct tls *ctx) tls_conninfo_free(ctx->conninfo); ctx->conninfo = NULL; - tls_ocsp_ctx_free(ctx->ocsp_ctx); - ctx->ocsp_ctx = NULL; - + tls_ocsp_free(ctx->ocsp); + ctx->ocsp = NULL; + for (sni = ctx->sni_ctx; sni != NULL; sni = nsni) { nsni = sni->next; tls_sni_ctx_free(sni); @@ -531,8 +531,8 @@ tls_handshake(struct tls *ctx) ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn); if (tls_conninfo_populate(ctx) == -1) rv = -1; - if (ctx->ocsp_ctx == NULL) - ctx->ocsp_ctx = tls_ocsp_setup_from_peer(ctx); + if (ctx->ocsp == NULL) + ctx->ocsp = tls_ocsp_setup_from_peer(ctx); } out: /* Prevent callers from performing incorrect error handling */ diff --git a/lib/libtls/tls_internal.h b/lib/libtls/tls_internal.h index 4fe4ee7811e..65b65371b23 100644 --- a/lib/libtls/tls_internal.h +++ b/lib/libtls/tls_internal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_internal.h,v 1.48 2016/11/04 18:23:32 guenther Exp $ */ +/* $OpenBSD: tls_internal.h,v 1.49 2016/11/05 14:50:05 beck Exp $ */ /* * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> @@ -106,7 +106,7 @@ struct tls_ocsp_result { time_t revocation_time; }; -struct tls_ocsp_ctx { +struct tls_ocsp { /* responder location */ char *ocsp_url; @@ -147,7 +147,7 @@ struct tls { struct tls_conninfo *conninfo; - struct tls_ocsp_ctx *ocsp_ctx; + struct tls_ocsp *ocsp; tls_read_cb read_cb; tls_write_cb write_cb; @@ -208,8 +208,8 @@ int tls_conninfo_populate(struct tls *ctx); void tls_conninfo_free(struct tls_conninfo *conninfo); int tls_ocsp_verify_cb(SSL *ssl, void *arg); -void tls_ocsp_ctx_free(struct tls_ocsp_ctx *ctx); -struct tls_ocsp_ctx *tls_ocsp_setup_from_peer(struct tls *ctx); +void tls_ocsp_free(struct tls_ocsp *ctx); +struct tls_ocsp *tls_ocsp_setup_from_peer(struct tls *ctx); __END_HIDDEN_DECLS diff --git a/lib/libtls/tls_ocsp.c b/lib/libtls/tls_ocsp.c index 52e90364a77..2da88f42812 100644 --- a/lib/libtls/tls_ocsp.c +++ b/lib/libtls/tls_ocsp.c @@ -34,25 +34,25 @@ * State for request. */ -static struct tls_ocsp_ctx * -tls_ocsp_ctx_new(void) +static struct tls_ocsp * +tls_ocsp_new(void) { - return (calloc(1, sizeof(struct tls_ocsp_ctx))); + return (calloc(1, sizeof(struct tls_ocsp))); } void -tls_ocsp_ctx_free(struct tls_ocsp_ctx *ocsp_ctx) +tls_ocsp_free(struct tls_ocsp *ocsp) { - if (ocsp_ctx == NULL) + if (ocsp == NULL) return; - free(ocsp_ctx->ocsp_result); - ocsp_ctx->ocsp_result = NULL; - free(ocsp_ctx->ocsp_url); - ocsp_ctx->ocsp_url = NULL; - free(ocsp_ctx->request_data); - ocsp_ctx->request_data = NULL; - free(ocsp_ctx); + free(ocsp->ocsp_result); + ocsp->ocsp_result = NULL; + free(ocsp->ocsp_url); + ocsp->ocsp_url = NULL; + free(ocsp->request_data); + ocsp->request_data = NULL; + free(ocsp); } static int @@ -78,8 +78,8 @@ tls_ocsp_fill_info(struct tls *ctx, int response_status, int cert_status, { struct tls_ocsp_result *info = NULL; - free(ctx->ocsp_ctx->ocsp_result); - ctx->ocsp_ctx->ocsp_result = NULL; + free(ctx->ocsp->ocsp_result); + ctx->ocsp->ocsp_result = NULL; if ((info = calloc(1, sizeof (struct tls_ocsp_result))) == NULL) { tls_set_error(ctx, "calloc"); @@ -115,7 +115,7 @@ tls_ocsp_fill_info(struct tls *ctx, int response_status, int cert_status, "unable to parse next update time in OCSP reply"); goto error; } - ctx->ocsp_ctx->ocsp_result = info; + ctx->ocsp->ocsp_result = info; return 0; error: free(info); @@ -155,37 +155,37 @@ tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs, return cid; } -struct tls_ocsp_ctx * +struct tls_ocsp * tls_ocsp_setup_from_peer(struct tls *ctx) { - struct tls_ocsp_ctx *ocsp_ctx = NULL; + struct tls_ocsp *ocsp = NULL; STACK_OF(OPENSSL_STRING) *ocsp_urls = NULL; - if ((ocsp_ctx = tls_ocsp_ctx_new()) == NULL) + if ((ocsp = tls_ocsp_new()) == NULL) goto failed; /* steal state from ctx struct */ - ocsp_ctx->main_cert = SSL_get_peer_certificate(ctx->ssl_conn); - ocsp_ctx->extra_certs = SSL_get_peer_cert_chain(ctx->ssl_conn); - if (ocsp_ctx->main_cert == NULL) { + ocsp->main_cert = SSL_get_peer_certificate(ctx->ssl_conn); + ocsp->extra_certs = SSL_get_peer_cert_chain(ctx->ssl_conn); + if (ocsp->main_cert == NULL) { tls_set_errorx(ctx, "no peer certificate for OCSP"); goto failed; } - ocsp_urls = X509_get1_ocsp(ocsp_ctx->main_cert); + ocsp_urls = X509_get1_ocsp(ocsp->main_cert); if (ocsp_urls == NULL) goto failed; - ocsp_ctx->ocsp_url = strdup(sk_OPENSSL_STRING_value(ocsp_urls, 0)); - if (ocsp_ctx->ocsp_url == NULL) { + ocsp->ocsp_url = strdup(sk_OPENSSL_STRING_value(ocsp_urls, 0)); + if (ocsp->ocsp_url == NULL) { tls_set_errorx(ctx, "out of memory"); goto failed; } X509_email_free(ocsp_urls); - return ocsp_ctx; + return ocsp; failed: - tls_ocsp_ctx_free(ocsp_ctx); + tls_ocsp_free(ocsp); X509_email_free(ocsp_urls); return NULL; } @@ -213,7 +213,7 @@ tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp) flags = OCSP_TRUSTOTHER; /* now verify */ - if (OCSP_basic_verify(br, ctx->ocsp_ctx->extra_certs, + if (OCSP_basic_verify(br, ctx->ocsp->extra_certs, SSL_CTX_get_cert_store(ctx->ssl_ctx), flags) != 1) { tls_set_error(ctx, "ocsp verify failed"); goto error; @@ -227,8 +227,8 @@ tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp) goto error; } - cid = tls_ocsp_get_certid(ctx->ocsp_ctx->main_cert, - ctx->ocsp_ctx->extra_certs, ctx->ssl_ctx); + cid = tls_ocsp_get_certid(ctx->ocsp->main_cert, + ctx->ocsp->extra_certs, ctx->ssl_ctx); if (cid == NULL) { tls_set_errorx(ctx, "ocsp verify failed: no issuer cert"); goto error; @@ -281,8 +281,8 @@ tls_ocsp_process_response_internal(struct tls *ctx, const unsigned char *respons resp = d2i_OCSP_RESPONSE(NULL, &response, size); if (resp == NULL) { - tls_ocsp_ctx_free(ctx->ocsp_ctx); - ctx->ocsp_ctx = NULL; + tls_ocsp_free(ctx->ocsp); + ctx->ocsp = NULL; tls_set_error(ctx, "unable to parse OCSP response"); return -1; } @@ -311,9 +311,9 @@ tls_ocsp_verify_cb(SSL *ssl, void *arg) return 1; } - tls_ocsp_ctx_free(ctx->ocsp_ctx); - ctx->ocsp_ctx = tls_ocsp_setup_from_peer(ctx); - if (ctx->ocsp_ctx != NULL) { + tls_ocsp_free(ctx->ocsp); + ctx->ocsp = tls_ocsp_setup_from_peer(ctx); + if (ctx->ocsp != NULL) { if (ctx->config->verify_cert == 0 || ctx->config->verify_time == 0) return 1; res = tls_ocsp_process_response_internal(ctx, raw, size); @@ -330,79 +330,79 @@ tls_ocsp_verify_cb(SSL *ssl, void *arg) const char * tls_peer_ocsp_url(struct tls *ctx) { - if (ctx->ocsp_ctx == NULL) + if (ctx->ocsp == NULL) return NULL; - return ctx->ocsp_ctx->ocsp_url; + return ctx->ocsp->ocsp_url; } const char * tls_peer_ocsp_result(struct tls *ctx) { - if (ctx->ocsp_ctx == NULL) + if (ctx->ocsp == NULL) return NULL; - if (ctx->ocsp_ctx->ocsp_result == NULL) + if (ctx->ocsp->ocsp_result == NULL) return NULL; - return ctx->ocsp_ctx->ocsp_result->result_msg; + return ctx->ocsp->ocsp_result->result_msg; } int tls_peer_ocsp_response_status(struct tls *ctx) { - if (ctx->ocsp_ctx == NULL) + if (ctx->ocsp == NULL) return -1; - if (ctx->ocsp_ctx->ocsp_result == NULL) + if (ctx->ocsp->ocsp_result == NULL) return -1; - return ctx->ocsp_ctx->ocsp_result->response_status; + return ctx->ocsp->ocsp_result->response_status; } int tls_peer_ocsp_cert_status(struct tls *ctx) { - if (ctx->ocsp_ctx == NULL) + if (ctx->ocsp == NULL) return -1; - if (ctx->ocsp_ctx->ocsp_result == NULL) + if (ctx->ocsp->ocsp_result == NULL) return -1; - return ctx->ocsp_ctx->ocsp_result->cert_status; + return ctx->ocsp->ocsp_result->cert_status; } int tls_peer_ocsp_crl_reason(struct tls *ctx) { - if (ctx->ocsp_ctx == NULL) + if (ctx->ocsp == NULL) return -1; - if (ctx->ocsp_ctx->ocsp_result == NULL) + if (ctx->ocsp->ocsp_result == NULL) return -1; - return ctx->ocsp_ctx->ocsp_result->crl_reason; + return ctx->ocsp->ocsp_result->crl_reason; } time_t tls_peer_ocsp_this_update(struct tls *ctx) { - if (ctx->ocsp_ctx == NULL) + if (ctx->ocsp == NULL) return -1; - if (ctx->ocsp_ctx->ocsp_result == NULL) + if (ctx->ocsp->ocsp_result == NULL) return -1; - return ctx->ocsp_ctx->ocsp_result->this_update; + return ctx->ocsp->ocsp_result->this_update; } time_t tls_peer_ocsp_next_update(struct tls *ctx) { - if (ctx->ocsp_ctx == NULL) + if (ctx->ocsp == NULL) return -1; - if (ctx->ocsp_ctx->ocsp_result == NULL) + if (ctx->ocsp->ocsp_result == NULL) return -1; - return ctx->ocsp_ctx->ocsp_result->next_update; + return ctx->ocsp->ocsp_result->next_update; } time_t tls_peer_ocsp_revocation_time(struct tls *ctx) { - if (ctx->ocsp_ctx == NULL) + if (ctx->ocsp == NULL) return -1; - if (ctx->ocsp_ctx->ocsp_result == NULL) + if (ctx->ocsp->ocsp_result == NULL) return -1; - return ctx->ocsp_ctx->ocsp_result->revocation_time; + return ctx->ocsp->ocsp_result->revocation_time; } int |