src - OpenBSD base system

diff options


context:
space:
mode:

author	Bob Beck <beck@cvs.openbsd.org>	2016-11-05 14:50:06 +0000
committer	Bob Beck <beck@cvs.openbsd.org>	2016-11-05 14:50:06 +0000
commit	99262928981816c37649095d90839f70c0f37857 (patch)
tree	b7b6a40a544d2a28f70da5afd026a4e122fcdc81 /lib
parent	a53cf54d1b27510c547115d7c67c01a5ea0c8622 (diff)

rename ocsp_ctx to ocsp

ok jsing@

Diffstat (limited to 'lib')

-rw-r--r--

lib/libtls/tls.c

-rw-r--r--

lib/libtls/tls_internal.h

-rw-r--r--

lib/libtls/tls_ocsp.c

114

3 files changed, 68 insertions, 68 deletions

diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c
index 6893e95b083..51717a79cb9 100644
--- a/lib/libtls/tls.c
+++ b/lib/libtls/tls.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: tls.c,v 1.51 2016/11/03 10:05:32 jsing Exp $ */

+/* $OpenBSD: tls.c,v 1.52 2016/11/05 14:50:05 beck Exp $ */

@@ -446,9 +446,9 @@ tls_reset(struct tls *ctx)

tls_conninfo_free(ctx->conninfo);

ctx->conninfo = NULL;

- tls_ocsp_ctx_free(ctx->ocsp_ctx);

- ctx->ocsp_ctx = NULL;

+ tls_ocsp_free(ctx->ocsp);

+ ctx->ocsp = NULL;

for (sni = ctx->sni_ctx; sni != NULL; sni = nsni) {

nsni = sni->next;

tls_sni_ctx_free(sni);

@@ -531,8 +531,8 @@ tls_handshake(struct tls *ctx)

ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn);

if (tls_conninfo_populate(ctx) == -1)

rv = -1;

- if (ctx->ocsp_ctx == NULL)

- ctx->ocsp_ctx = tls_ocsp_setup_from_peer(ctx);

+ if (ctx->ocsp == NULL)

+ ctx->ocsp = tls_ocsp_setup_from_peer(ctx);

}

out:

/* Prevent callers from performing incorrect error handling */

diff --git a/lib/libtls/tls_internal.h b/lib/libtls/tls_internal.h
index 4fe4ee7811e..65b65371b23 100644
--- a/lib/libtls/tls_internal.h
+++ b/lib/libtls/tls_internal.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: tls_internal.h,v 1.48 2016/11/04 18:23:32 guenther Exp $ */

+/* $OpenBSD: tls_internal.h,v 1.49 2016/11/05 14:50:05 beck Exp $ */

@@ -106,7 +106,7 @@ struct tls_ocsp_result {

time_t revocation_time;

};

-struct tls_ocsp_ctx {

+struct tls_ocsp {

/* responder location */

char *ocsp_url;

@@ -147,7 +147,7 @@ struct tls {

struct tls_conninfo *conninfo;

- struct tls_ocsp_ctx *ocsp_ctx;

+ struct tls_ocsp *ocsp;

tls_read_cb read_cb;

tls_write_cb write_cb;

@@ -208,8 +208,8 @@ int tls_conninfo_populate(struct tls *ctx);

void tls_conninfo_free(struct tls_conninfo *conninfo);

int tls_ocsp_verify_cb(SSL *ssl, void *arg);

-void tls_ocsp_ctx_free(struct tls_ocsp_ctx *ctx);

-struct tls_ocsp_ctx *tls_ocsp_setup_from_peer(struct tls *ctx);

+void tls_ocsp_free(struct tls_ocsp *ctx);

+struct tls_ocsp *tls_ocsp_setup_from_peer(struct tls *ctx);

__END_HIDDEN_DECLS

diff --git a/lib/libtls/tls_ocsp.c b/lib/libtls/tls_ocsp.c
index 52e90364a77..2da88f42812 100644
--- a/lib/libtls/tls_ocsp.c
+++ b/lib/libtls/tls_ocsp.c

@@ -34,25 +34,25 @@

* State for request.

-static struct tls_ocsp_ctx *

-tls_ocsp_ctx_new(void)

+static struct tls_ocsp *

+tls_ocsp_new(void)

{

- return (calloc(1, sizeof(struct tls_ocsp_ctx)));

+ return (calloc(1, sizeof(struct tls_ocsp)));

}

void

-tls_ocsp_ctx_free(struct tls_ocsp_ctx *ocsp_ctx)

+tls_ocsp_free(struct tls_ocsp *ocsp)

{

- if (ocsp_ctx == NULL)

+ if (ocsp == NULL)

return;

- free(ocsp_ctx->ocsp_result);

- ocsp_ctx->ocsp_result = NULL;

- free(ocsp_ctx->ocsp_url);

- ocsp_ctx->ocsp_url = NULL;

- free(ocsp_ctx->request_data);

- ocsp_ctx->request_data = NULL;

- free(ocsp_ctx);

+ free(ocsp->ocsp_result);

+ ocsp->ocsp_result = NULL;

+ free(ocsp->ocsp_url);

+ ocsp->ocsp_url = NULL;

+ free(ocsp->request_data);

+ ocsp->request_data = NULL;

+ free(ocsp);

}

static int

@@ -78,8 +78,8 @@ tls_ocsp_fill_info(struct tls *ctx, int response_status, int cert_status,

{

struct tls_ocsp_result *info = NULL;

- free(ctx->ocsp_ctx->ocsp_result);

- ctx->ocsp_ctx->ocsp_result = NULL;

+ free(ctx->ocsp->ocsp_result);

+ ctx->ocsp->ocsp_result = NULL;

if ((info = calloc(1, sizeof (struct tls_ocsp_result))) == NULL) {

tls_set_error(ctx, "calloc");

@@ -115,7 +115,7 @@ tls_ocsp_fill_info(struct tls *ctx, int response_status, int cert_status,

"unable to parse next update time in OCSP reply");

goto error;

}

- ctx->ocsp_ctx->ocsp_result = info;

+ ctx->ocsp->ocsp_result = info;

return 0;

error:

free(info);

@@ -155,37 +155,37 @@ tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs,

return cid;

}

-struct tls_ocsp_ctx *

+struct tls_ocsp *

tls_ocsp_setup_from_peer(struct tls *ctx)

{

- struct tls_ocsp_ctx *ocsp_ctx = NULL;

+ struct tls_ocsp *ocsp = NULL;

STACK_OF(OPENSSL_STRING) *ocsp_urls = NULL;

- if ((ocsp_ctx = tls_ocsp_ctx_new()) == NULL)

+ if ((ocsp = tls_ocsp_new()) == NULL)

goto failed;

/* steal state from ctx struct */

- ocsp_ctx->main_cert = SSL_get_peer_certificate(ctx->ssl_conn);

- ocsp_ctx->extra_certs = SSL_get_peer_cert_chain(ctx->ssl_conn);

- if (ocsp_ctx->main_cert == NULL) {

+ ocsp->main_cert = SSL_get_peer_certificate(ctx->ssl_conn);

+ ocsp->extra_certs = SSL_get_peer_cert_chain(ctx->ssl_conn);

+ if (ocsp->main_cert == NULL) {

tls_set_errorx(ctx, "no peer certificate for OCSP");

goto failed;

}

- ocsp_urls = X509_get1_ocsp(ocsp_ctx->main_cert);

+ ocsp_urls = X509_get1_ocsp(ocsp->main_cert);

if (ocsp_urls == NULL)

goto failed;

- ocsp_ctx->ocsp_url = strdup(sk_OPENSSL_STRING_value(ocsp_urls, 0));

- if (ocsp_ctx->ocsp_url == NULL) {

+ ocsp->ocsp_url = strdup(sk_OPENSSL_STRING_value(ocsp_urls, 0));

+ if (ocsp->ocsp_url == NULL) {

tls_set_errorx(ctx, "out of memory");

goto failed;

}

X509_email_free(ocsp_urls);

- return ocsp_ctx;

+ return ocsp;

failed:

- tls_ocsp_ctx_free(ocsp_ctx);

+ tls_ocsp_free(ocsp);

X509_email_free(ocsp_urls);

return NULL;

}

@@ -213,7 +213,7 @@ tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp)

flags = OCSP_TRUSTOTHER;

/* now verify */

- if (OCSP_basic_verify(br, ctx->ocsp_ctx->extra_certs,

+ if (OCSP_basic_verify(br, ctx->ocsp->extra_certs,

SSL_CTX_get_cert_store(ctx->ssl_ctx), flags) != 1) {

tls_set_error(ctx, "ocsp verify failed");

goto error;

@@ -227,8 +227,8 @@ tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp)

goto error;

}

- cid = tls_ocsp_get_certid(ctx->ocsp_ctx->main_cert,

- ctx->ocsp_ctx->extra_certs, ctx->ssl_ctx);

+ cid = tls_ocsp_get_certid(ctx->ocsp->main_cert,

+ ctx->ocsp->extra_certs, ctx->ssl_ctx);

if (cid == NULL) {

tls_set_errorx(ctx, "ocsp verify failed: no issuer cert");

goto error;

@@ -281,8 +281,8 @@ tls_ocsp_process_response_internal(struct tls *ctx, const unsigned char *respons

resp = d2i_OCSP_RESPONSE(NULL, &response, size);

if (resp == NULL) {

- tls_ocsp_ctx_free(ctx->ocsp_ctx);

- ctx->ocsp_ctx = NULL;

+ tls_ocsp_free(ctx->ocsp);

+ ctx->ocsp = NULL;

tls_set_error(ctx, "unable to parse OCSP response");

return -1;

}

@@ -311,9 +311,9 @@ tls_ocsp_verify_cb(SSL *ssl, void *arg)

return 1;

}

- tls_ocsp_ctx_free(ctx->ocsp_ctx);

- ctx->ocsp_ctx = tls_ocsp_setup_from_peer(ctx);

- if (ctx->ocsp_ctx != NULL) {

+ tls_ocsp_free(ctx->ocsp);

+ ctx->ocsp = tls_ocsp_setup_from_peer(ctx);

+ if (ctx->ocsp != NULL) {

if (ctx->config->verify_cert == 0 || ctx->config->verify_time == 0)

return 1;

res = tls_ocsp_process_response_internal(ctx, raw, size);

@@ -330,79 +330,79 @@ tls_ocsp_verify_cb(SSL *ssl, void *arg)

const char *

tls_peer_ocsp_url(struct tls *ctx)

{

- if (ctx->ocsp_ctx == NULL)

+ if (ctx->ocsp == NULL)

return NULL;

- return ctx->ocsp_ctx->ocsp_url;

+ return ctx->ocsp->ocsp_url;

}

const char *

tls_peer_ocsp_result(struct tls *ctx)

{

- if (ctx->ocsp_ctx == NULL)

+ if (ctx->ocsp == NULL)

return NULL;

- if (ctx->ocsp_ctx->ocsp_result == NULL)

+ if (ctx->ocsp->ocsp_result == NULL)

return NULL;

- return ctx->ocsp_ctx->ocsp_result->result_msg;

+ return ctx->ocsp->ocsp_result->result_msg;

}

int

tls_peer_ocsp_response_status(struct tls *ctx)

{

- if (ctx->ocsp_ctx == NULL)

+ if (ctx->ocsp == NULL)

return -1;

- if (ctx->ocsp_ctx->ocsp_result == NULL)

+ if (ctx->ocsp->ocsp_result == NULL)

return -1;

- return ctx->ocsp_ctx->ocsp_result->response_status;

+ return ctx->ocsp->ocsp_result->response_status;

}

int

tls_peer_ocsp_cert_status(struct tls *ctx)

{

- if (ctx->ocsp_ctx == NULL)

+ if (ctx->ocsp == NULL)

return -1;

- if (ctx->ocsp_ctx->ocsp_result == NULL)

+ if (ctx->ocsp->ocsp_result == NULL)

return -1;

- return ctx->ocsp_ctx->ocsp_result->cert_status;

+ return ctx->ocsp->ocsp_result->cert_status;

}

int

tls_peer_ocsp_crl_reason(struct tls *ctx)

{

- if (ctx->ocsp_ctx == NULL)

+ if (ctx->ocsp == NULL)

return -1;

- if (ctx->ocsp_ctx->ocsp_result == NULL)

+ if (ctx->ocsp->ocsp_result == NULL)

return -1;

- return ctx->ocsp_ctx->ocsp_result->crl_reason;

+ return ctx->ocsp->ocsp_result->crl_reason;

}

time_t

tls_peer_ocsp_this_update(struct tls *ctx)

{

- if (ctx->ocsp_ctx == NULL)

+ if (ctx->ocsp == NULL)

return -1;

- if (ctx->ocsp_ctx->ocsp_result == NULL)

+ if (ctx->ocsp->ocsp_result == NULL)

return -1;

- return ctx->ocsp_ctx->ocsp_result->this_update;

+ return ctx->ocsp->ocsp_result->this_update;

}

time_t

tls_peer_ocsp_next_update(struct tls *ctx)

{

- if (ctx->ocsp_ctx == NULL)

+ if (ctx->ocsp == NULL)

return -1;

- if (ctx->ocsp_ctx->ocsp_result == NULL)

+ if (ctx->ocsp->ocsp_result == NULL)

return -1;

- return ctx->ocsp_ctx->ocsp_result->next_update;

+ return ctx->ocsp->ocsp_result->next_update;

}

time_t

tls_peer_ocsp_revocation_time(struct tls *ctx)

{

- if (ctx->ocsp_ctx == NULL)

+ if (ctx->ocsp == NULL)

return -1;

- if (ctx->ocsp_ctx->ocsp_result == NULL)

+ if (ctx->ocsp->ocsp_result == NULL)

return -1;

- return ctx->ocsp_ctx->ocsp_result->revocation_time;

+ return ctx->ocsp->ocsp_result->revocation_time;

}

int