Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 75a7aa13da80959970c5b558c0c6beb473dbddd5^! / .
commit75a7aa13da80959970c5b558c0c6beb473dbddd5[log] [tgz]
authorEmmanuel Hocdet <manu@gandi.net>Tue Feb 18 15:19:24 2020 +0100
committerWilliam Lallemand <wlallemand@haproxy.org>Wed Feb 26 12:48:47 2020 +0100
tree3b732b1354b20c31b12b620beccd1f40bfe101e5
parent2104659cd5a7d7547e171a814cd85c2e402b8d86 [diff]
MINOR: ssl: move find certificate chain code to its own function

New function ssl_get_issuer_chain(cert) to find an issuer_chain entry
from "issers-chain-path" tree.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 1d67e4b..2f2dc98 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -160,6 +160,7 @@
 int nb_engines = 0;
 
 static struct eb_root cert_issuer_tree = EB_ROOT; /* issuers tree from "issuers-chain-path" */
+static struct issuer_chain* ssl_get_issuer_chain(X509 *cert);
 
 static struct {
 	char *crt_base;             /* base directory path for certificates */
@@ -3357,22 +3358,10 @@
 	}
 	/* Find Certificate Chain in global */
 	if (chain == NULL) {
-		AUTHORITY_KEYID *akid;
-		akid = X509_get_ext_d2i(cert, NID_authority_key_identifier, NULL, NULL);
-		if (akid) {
-			struct issuer_chain *issuer;
-			struct eb64_node *node;
-			u64 hk;
-			hk = XXH64(ASN1_STRING_get0_data(akid->keyid), ASN1_STRING_length(akid->keyid), 0);
-			for (node = eb64_lookup(&cert_issuer_tree, hk); node; node = eb64_next(node)) {
-				issuer = container_of(node, typeof(*issuer), node);
-				if (X509_check_issued(sk_X509_value(issuer->chain, 0), cert) == X509_V_OK) {
-					chain = X509_chain_up_ref(issuer->chain);
-					break;
-				}
-			}
-			AUTHORITY_KEYID_free(akid);
-		}
+		struct issuer_chain *issuer;
+		issuer = ssl_get_issuer_chain(cert);
+		if (issuer)
+			chain = X509_chain_up_ref(issuer->chain);
 	}
 	/* no chain */
 	if (chain == NULL) {
@@ -9843,6 +9832,28 @@
 	return ret;
 }
 
+static struct issuer_chain* ssl_get_issuer_chain(X509 *cert)
+{
+	AUTHORITY_KEYID *akid;
+	struct issuer_chain *issuer = NULL;
+
+	akid = X509_get_ext_d2i(cert, NID_authority_key_identifier, NULL, NULL);
+	if (akid) {
+		struct eb64_node *node;
+		u64 hk;
+		hk = XXH64(ASN1_STRING_get0_data(akid->keyid), ASN1_STRING_length(akid->keyid), 0);
+		for (node = eb64_lookup(&cert_issuer_tree, hk); node; node = eb64_next(node)) {
+			struct issuer_chain *ti = container_of(node, typeof(*issuer), node);
+			if (X509_check_issued(sk_X509_value(ti->chain, 0), cert) == X509_V_OK) {
+				issuer = ti;
+				break;
+			}
+		}
+		AUTHORITY_KEYID_free(akid);
+	}
+	return issuer;
+}
+
 static void ssl_free_global_issuers(void)
 {
 	struct eb64_node *node, *back;