Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / f11365b26ae23b30215878e0c278aa10d25a4846^! / .
commitf11365b26ae23b30215878e0c278aa10d25a4846[log] [tgz]
authorWilliam Lallemand <wlallemand@haproxy.com>Thu Sep 19 14:25:58 2019 +0200
committerWilliam Lallemand <wlallemand@haproxy.org>Fri Oct 11 17:32:03 2019 +0200
treee1d556387c183da6f25b3f6160710a70c9e41bbd
parent614ca0d3704fa3316aa4861aa41b35bedb48fac1 [diff]
MINOR: ssl: ssl_sock_load_crt_file_into_ckch() is filling from a BIO

The function ssl_sock_load_crt_file_into_ckch() is now able to fill a
ckch using a BIO in input.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index b289aae..886ebd5 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -2934,28 +2934,34 @@
 }
 #endif
 
-/* Loads the contents of a crt file (path) into a cert_key_and_chain
- * This allows us to carry the contents of the file without having to
- * read the file multiple times.
- * The caller must call ssl_sock_free_cert_key_and_chain_contents.
+/* Loads the contents of a crt file (path) or BIO into a cert_key_and_chain
+ * This allows us to carry the contents of the file without having to read the
+ * file multiple times.  The caller must call
+ * ssl_sock_free_cert_key_and_chain_contents.
  *
  * returns:
  *      0 on Success
  *      1 on SSL Failure
  */
-static int ssl_sock_load_crt_file_into_ckch(const char *path, struct cert_key_and_chain *ckch, char **err)
+static int ssl_sock_load_crt_file_into_ckch(const char *path, BIO *buf, struct cert_key_and_chain *ckch, char **err)
 {
 
-	BIO *in;
+	BIO *in = NULL;
 	X509 *ca;
 	int ret = 1;
 
-	in = BIO_new(BIO_s_file());
-	if (in == NULL)
-		goto end;
+	if (buf != NULL && path != NULL) {
+		in = buf;
+	} else if (path != NULL) {
+		in = BIO_new(BIO_s_file());
+		if (in == NULL)
+			goto end;
 
-	if (BIO_read_filename(in, path) <= 0)
+		if (BIO_read_filename(in, path) <= 0)
+			goto end;
+	} else {
 		goto end;
+	}
 
 	/* Read Private Key */
 	ckch->key = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL);
@@ -3019,7 +3025,7 @@
 end:
 
 	ERR_clear_error();
-	if (in)
+	if (in && !buf)
 		BIO_free(in);
 
 	/* Something went wrong in one of the reads */
@@ -3166,7 +3172,7 @@
 
 	if (!multi) {
 
-		if (ssl_sock_load_crt_file_into_ckch(path, ckchs->ckch, err) == 1)
+		if (ssl_sock_load_crt_file_into_ckch(path, NULL, ckchs->ckch, err) == 1)
 			goto end;
 
 		/* insert into the ckchs tree */
@@ -3183,7 +3189,7 @@
 			struct stat buf;
 			snprintf(fp, sizeof(fp), "%s.%s", path, SSL_SOCK_KEYTYPE_NAMES[n]);
 			if (stat(fp, &buf) == 0) {
-				if (ssl_sock_load_crt_file_into_ckch(fp, &ckchs->ckch[n], err) == 1)
+				if (ssl_sock_load_crt_file_into_ckch(fp, NULL, &ckchs->ckch[n], err) == 1)
 					goto end;
 				found = 1;
 				ckchs->multi = 1;