void
tls_ctx_load_cert_file (struct tls_root_ctx *ctx, const char *cert_file,
#if ENABLE_INLINE_FILES
const char *cert_file_inline,
#endif
X509 **x509
)
{
BIO *in = NULL;
X509 *x = NULL;
int ret = 0;
bool inline_file = false;
ASSERT (NULL != ctx);
if (NULL != x509)
ASSERT (NULL == *x509);
#if ENABLE_INLINE_FILES
inline_file = (strcmp (cert_file, INLINE_FILE_TAG) == 0);
if (inline_file && cert_file_inline)
in = BIO_new_mem_buf ((char *)cert_file_inline, -1);
else
#endif /* ENABLE_INLINE_FILES */
in = BIO_new_file (cert_file, "r");
if (in == NULL)
{
SSLerr (SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
goto end;
}
x = PEM_read_bio_X509 (in, NULL, ctx->ctx->default_passwd_callback,
ctx->ctx->default_passwd_callback_userdata);
if (x == NULL)
{
SSLerr (SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
goto end;
}
ret = SSL_CTX_use_certificate (ctx->ctx, x);
if (ret)
tls_ctx_add_extra_certs (ctx, in);
end:
if (!ret)
{
if (inline_file)
msg (M_SSLERR, "Cannot load inline certificate file");
else
msg (M_SSLERR, "Cannot load certificate file %s", cert_file);
}
if (in != NULL)
BIO_free(in);
if (x509)
*x509 = x;
else if (x)
X509_free (x);
}
void
tls_ctx_load_extra_certs (struct tls_root_ctx *ctx, const char *extra_certs_file,
const char *extra_certs_file_inline
)
{
BIO *in;
if (!strcmp (extra_certs_file, INLINE_FILE_TAG) && extra_certs_file_inline)
in = BIO_new_mem_buf ((char *)extra_certs_file_inline, -1);
else
in = BIO_new_file (extra_certs_file, "r");
if (in == NULL)
msg (M_SSLERR, "Cannot load extra-certs file: %s", extra_certs_file);
else
tls_ctx_add_extra_certs (ctx, in);
BIO_free (in);
}