ssl_mcnf.c revision 1.1.1.1
1 /* 2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include <openssl/conf.h> 12 #include <openssl/ssl.h> 13 #include "ssl_local.h" 14 #include "internal/sslconf.h" 15 16 /* SSL library configuration module. */ 17 18 void SSL_add_ssl_module(void) 19 { 20 /* Do nothing. This will be added automatically by libcrypto */ 21 } 22 23 static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system) 24 { 25 SSL_CONF_CTX *cctx = NULL; 26 size_t i, idx, cmd_count; 27 int rv = 0; 28 unsigned int flags; 29 const SSL_METHOD *meth; 30 const SSL_CONF_CMD *cmds; 31 32 if (s == NULL && ctx == NULL) { 33 SSLerr(SSL_F_SSL_DO_CONFIG, ERR_R_PASSED_NULL_PARAMETER); 34 goto err; 35 } 36 37 if (name == NULL && system) 38 name = "system_default"; 39 if (!conf_ssl_name_find(name, &idx)) { 40 if (!system) { 41 SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME); 42 ERR_add_error_data(2, "name=", name); 43 } 44 goto err; 45 } 46 cmds = conf_ssl_get(idx, &name, &cmd_count); 47 cctx = SSL_CONF_CTX_new(); 48 if (cctx == NULL) 49 goto err; 50 flags = SSL_CONF_FLAG_FILE; 51 if (!system) 52 flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE; 53 if (s != NULL) { 54 meth = s->method; 55 SSL_CONF_CTX_set_ssl(cctx, s); 56 } else { 57 meth = ctx->method; 58 SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); 59 } 60 if (meth->ssl_accept != ssl_undefined_function) 61 flags |= SSL_CONF_FLAG_SERVER; 62 if (meth->ssl_connect != ssl_undefined_function) 63 flags |= SSL_CONF_FLAG_CLIENT; 64 SSL_CONF_CTX_set_flags(cctx, flags); 65 for (i = 0; i < cmd_count; i++) { 66 char *cmdstr, *arg; 67 68 conf_ssl_get_cmd(cmds, i, &cmdstr, &arg); 69 rv = SSL_CONF_cmd(cctx, cmdstr, arg); 70 if (rv <= 0) { 71 if (rv == -2) 72 SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_UNKNOWN_COMMAND); 73 else 74 SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_BAD_VALUE); 75 ERR_add_error_data(6, "section=", name, ", cmd=", cmdstr, 76 ", arg=", arg); 77 goto err; 78 } 79 } 80 rv = SSL_CONF_CTX_finish(cctx); 81 err: 82 SSL_CONF_CTX_free(cctx); 83 return rv <= 0 ? 0 : 1; 84 } 85 86 int SSL_config(SSL *s, const char *name) 87 { 88 return ssl_do_config(s, NULL, name, 0); 89 } 90 91 int SSL_CTX_config(SSL_CTX *ctx, const char *name) 92 { 93 return ssl_do_config(NULL, ctx, name, 0); 94 } 95 96 void ssl_ctx_system_config(SSL_CTX *ctx) 97 { 98 ssl_do_config(NULL, ctx, NULL, 1); 99 } 100
Indexes created Sun Mar 01 05:31:48 UTC 2026