Commit 88d01c94 authored by David Woodhouse's avatar David Woodhouse

Remove redundancy in code which 'matches' cert to privkey

Yes, it doesn't *actually* do any matching... yet.
Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent 63077480
......@@ -839,18 +839,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
goto out;
}
/* FIXME: How do we check which cert matches the pkey?
For now we just assume that the first one in the list is the right one. */
if (!cert) {
cert = extra_certs[0];
/* Move the rest of the array down */
for (i = 0; i < nr_extra_certs - 1; i++)
extra_certs[i] = extra_certs[i+1];
nr_extra_certs--;
}
goto got_key;
goto match_cert;
}
#endif
......@@ -880,18 +869,7 @@ static int load_certificate(struct openconnect_info *vpninfo)
if (ret)
goto out;
if (!cert) {
/* FIXME: How do we check which cert matches the pkey?
For now we just assume that the first one in the list is the right one. */
cert = extra_certs[0];
/* Move the rest of the array down */
for (i = 0; i < nr_extra_certs - 1; i++)
extra_certs[i] = extra_certs[i+1];
nr_extra_certs--;
}
goto got_key;
goto match_cert;
#endif
}
......@@ -976,6 +954,21 @@ static int load_certificate(struct openconnect_info *vpninfo)
ret = -EINVAL;
goto out;
#ifdef HAVE_GNUTLS_CERTIFICATE_SET_KEY
match_cert:
if (!cert) {
/* FIXME: How do we check which cert matches the pkey?
For now we just assume that the first one in the list is the right one. */
cert = extra_certs[0];
/* Move the rest of the array down */
for (i = 0; i < nr_extra_certs - 1; i++)
extra_certs[i] = extra_certs[i+1];
nr_extra_certs--;
}
#endif
got_key:
/* Now we have both cert(s) and key, and we should be ready to go. */
check_certificate_expiry(vpninfo, cert);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment