Commit f38988af authored by David Woodhouse's avatar David Woodhouse

Remove OpenSSL dependency from http.c

Signed-off-by: default avatarDavid Woodhouse <David.Woodhouse@intel.com>
parent f4917c07
......@@ -32,10 +32,9 @@
#include <pwd.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/engine.h>
#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
#include "openconnect-internal.h"
......@@ -441,10 +440,8 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
close(fd);
if (!fork()) {
X509 *scert = SSL_get_peer_certificate(vpninfo->https_ssl);
X509 *ccert = SSL_get_certificate(vpninfo->https_ssl);
char scertbuf[EVP_MAX_MD_SIZE * 2 + 1];
char ccertbuf[EVP_MAX_MD_SIZE * 2 + 1];
char scertbuf[MD5_SIZE * 2 + 1];
char ccertbuf[MD5_SIZE * 2 + 1];
char *csd_argv[32];
int i = 0;
......@@ -490,15 +487,13 @@ static int run_csd_script(struct openconnect_info *vpninfo, char *buf, int bufle
if (asprintf(&csd_argv[i++], "\"%s\"", vpninfo->authgroup?:"") == -1)
return -ENOMEM;
get_cert_md5_fingerprint(vpninfo, scert, scertbuf);
if (ccert)
get_cert_md5_fingerprint(vpninfo, ccert, ccertbuf);
else
ccertbuf[0] = 0;
openconnect_local_cert_md5(vpninfo, ccertbuf);
scertbuf[0] = 0;
get_cert_md5_fingerprint(vpninfo, vpninfo->peer_cert, scertbuf);
csd_argv[i++]= (char *)"-certhash";
if (asprintf(&csd_argv[i++], "\"%s:%s\"", scertbuf, ccertbuf) == -1)
return -ENOMEM;
csd_argv[i++]= (char *)"-url";
if (asprintf(&csd_argv[i++], "\"https://%s%s\"", vpninfo->hostname, vpninfo->csd_starturl) == -1)
return -ENOMEM;
......
......@@ -49,6 +49,7 @@
#define N_(s) s
#define SHA1_SIZE 20
#define MD5_SIZE 16
/****************************************************************************/
......@@ -296,6 +297,8 @@ int get_cert_md5_fingerprint(struct openconnect_info *vpninfo, X509 *cert,
void openconnect_report_ssl_errors(struct openconnect_info *vpninfo);
int openconnect_sha1(unsigned char *result, void *data, int len);
int openconnect_random(void *bytes, int len);
int openconnect_local_cert_md5(struct openconnect_info *vpninfo,
char *buf);
/* mainloop.c */
int vpn_add_pollfd(struct openconnect_info *vpninfo, int fd, short events);
......
......@@ -1166,3 +1166,17 @@ char *openconnect_get_cert_details(struct openconnect_info *vpninfo,
return ret;
}
int openconnect_local_cert_md5(struct openconnect_info *vpninfo,
char *buf)
{
buf[0] = 0;
if (!vpninfo->cert_x509)
return -EIO;
if (get_cert_md5_fingerprint(vpninfo, vpninfo->cert_x509, buf))
return -EIO;
return 0;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment