From fceac9f0133c4441e6c89392f4c85da3600a5183 Mon Sep 17 00:00:00 2001 From: Martin Johansson Date: Sun, 5 May 2013 23:07:59 +0200 Subject: [PATCH] Some cleanup of SSL handling. Remove stuff related to pre PolarSSL 1.0.0. --- configure.ac | 1 + src/ssl.c | 38 ++++++++------------------------------ src/ssl.h | 6 +++++- 3 files changed, 14 insertions(+), 31 deletions(-) diff --git a/configure.ac b/configure.ac index f48f11d..bd5f002 100644 --- a/configure.ac +++ b/configure.ac @@ -49,6 +49,7 @@ AC_CHECK_HEADERS([libconfig.h], [], [AC_MSG_ERROR([could not find libconfig.h])] AC_CHECK_LIB([config], [config_init], [], [AC_MSG_ERROR([could not find libconfig])]) AS_IF([test "x$with_ssl" = xpolarssl], [ AC_CHECK_HEADERS([polarssl/ssl.h], [], [AC_MSG_ERROR([could not find polarssl/ssl.h])]) + AC_CHECK_HEADERS([polarssl/version.h], [], [AC_MSG_ERROR([could not find polarssl/version.h])]) AC_CHECK_LIB([polarssl], [ssl_init], [], [AC_MSG_ERROR([could not find libpolarssl])]) AC_DEFINE([USE_POLARSSL], [], [Use PolarSSL]) AS_IF([test "x$enable_polarssl_test_cert" = xyes], [ diff --git a/src/ssl.c b/src/ssl.c index dc7218d..2218864 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -195,15 +195,10 @@ void SSLi_init(void) urandom_fd = open("/dev/urandom", O_RDONLY); if (urandom_fd < 0) Log_fatal("Cannot open /dev/urandom"); - Log_info("Using random number generator /dev/urandom"); #endif -#ifdef POLARSSL_VERSION_MAJOR version_get_string(verstring); Log_info("PolarSSL library version %s initialized", verstring); -#else - Log_info("PolarSSL library initialized"); -#endif } void SSLi_deinit(void) @@ -422,23 +417,15 @@ static RSA *SSL_readprivatekey(char *keyfile) static void SSL_writecert(char *certfile, X509 *x509) { FILE *fp; - BIO *err_output; - - /* prepare a BIO for outputting error messages */ - - err_output = BIO_new_fp(stderr,BIO_NOCLOSE); - + /* open the private key file */ fp = fopen(certfile, "w"); if (fp == NULL) { - BIO_printf(err_output, "Unable to open the X509 file for writing.\n"); - BIO_free(err_output); + Log_warn("Unable to open the X509 file %s for writing", certfile); return; - } - + } if (PEM_write_X509(fp, x509) == 0) { - BIO_printf(err_output, "Error trying to write X509 info.\n"); - ERR_print_errors(err_output); + Log_warn("Error trying to write X509 info."); } fclose(fp); } @@ -446,22 +433,16 @@ static void SSL_writecert(char *certfile, X509 *x509) static void SSL_writekey(char *keyfile, RSA *rsa) { FILE *fp; - BIO *err_output; - /* prepare a BIO for outputing error messages */ - err_output = BIO_new_fp(stderr, BIO_NOCLOSE); /* open the private key file for reading */ fp = fopen(keyfile, "w"); if (fp == NULL) { - BIO_printf(err_output, "Unable to open the private key file %s for writing.\n", keyfile); - BIO_free(err_output); + Log_warn("Unable to open the private key file %s for writing.", keyfile); return; } if (PEM_write_RSAPrivateKey(fp, rsa, NULL, NULL, 0, NULL, NULL) == 0) { - /* error reading the key - check the error stack */ - BIO_printf(err_output, "Error trying to write private key\n"); - ERR_print_errors(err_output); + Log_warn("Error trying to write private key"); } fclose(fp); } @@ -512,14 +493,11 @@ static void SSL_initializeCert() { #endif if (!rsa || !x509) { - logthis("Generating new server certificate."); + Log_info("Generating new server certificate."); - BIO *bio_err; CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - bio_err=BIO_new_fp(stderr, BIO_NOCLOSE); - + x509 = X509_new(); pkey = EVP_PKEY_new(); rsa = RSA_generate_key(1024,RSA_F4,NULL,NULL); diff --git a/src/ssl.h b/src/ssl.h index 86cd7bc..2aba396 100644 --- a/src/ssl.h +++ b/src/ssl.h @@ -40,8 +40,12 @@ #include #include +#ifdef POLARSSL_VERSION_MAJOR #if (POLARSSL_VERSION_MAJOR < 1) -#error PolarSSL version 1.0.0 or later is required! +#error PolarSSL version 1.0.0 or greater is required! +#endif +#else +#error PolarSSL version 1.0.0 or greater is required! #endif #ifdef USE_POLARSSL_HAVEGE -- 2.30.2