ssl_mcnf.c 2.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102
  1. /*
  2. * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <openssl/conf.h>
  11. #include <openssl/ssl.h>
  12. #include "ssl_local.h"
  13. #include "internal/sslconf.h"
  14. /* SSL library configuration module. */
  15. void SSL_add_ssl_module(void)
  16. {
  17. /* Do nothing. This will be added automatically by libcrypto */
  18. }
  19. static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
  20. {
  21. SSL_CONF_CTX *cctx = NULL;
  22. size_t i, idx, cmd_count;
  23. int rv = 0;
  24. unsigned int flags;
  25. const SSL_METHOD *meth;
  26. const SSL_CONF_CMD *cmds;
  27. OSSL_LIB_CTX *prev_libctx = NULL;
  28. OSSL_LIB_CTX *libctx = NULL;
  29. if (s == NULL && ctx == NULL) {
  30. ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
  31. goto err;
  32. }
  33. if (name == NULL && system)
  34. name = "system_default";
  35. if (!conf_ssl_name_find(name, &idx)) {
  36. if (!system)
  37. ERR_raise_data(ERR_LIB_SSL, SSL_R_INVALID_CONFIGURATION_NAME,
  38. "name=%s", name);
  39. goto err;
  40. }
  41. cmds = conf_ssl_get(idx, &name, &cmd_count);
  42. cctx = SSL_CONF_CTX_new();
  43. if (cctx == NULL)
  44. goto err;
  45. flags = SSL_CONF_FLAG_FILE;
  46. if (!system)
  47. flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE;
  48. if (s != NULL) {
  49. meth = s->method;
  50. SSL_CONF_CTX_set_ssl(cctx, s);
  51. libctx = s->ctx->libctx;
  52. } else {
  53. meth = ctx->method;
  54. SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
  55. libctx = ctx->libctx;
  56. }
  57. if (meth->ssl_accept != ssl_undefined_function)
  58. flags |= SSL_CONF_FLAG_SERVER;
  59. if (meth->ssl_connect != ssl_undefined_function)
  60. flags |= SSL_CONF_FLAG_CLIENT;
  61. SSL_CONF_CTX_set_flags(cctx, flags);
  62. prev_libctx = OSSL_LIB_CTX_set0_default(libctx);
  63. for (i = 0; i < cmd_count; i++) {
  64. char *cmdstr, *arg;
  65. conf_ssl_get_cmd(cmds, i, &cmdstr, &arg);
  66. rv = SSL_CONF_cmd(cctx, cmdstr, arg);
  67. if (rv <= 0) {
  68. int errcode = rv == -2 ? SSL_R_UNKNOWN_COMMAND : SSL_R_BAD_VALUE;
  69. ERR_raise_data(ERR_LIB_SSL, errcode,
  70. "section=%s, cmd=%s, arg=%s", name, cmdstr, arg);
  71. goto err;
  72. }
  73. }
  74. rv = SSL_CONF_CTX_finish(cctx);
  75. err:
  76. OSSL_LIB_CTX_set0_default(prev_libctx);
  77. SSL_CONF_CTX_free(cctx);
  78. return rv <= 0 ? 0 : 1;
  79. }
  80. int SSL_config(SSL *s, const char *name)
  81. {
  82. return ssl_do_config(s, NULL, name, 0);
  83. }
  84. int SSL_CTX_config(SSL_CTX *ctx, const char *name)
  85. {
  86. return ssl_do_config(NULL, ctx, name, 0);
  87. }
  88. void ssl_ctx_system_config(SSL_CTX *ctx)
  89. {
  90. ssl_do_config(NULL, ctx, NULL, 1);
  91. }