mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 03:52:28 +02:00
polarssl: also allocate PKCS#11 certificate object on demand
Commit 444a93ea
changed certificate allocation to be postponed until
actual usage to fix --client-cert-not-required / --verify-client-cert
for PolarSSL builds. However, I forgot to allocate when using pkcs11
(because that code does not use the tls_ctx_load_cert_file() function).
And while we're at it, use ALLOC_OBJ_CLEAR() instead of malloc + manual
check.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1448101324-20310-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/10543
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
parent
6e9373c846
commit
9571010a14
@ -50,18 +50,13 @@ pkcs11_init_tls_session(pkcs11h_certificate_t certificate,
|
||||
|
||||
ASSERT (NULL != ssl_ctx);
|
||||
|
||||
ALLOC_OBJ_CLEAR (ssl_ctx->crt_chain, x509_crt);
|
||||
if (pkcs11_x509_cert_init(ssl_ctx->crt_chain, certificate)) {
|
||||
msg (M_FATAL, "PKCS#11: Cannot retrieve PolarSSL certificate object");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
ssl_ctx->priv_key_pkcs11 = malloc(sizeof(pkcs11_context));
|
||||
|
||||
if (ssl_ctx->priv_key_pkcs11 == NULL) {
|
||||
msg (M_FATAL, "PKCS#11: Cannot allocate PolarSSL private key object");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
ALLOC_OBJ_CLEAR (ssl_ctx->priv_key_pkcs11, pkcs11_context);
|
||||
if (pkcs11_priv_key_init(ssl_ctx->priv_key_pkcs11, certificate)) {
|
||||
msg (M_FATAL, "PKCS#11: Cannot initialize PolarSSL private key object");
|
||||
goto cleanup;
|
||||
|
Loading…
Reference in New Issue
Block a user